Category Archive: Server

May 24 2011

RSOP (Resultant Set of Policy)


If you are logged into a windows machine and you want to find out what Gr0up Policy settings are applied to your current user and computer session, you can run the RSOP.MSC mmc snap-in.

This snap-in loads all the settings that are applied to your current user  and the computer account and displays them in a single MMC (Microsoft Management Console) window.

When the window loads, it looks very similar to the Group Policy window however the settings are not modifiable and only a subset (those actually applied) are shown.

May 20 2011

Group Policy Loopback Processing

Until recently I hadn’t ever played with loopback processing in group policies. I was having problems with group policies not being applied and found that this setting was enabled. When I looked into it this is what I found.

There are two settings for the Loopback Processing settings (detailed below).

  • Merge Mode
    In this mode, when the user logs on, the user’s list of GPOs is typically gathered by using the GetGPOList function. The GetGPOList function is then called again by using the computer’s location in Active Directory. The list of GPOs for the computer is then added to the end of the GPOs for the user. This causes the computer’s GPOs to have higher precedence than the user’s GPOs. In this example, the list of GPOs for the computer is added to the user’s list.
  • Replace Mode
    In this mode, the user’s list of GPOs is not gathered. Only the list of GPOs based on the computer object is used.

More information can be found at Microsoft support (

May 18 2011

Login Error

You may experience an error message such as shown below. This error comes from Windows XP, and it took me quite a bit of time in troubleshooting.

Windows Boot Error

This message was caused by a simple error in the user properties page in AD whereby a space was entered in the login script dialogue box. This simple error which was hard to find, caused this message to pop up each time the user logged into their PC.

To ensure that you do not receive such an error, ensure that all your user property fields are filled in correct, and if they are blank, ensure that they are actually empty.

Error Message Text:
Windows cannot find ‘/idlist,:232:2632,\\{SERVERNAME}\NETLOGON’. Make sure you types the name correctly and then try again. To search for a file, click the Start button, and then click Search.

May 13 2011

Group Policy Order

Group Policy (GP) ordering is not that difficult, but is could be a little confusing to understand when you first look at it.

Group Policies are applied in order from the root of the tree down. This way, a preference setting at a lower layer in the true can override a setting applied at a more “generic” level.

The order of a Policy can be altered, but only within the Organisational Unit for which the GP’s exist. This can be achieved by selecting the Organisational Unit (OU) in question, and then choosing the “Linked Group Policy Objects” tab on the right hand side of the window.

Group Policy Settings

Once this has been selected, you should see the list of Group Policies enabled at this level. You can move these order of application by clicking the arrows on the left hand side of this pane. The application order of policies is from the bottom up. Meaning that an Policy with a link order of 5 will get applied before one with a link order of 1. This can be seen by selecting the “Group Policy Inheritance” button

Group Policy InheritanceHere you will see a total list of all group policies that apply to the respective level in the order of there application.

Official Link: