Windows 7 / Networking

GPO Modeling and GPO Results in the GPMC

When an organization decides to perform administrative and management tasks using group policies, it is essential that the system administrators understand how to check to see if Group Policy processing is working correctly. In the case when Active Directory hierarchies are being restructured, or if new policies are being deployed, performing a simulated application of group policies to review the results can help avoid unexpected issues. To perform Group Policy simulations, an administrator can use Group Policy Modeling, available in the GPMC. Group Policy Modeling is the equivalent of Resultant Set of Policies (Planning), which is the name of the administrative right that must be delegated in Active Directory to run this tool. To perform Group Policy Modeling, perform the following tasks:

  1. Log on to a designated Windows Server 2008 R2 administrative server.
  2. Open the Group Policy Management Console from the Administrative Tools menu.
  3. In the tree pane, select the Group Policy Modeling node, right-click the node, and select Group Policy Modeling Wizard.
  4. On the Welcome page, click Next to continue.
  5. On the Domain Controller Selection page, specify a domain controller or accept the default of using any domain controller, and click Next.
  6. On the User and Computer Selection page, the Group Policy Modeling Wizard can be used to run a simulation based on a specific user and computer in their current locations, or containers can be specified for either the user or computer to simulate GPO processing of a specific user, logging on to a Computer in a specific container. For this example, select the Users container and the Computers container of the domain to determine which policies and settings will be applied by default. Click Next to continue.
  7. On the Advanced Simulations page, loopback processing, slow network connections, and site-specific testing can be specified. Accept the defaults and click Next to continue.
  8. On the User Security Groups page, specific security groups can be specified to run policy modeling against. Accept the defaults and click Next to continue.
  9. On the Computer Security Groups page, specific security groups can be specified to run policy modeling against. Accept the defaults and click Next to continue.
  10. On the WMI Filters for Users page, select the All Linked Filters option button, and click Next to continue.
  11. On the WMI Filters for Computers page, select the All Linked Filters option button, and click Next to continue.
  12. On the Summary of Selections page, review the choices and if everything looks correct, click Next to run the GPO modeling tool.
  13. When the process completes, click Finish to return to the GPMC and review the modeling results.
  14. In the Settings pane, the summary of the computer and user policy processing will be available for view. Review the information on this page and then click on the Settings tab to review the final GPO settings that would be applied.
  15. Close the GPMC and log off.

In situations when Group Policy is not delivering the desired results, GPO Results can be run to read and display the Group Policy processing history. GPO Results are run against a specific computer, but can also be used to collect user policy processing. To run GPO Results to review the GPO processing history, perform the following steps:

  1. Log on to a designated Windows Server 2008 R2 administrative server.
  2. Open the Group Policy Management Console from the Administrative Tools menu.
  3. In the tree pane, select the Group Policy Results node, right-click the node, and select Group Policy Results Wizard.
  4. On the Welcome page, click Next to continue.
  5. On the Computer Selection page, choose to run the policy against another computer and locate a Windows 7 system that a user has already logged on to. Also be sure to uncheck the Do Not Display Policy Settings for the Selected Computer in the Results check box, and click Next.
  6. On the User Selection page, select the Display Policy Settings For option button, and then select the Select a Specific User option button. Select a user from the list, and click Next to continue. Only users who have previously logged on to the selected computer will be listed and they will only be listed if the user running the tool is a domain admin or has been granted the right to run Resultant Set of Policies (Logging) for the particular users.
  7. On the Summary of Selections page, review the choices and click Next to start the GPO Results collection process.
  8. When the process completes, click Finish to return to the GPMC.
  9. When the process completes, the results will be displayed in the Settings pane on the Summary, Settings, and Policy Events tabs. Review the results and close the GPMC when finished.
[Previous] [Contents] [Next]

In this tutorial:

  1. Group Policy Management for Network Client
  2. Windows Group Policies
  3. Domain Group Policies
  4. Group Policy Feature Set
  5. User Configuration Policy Node
  6. Planning Workgroup and Standalone Local Group Policy Configuration
  7. Planning Domain Group Policy Objects
  8. Domain GPOs
  9. Active Directory Site GPOs
  10. Managing Computers with Domain Policies
  11. Managing User Account Control Settings
  12. Creating a Software Restriction Policy
  13. Creating Application Control Policies (AppLocker)
  14. Deploying Printers Windows Server 2008
  15. Mapping Drives Using Preferences User Drive Maps Extension
  16. Configuring Basic Firewall Settings with Group Policy
  17. Configuring Windows Update Settings
  18. Configuring Power Options Using Domain Policies
  19. Managing Users with Policies
  20. Configuring Folder Redirection
  21. Removable Storage Access
  22. Managing Active Directory with Policies
  23. Configuring Restricted Groups for Domain Security Groups
  24. Extending Group Policy Functionality
  25. Synchronous Foreground Refresh
  26. GPO Modeling and GPO Results in the GPMC
  27. Managing Group Policy from Administrative or Remote Workstations