When a GPO is not applying as expected, gpresult is the first command you should run. This guide covers everything you need to check if group policy objects are applied on local and remote computers. Includes command syntax, examples and generating html reports.
Table of contents:
- What is gpresult
- gpresult syntax
- gpresult parameters (Reference table)
- gpresult examples
- FAQ
What is gpresult
GPResult is a built-in Windows command-line tool that shows which Group Policy Objects (GPOs) are actually applied to a user or computer. It also shows other details like which domain controller last applied the policy, GPOs that were not applied, and the security groups the user and computer are a member of.
GPResult Syntax
Below is the full syntax for the gpresult command.
gpresult [/s Computer] [/u Domain\User] [/p Password] [/user TargetUser] [/scope {user|computer}] {/r | /v | /z | [/x | /h] FileName [/f]}The brackets indicate optional parameters. You can run gpresult with as little as a single output flag like /r, or combine multiple parameters to target a remote machine, run under different credentials, and scope the results to just a user or computer. The one requirement is that you always include an output parameter (/r, /v, /z, /x, or /h) as the command won’t return anything without one.
GPResult Parameters (Reference Table)
| Parameter | Description | Example |
|---|---|---|
/s Computer |
Specifies a remote computer to connect to. Use the name or IP address, no backslashes. Defaults to the local computer if omitted. | gpresult /s PC01 /r |
/u Domain\User |
Runs the command under the credentials of a specified user. Used when connecting to a remote machine with different credentials. | gpresult /s PC01 /u domain\admin /r |
/p Password |
The password for the user specified with /u. If omitted, the command will prompt for it. | gpresult /s PC01 /u domain\admin /p P@ssw0rd /r |
/user TargetUser |
Displays RSoP data for a specific user rather than the currently logged-on user. | gpresult /user domain\jsmith /r |
/scope user |
Shows only user policy settings, not computer settings. | gpresult /r /scope user |
/scope computer |
Shows only computer policy settings, not user settings. | gpresult /r /scope computer |
/r |
Displays a summary of applied GPOs for both the user and computer. The most commonly used output flag. | gpresult /r |
/v |
Verbose output. Includes additional detail such as security privileges, logon scripts, and administrative templates. | gpresult /v |
/z |
Super-verbose output. Shows everything /v shows plus settings applied with lower precedence. Best redirected to a file. | gpresult /z > c:\gp.txt |
/h FileName |
Saves the results as an HTML report. If no path is specified, saves to your user profile folder (%HOMEPATH%). | gpresult /h c:\reports\gp.html |
/x FileName |
Saves the results in XML format. | gpresult /x c:\reports\gp.xml |
/f |
Forces the command to overwrite an existing file when used with /h or /x. | gpresult /h c:\gp.html /f |
GPResult Examples
gpresult /r – Check applied GPOs for both User and Computer
Displays a summary of applied GPOs for both the user and computer. This is the most commonly used gpresult command.
gpresult /rImportant: Command Prompt or PowerShell must be run as administrator to return computer policy results. Without it, gpresult will only display user settings and the computer settings section will be blank.
Applied Computer Policies
Applied User Policies
gpresult /r /scope computer – Check Computer Policies Only
This example will get applied computer policies only.
gpresult /r /scope computer
gpresult /r /scope user – Check User Policies Only
This example will get applied user policies only.
gpresult /r /scope user
gpresult /s – Run GPResult on a Remote Computer
Displays a summary of applied GPOs on a remote computer. In this example, I’m checking on computer with the hostname pc1.
gpresult /r /s pc1
gpresult /h – Generate an HTML Report
This generates an html report of the applied group policy objects.
Important: By default, the html report saves to C:\Windows\System32. To save to a custom location you must specify a path.
gpresult /h c:\it\GPOreport.html
gpresult > report.txt – Export Results to a Text File
You can redirect the output to a text file with the command below. This is helpful if the results are producing lots of information.
gpresult /r >c:\it\results.txt
gpresult /r /user – Display GPOs for a Specific User
If you don’t want to see both User and Computer GPOs then you can use the scope option to specify user or computer.
gpresult /r /user username
gpresult /v – Verbose Output with Detailed GPO Info
/v will give details on what the GPO actually does. It can be a lot of output but helpful when troubleshooting GPO settings.
gpresult /r /v
gpresult /s /h – HTML Report on a Remote Computer
This example will get the applied GPOs on a remote computer and export to html report
gpresult /s pc1 /r /h c:\reports\computer-gpo.html
Frequently Asked Questions
Why is gpresult not showing computer settings?
Command Prompt or PowerShell must be run as administrator to return computer policy results. Without it, gpresult will only display user settings and the computer settings section will be blank.
How do I run gpresult on a remote computer?
Use the /s option followed by the computer name.
gpresult /r /s pc1Group policy can be a pain, even when best practices are followed group policy can still be challenging. Knowing how to use these built in tools will help you to verify and troubleshoot group policies in your environment. Go give it a try and let me know if you have any questions.
Where does gpresult /h save the report?
By default, the html report saves to C:\Windows\System32. To save to a custom location you must specify a path. The below example saves to c:\it folder.
gpresult /h c:\it\GPOreport.html