Monthly Archive: May 2011

May 24 2011

RSOP (Resultant Set of Policy)


If you are logged into a windows machine and you want to find out what Gr0up Policy settings are applied to your current user and computer session, you can run the RSOP.MSC mmc snap-in.

This snap-in loads all the settings that are applied to your current user  and the computer account and displays them in a single MMC (Microsoft Management Console) window.

When the window loads, it looks very similar to the Group Policy window however the settings are not modifiable and only a subset (those actually applied) are shown.

May 20 2011

Group Policy Loopback Processing

Until recently I hadn’t ever played with loopback processing in group policies. I was having problems with group policies not being applied and found that this setting was enabled. When I looked into it this is what I found.

There are two settings for the Loopback Processing settings (detailed below).

  • Merge Mode
    In this mode, when the user logs on, the user’s list of GPOs is typically gathered by using the GetGPOList function. The GetGPOList function is then called again by using the computer’s location in Active Directory. The list of GPOs for the computer is then added to the end of the GPOs for the user. This causes the computer’s GPOs to have higher precedence than the user’s GPOs. In this example, the list of GPOs for the computer is added to the user’s list.
  • Replace Mode
    In this mode, the user’s list of GPOs is not gathered. Only the list of GPOs based on the computer object is used.

More information can be found at Microsoft support (

May 19 2011


PowerGUIOne of the best tools I have found out there for easily manipulating Powershell queries would have to be PowerGUI ( This somewhat intuitive application is great for viewing and manipulating content in a few key applications.

The one source that I find it extremely helpful is with Active Directory. Although,  the way it searched AD is a little slow (corrected with AD 2008) it is extemely useful.

Combined with an LDAP Browser ( and ADModify.NET ( you can make some quick changes to AD to fulfil changes to users, computer and any other AD objects extremely quickly.

I recently had to perform a large migration from quite a messy AD hierarchy. This tool along with the other mentioned above, saved me quite a bit of time in the moving of objects and renaming certain fields.

I am sure that there is tools out there to make the whole process a lot quicker, but from what I can see this combination were the only free tools out there to get the job done quickly.

May 18 2011

Login Error

You may experience an error message such as shown below. This error comes from Windows XP, and it took me quite a bit of time in troubleshooting.

Windows Boot Error

This message was caused by a simple error in the user properties page in AD whereby a space was entered in the login script dialogue box. This simple error which was hard to find, caused this message to pop up each time the user logged into their PC.

To ensure that you do not receive such an error, ensure that all your user property fields are filled in correct, and if they are blank, ensure that they are actually empty.

Error Message Text:
Windows cannot find ‘/idlist,:232:2632,\\{SERVERNAME}\NETLOGON’. Make sure you types the name correctly and then try again. To search for a file, click the Start button, and then click Search.

May 18 2011

Numlock on Boot

I have had a request a number of times that users would like NUMLOCK to be enabled on Windows boot. I looked it up ( and found a simple registry hack to enable this.

To achieve this desired outcome, you will need to enter into the registry and make a small modification.

  1. Run Registry Editor.
  2. Move to HKEY_USERS\.Default\Control Panel\Keyboard.
  3. Change the value for InitialKeyboardIndicators from 0 to 2

This will enable the NUMLOCK, but will require a reboot to see your results.

Older posts «

Fetch more items