Section 6.8. Command-Line Utilities

6.8. Command-Line Utilities

Before we close up the chapter, I wanted to talk about the two most popular command-line management tools for GP. Although I've mentioned both of the utilities in this section earlier in the chapter, I wanted to give each of them a thorough treatment in this section for easier reference and use.

6.8.1. GPUpdate

GPUPDATE will refresh Group Policy settings that are stored either on individual machines or through Active Directory. It's fairly straightforward to use.

To refresh the GP settings on the current workstation, just issue the GPUPDATE command itself:

        gpupdate 

You can target either computer or user settings using the /target switch. If the switch is omitted, both computer and user settings are refreshed. To refresh computer settings on the current machine:

        gpupdate /target:computer 

You can force the refresh of GP settings with the /force switch:

        gpupdate /target:computer /force 

Finally, you can force a logoff and/or a reboot with the /logoff and /boot switches, respectively:

        gpupdate /logoff        gpupdate /boot 

6.8.2. GPResult

GPRESULT will return a listing of all policies applied to a user and computer, the OUs in which the computer and user are located, the site they are in, and a lot more information. The remote computers need to run Windows XP or Server 2003 for GPRESULT to return accurate information.

You can return a simple report using the currently logged on user at your workstation by simply issuing the command itself without any switches:

        gpresult 

The following is a sample of the report you'll receive:

     Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0     Copyright (C) Microsoft Corp. 1981-2001     Created On 5/9/2005 at 12:15:16 PM     RSOP data for R2TEST\Administrator on R2B2SRV1 : Logging Mode     --------------------------------------------------------------     OS Type:                     Microsoft(R) Windows(R) Server 2003, Enterprise Edition     OS Configuration:            Primary Domain Controller     OS Version:                  5.2.3790     Terminal Server Mode:        Remote Administration     Site Name:                   Default-First-Site-Name     Roaming Profile:     Local Profile:               C:\Documents and Settings\Administrator     Connected over a slow link?: No     COMPUTER SETTINGS     ------------------         CN=R2B2SRV1,OU=Domain Controllers,DC=r2test,DC=corp,DC=hasselltech,DC=local         Last time Group Policy was applied: 5/9/2005 at 12:12:31 PM         Group Policy was applied from:      r2b2srv1.r2test.corp.hasselltech.local         Group Policy slow link threshold:   500 kbps         Domain Name:                        R2TEST         Domain Type:                        Windows 2000         Applied Group Policy Objects         -----------------------------             Default Domain Controllers Policy             Default Domain Policy         The following GPOs were not applied because they were filtered out         -------------------------------------------------------------------             Local Group Policy                 Filtering:  Not Applied (Empty)             Turn off System Restore                 Filtering:  Denied (Security)         The computer is a part of the following security groups         -------------------------------------------------------             BUILTIN\Administrators             Everyone             BUILTIN\Pre-Windows 2000 Compatible Access             BUILTIN\Users             Windows Authorization Access Group             NT AUTHORITY\NETWORK             NT AUTHORITY\Authenticated Users             This Organization             R2B2SRV1$             Domain Controllers             NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS     USER SETTINGS     --------------         CN=Administrator,CN=Users,DC=r2test,DC=corp,DC=hasselltech,DC=local         Last time Group Policy was applied: 5/9/2005 at 12:02:32 PM         Group Policy was applied from:      r2b2srv1.r2test.corp.hasselltech.local         Group Policy slow link threshold:   500 kbps         Domain Name:                        R2TEST         Domain Type:                        Windows 2000         Applied Group Policy Objects         -----------------------------             Default Domain Policy         The following GPOs were not applied because they were filtered out         -------------------------------------------------------------------             Local Group Policy                 Filtering:  Not Applied (Empty)             Turn off System Restore                 Filtering:  Disabled (GPO)         The user is a part of the following security groups         ---------------------------------------------------             Domain Users             Everyone             BUILTIN\Administrators             BUILTIN\Users             BUILTIN\Pre-Windows 2000 Compatible Access             NT AUTHORITY\INTERACTIVE             NT AUTHORITY\Authenticated Users             This Organization             LOCAL             Domain Admins             Group Policy Creator Owners 

To get information for the user jhassell on the remote workstation JH-WNXP-LTP using GPRESULT, run:

        gpresult /s JH-WNXP-LTP /USER jhassell 

Likewise, to get information for the user ljohnson in the domain R2TEST on the remote workstation 192.168.1.120, run:

        gpresult /s 192.168.1.120 /USER R2TEST\ljohnson 

You also can add the /V option to enable verbose logging, which will display detailed information and not just a summary view, or /Z, to enable extended verbose logging (even more details). Use the /SCOPE MACHINE option with /Z to look at only computer configuration policies; similarly, use /SCOPE USER to look at user configuration policies. You can redirect the output of GPRESULT to a text file using the standard > DOS redirect operator.