Introduction

RSOP stands for “Resultant Set of Policy.” It is a concept and a tool used in Microsoft Windows operating systems to determine the effective Group Policy settings that are applied to a user or computer. Group Policy is a feature in Windows that allows administrators to control various aspects of the operating system’s behavior and configuration within a network environment.

RSOP provides a way to understand which Group Policy settings are actually being applied and in effect on a given user or computer. This is important because Group Policy settings can be complex and hierarchical, and they can be applied at different levels in an Active Directory domain environment, including the domain, organizational units (OUs), and local machine levels.

The RSOP process involves the following steps:

Collection of Policy Settings: RSOP collects all the Group Policy settings that apply to a specific user or computer. This includes settings from various Group Policy Objects (GPOs) that are relevant to the user or computer’s location in the network hierarchy.

Merging of Settings: Since policies can be applied at different levels, there might be conflicting settings. RSOP merges the settings from different GPOs and determines which setting takes precedence based on the order of application.

Resultant Set: The final outcome of the RSOP process is a “Resultant Set of Policy.” This is a comprehensive view of the settings that are in effect for the user or computer, considering all applicable policies.

The RSOP tool in Windows provides a graphical interface that allows administrators to view and analyze the resultant set of policy settings. This can be helpful in troubleshooting issues related to policy application, as administrators can see which policies are being applied and understand why certain settings are or are not taking effect.

There are different ways to access the RSOP tool, depending on the version of Windows you are using. One common way is to use the rsop.msc command in the Run dialog box or the Command Prompt. Additionally, there is a command-line tool called gpresult that provides similar functionality for displaying applied Group Policy settings.

Keep in mind that my knowledge is based on information available up until September 2021, and there may have been developments or changes since then.

f you have the need to apply any changes on multiple computers via GPO, you may find there’s a single or some computers that were not applied the changes. To start the troubleshooting, you may need to know whether the problematic computers are already GPO-applied or not.

From the GUI, you can check it from the Group Policy result, but you will get the limitation that the GPO result only support for single computer and user. If you need to run it to a single computer, for alternatively you can use this command to get the RSOP from a computer remotely. Change the parameter as you want.

HOw to use RSoP

Using GUI

  1. Press Windows key + R (or right-click start and select Run)
  2. Type rsop.msc
  3. You will probably get an error, that the computer’s data can be generated due to insufficient permissions. Just click close to continue.

Exporting GPResult to html.

For single Computer.

Get-GPResultantSetOfPolicy -Computer ComputerName -ReportType Html -Path "C:\Install\GPresult.html"

For single Computer and its User

Get-GPResultantSetOfPolicy -Computer ComputerName -User "Domain\user" -Report

$Serverlist = Get-content "C:\Install\GPResult\list.txt"
$path = "C:\Install\GPResult\"
 
Foreach ($result in $Serverlist) 
{
Write-Host "Getting RSOP from the" $result "Computer"
Get-GPResultantSetOfPolicy -Computer $result -User "DOMAIN\user" -ReportType html -Path $path\$result.html
}

$Serverlist = Get-ADGroupMember -Identity RSOPGroup
$path = "C:\Install\GPResult\"
 
Foreach ($result in $Serverlist.name) 
{
Write-Host "Getting RSOP from the" $result "Computer"
Get-GPResultantSetOfPolicy -Computer $result -User "DOMAIN\user" -ReportType html -Path $path\$result.html
}

Conclusion

RSOP (Resultant Set of Policy) is a tool to gather computer policy information on a computer or user. We can combine the RSOP with powershell to gather computer policy information on single or multiple computers.