Issue – return resultant set of policy, RSOP, as a user without administrative rights.
Why? Because you have to launch the Command Prompt as Administrator, an account for which there is no Group Policy applied! If you don’t run as administrator you’ll not get a full set of policies.
User context – Keep this in mind whenever running something as a service account or with elevated privilidges, that is the user you are running as! That’s why you can’t find that file you told to save to the Desktop, it’s not on the active desktop it’s in the Desktop folder of the account you just ran as! Like when you run the command prompt as a user it lands in the users profile, if you run as administrator you land in c:\windows\system32, or when you run Regedit as Administrator and export to your DESKTOP then go look and… oh yeah it’s not on your current Desktop it’s in the profile of Admin account you just ran it as – DOH ! Blah blah blah… on to the solution!
Solution: Slap the user name in there. Oh and CD it out to a folder in your profile or in root for easier non UAC protected access. I always make a temp folder in the root of C, old man over here. Next up use /h for saving output to HTML and make up a filename ending in .html for viewing in a browser. More commands here – gpresult commands. Launch your newly created file in Internet Explorer and click Allow Blocked Content when prompted. There you have it, full computer and user policies for the current active non administrator user!
Sample code for outputting RSOP to an HTML file for a non admin user
C:\temp\gpresult /user g.local /h gpr-glocal.html
As it spills…