Issue: return a Resultant Set of Policy, RSOP, as a user without administrative rights.
Why? Because you have to launch the Command Prompt as Administrator in order to get a full set of policies, an account for which there is no Group Policy applied!
User Context – You want to see the Computer and current active Users policies. But if your end user doesn’t have local administrative rights you have to run the gpresult commands with elevated Administrator level credentials – and that means you’re checking policies for the account running the command, not the logged in user.
Solution: Fire up the command prompt and slap the user name in there! Oh and CD to a folder in your profile or in root for easier non UAC protected access. I always make a temp folder in the root of C, old man over here. Next up use /h for saving output to HTML and make up a filename ending in .html for viewing in a browser. More commands here – gpresult commands. Launch your newly created file in Internet Explorer and click Allow Blocked Content when prompted. There you have it, full computer and user policies for the current active non administrator user!
Sample command for outputting RSOP to an HTML file for a non admin user
C:\temp>gpresult /user *username* /h gpr-glocal.html
- Search for CMD
- Right click and choose Run As Administrator (if you don’t you will not get the full set of policies, even if the logged in user is a local administrator)
- cd \temp (change to a folder you can easily find and have full rights to)
- Gpresult is the command
- g.local would be the user account you’re trying to capture RSOP for
- /h generates HTML formatted results
- gpr-local.html is the file name (can be anything you want .htm or .html)