RSOP GPResult With Non Admin Account

Issue – return resultant set of policy, RSOP, as a user without administrative rights.
Why? Because you have to launch the Command Prompt as Administrator, an account for which there is no Group policy applied! If you don;t run as administrator you’ll not get a full set of policies.

User context – Keep this in mind whenever running something as a service account or with elevated privilidges, that is the user you are running as! Thats why you can;t find that file you told to save to the Desktop, it’s not on the active desktop it’s in the Desktop folder of the account you just ran as! Kinda like in this case, WTF up with c:\windows\system32, oh duh I’m “Administrator” ! Blah blah… on to the solution…

Solution: Slap the user name in there. Oh and Cd it out to a folder in your profile or in root for easier non UAC protected access, I always make a temp folder in the root of C, old man over here. Next up use /h for saving output to HTML and make up a filename ending in .html for viewing in a browser. More commands here – gpresult commands. Launch your newly created file in Internet Explorer if you can and click Allow Blocked Content when prompted. There you have it, full computer and user policies for the active but non administrator user!

Sample code for outputting RSOP to an HTML file for a non admin user

C:\WINDOWS\system32>cd \temp
C:\temp\gpresult /user g.local /h gpr-glocal.html

As it spills…

RSOP - GPResult
RSOP – GPResult

Leave a Reply

Your email address will not be published. Required fields are marked *