Tag Archive: Server

May 24 2011

RSOP (Resultant Set of Policy)


If you are logged into a windows machine and you want to find out what Gr0up Policy settings are applied to your current user and computer session, you can run the RSOP.MSC mmc snap-in.

This snap-in loads all the settings that are applied to your current user  and the computer account and displays them in a single MMC (Microsoft Management Console) window.

When the window loads, it looks very similar to the Group Policy window however the settings are not modifiable and only a subset (those actually applied) are shown.

May 20 2011

Group Policy Loopback Processing

Until recently I hadn’t ever played with loopback processing in group policies. I was having problems with group policies not being applied and found that this setting was enabled. When I looked into it this is what I found.

There are two settings for the Loopback Processing settings (detailed below).

  • Merge Mode
    In this mode, when the user logs on, the user’s list of GPOs is typically gathered by using the GetGPOList function. The GetGPOList function is then called again by using the computer’s location in Active Directory. The list of GPOs for the computer is then added to the end of the GPOs for the user. This causes the computer’s GPOs to have higher precedence than the user’s GPOs. In this example, the list of GPOs for the computer is added to the user’s list.
  • Replace Mode
    In this mode, the user’s list of GPOs is not gathered. Only the list of GPOs based on the computer object is used.

More information can be found at Microsoft support (http://support.microsoft.com/kb/231287).

May 19 2011


PowerGUIOne of the best tools I have found out there for easily manipulating Powershell queries would have to be PowerGUI (http://www.powergui.org/index.jspa). This somewhat intuitive application is great for viewing and manipulating content in a few key applications.

The one source that I find it extremely helpful is with Active Directory. Although,  the way it searched AD is a little slow (corrected with AD 2008) it is extemely useful.

Combined with an LDAP Browser (http://www.ldapadministrator.com/) and ADModify.NET (http://admodify.codeplex.com/) you can make some quick changes to AD to fulfil changes to users, computer and any other AD objects extremely quickly.

I recently had to perform a large migration from quite a messy AD hierarchy. This tool along with the other mentioned above, saved me quite a bit of time in the moving of objects and renaming certain fields.

I am sure that there is tools out there to make the whole process a lot quicker, but from what I can see this combination were the only free tools out there to get the job done quickly.

May 13 2011

Group Policy Order

Group Policy (GP) ordering is not that difficult, but is could be a little confusing to understand when you first look at it.

Group Policies are applied in order from the root of the tree down. This way, a preference setting at a lower layer in the true can override a setting applied at a more “generic” level.

The order of a Policy can be altered, but only within the Organisational Unit for which the GP’s exist. This can be achieved by selecting the Organisational Unit (OU) in question, and then choosing the “Linked Group Policy Objects” tab on the right hand side of the window.

Group Policy Settings

Once this has been selected, you should see the list of Group Policies enabled at this level. You can move these order of application by clicking the arrows on the left hand side of this pane. The application order of policies is from the bottom up. Meaning that an Policy with a link order of 5 will get applied before one with a link order of 1. This can be seen by selecting the “Group Policy Inheritance” button

Group Policy InheritanceHere you will see a total list of all group policies that apply to the respective level in the order of there application.

Official Link: http://technet.microsoft.com/en-us/library/cc778890(WS.10).aspx