Using GPResult Command to Check Group Policy
If you’ve worked with Group Policy within Active Directory for more than a day, chances are you’ve needed to know what group policy objects were actually being applied to a machine.
I say “actually” because what is meant to be applied and what gets applied are sometimes two different things. When you throw in overlapping policies, nested OUs, permissions, group policy order, etc… you can often get unexpected results.
This is precisely why Microsoft created tools like GPResult and RSoP, so that you can take an accurate reading of what group policy objects (GPOs) and group policy settings are being applied.
Related: Using RSoP to Check & Troubleshoot Group Policy Settings
How to Use the GPResult Command
GPResult is a command line tool that has shipped with Windows since at least Windows Server 2008 and Windows 7. You can run it in either Command Prompt or PowerShell.
To see all the possible command line switches that you can use enter the command:
gpresult /?
Let’s step through a few gpresult examples from the most common use cases.
Show RSoP Summary to View Applied Group Policy Objects
To output the summary data about what Group Policy Objects have (and have not) been applied to your user or computer use the following commands:
gpresult /R
This command will give you a snapshot of the most important data when troubleshooting group policy such as applied group policy objects for both the computer and user accounts, OU info, security groups, domain controllers serving the policies, last time policy was applied, etc…
A typical output for the above command looks like this:
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0 © 2017 Microsoft Corporation. All rights reserved. Created on 1/8/2022 at 9:45:56 AM RSOP data for npgdom\rsanchez on COMPUTER1 : Logging Mode ---------------------------------------------------------- OS Configuration: Member Workstation OS Version: 10.0.16299 Site Name: Lab Roaming Profile: N/A Local Profile: C:\Users\rsanchez Connected over a slow link?: No COMPUTER SETTINGS ------------------ CN=COMPUTER1,OU=Workstations,DC=ad,DC=npgdom,DC=com Last time Group Policy was applied: 1/8/2022 at 9:30:27 AM Group Policy was applied from: DOMCON1.ad.npgdom.com Group Policy slow link threshold: 500 kbps Domain Name: ad.npgdom.com Domain Type: Windows 2012 or later Applied Group Policy Objects ----------------------------- Standard Workstation NPGDOM Domain Security The following GPOs were not applied because they were filtered out ------------------------------------------------------------------- Screen Saver Disabled Filtering: Denied (WMI Filter) WMI Filter: Screen Saver Disable (Windows 7-10) Local Group Policy Filtering: Not Applied (Unknown Reason) Delayed Timeout (10) Filtering: Disabled (Link) The computer is a part of the following security groups ------------------------------------------------------- BUILTIN\Administrators BUILTIN\Users NT AUTHORITY\NETWORK NT AUTHORITY\Authenticated Users This Organization COMPUTER1$ Wireless LAN Computers Domain Computers System Mandatory Level
Like I mentioned earlier this command can be used to pull a command prompt or PowerShell group policy report.
View Group Policy Summary for only Computer or User
If you want to narrow down the down scope of the output from the first command I showed you all you need to do is append it with /scope:user or /scope:computer for whichever account type you’re after.
Example:
gpresult /R /scope:computer
or
gpresult /R /scope:user
Show Group Policy Summary for Specific User
If you want to see the group policy information for a specific user on a specific machine you can use the /user switch. Keep in mind, you must know the user’s credentials for this to work.
gpresult /USER rsanchez /P Us3rsP@ssword!
If you do not know the user’s password you’ll want to make use of the Group Policy Results Wizard within the Group Policy Management Console which will allow you to generate a summary report from any computer and user within your domain.
Show GPResult Remote Computer
Another useful trick is to use GPResult to pull the RSoP information from a remote computer. To do that we’ll use the /s switch.
gpresult /R /S remotecomputername
You can also use PSExec from Microsoft PSTools to open a remote command line and just use the regular gpresult command.
Export GPResult to HTML
If you want a more readable output of your GPO summary data then you can use the /H switch to export group policy results to HTML. When you view the HTML file it will be formatted similarly to the GPMC so it should be easy for you to navigate.
gpresult /R /H c:\temp\gpresultoutput.html
You can also swap out the /H for /X if you prefer an XML output. This could be handy if you have a remote monitoring tool that can watch an XML file for changes. You can set up a task to periodically dump gpresult on a high priority machine to XML and then monitor that file for any changes and alert you if it finds anything.
Export GPResult to Text File
Similar to above, you can also dump your GPResults to a text file using the following command:
gpresult /R >c:\temp\gpresultoutput.txt
Dumping the results to a text file can be particularly helpful when you’re using the /V command for verbose output and want to be able to search the output using something like CTRL+F within notepad or notepad++.
I cannot stress how useful GPResult and RSoP.msc are for troubleshooting group policy. Someday it will pay for you to be familiar with these commands. I highly recommend playing around with them and committing them to memory. Good luck!
Recommended for You: Solarwinds Hybrid Systems Monitoring Bundle

Automate collection of data and alerting on your local or cloud applications and servers with Solarwinds Hybrid Systems Bundle so you have these answers.
Get insight into Active Directory, DNS, DHCP, and your Virtual and Applications environments, both locally and cloud hosted, without needing to mess with complex templates or knowing a single line of code.