Getting Results, Part 1: The Resultant Set of Policy Tool in Windows Server 2003 Page 2
Once added to an MMC console, the RSoP interface is fairly basic. The tool's purpose is to provide the list of settings that apply to a user or computer after all group policy settings that apply have been processed. To see this information, simply right-click on the RSoP node, and click Generate RSoP Data, as shown below. This will walk you through the RSoP Wizard, allowing you to choose the user or computer for which you want to view RSoP data.
RSoP allows you to gather policy data in one of two modes -- logging mode and planning mode, as shown below. Logging mode allows you to view the settings that would apply to a particular user or computer based on current GPO settings. Planning mode is a little different, but another great feature -- it allows you to carry out a type of "what if" analysis, simulating a policy implementation for users or groups that are part of a specific container.
This article, walks through the steps associated with logging mode, since that will probably be the more popular choice when trying to ascertain the impact of existing policy settings.
After choosing logging mode, the next step is to choose whether to view the impact of policy settings on the current computer (which is likely a server) or another computer on the network. This is a really neat feature because it enables you to view the results of policy settings on the user's specific PC, which may be impacted by specific policy settings as well.
After selecting the computer for which the analysis should occur, select the user. The currently logged-on user is selected by default; however, it is also possible to select a different user -- in the example below, this is Dan. The screen shot shows that it is also possible to view computer-related policy information if that is your preference.
Once the user for whom results should be generated has been selected, the wizard gathers the necessary policy information to present a set of results. This can take anywhere from a few seconds to several minutes, depending on the number of policy objects to be processed and their related settings. Once the process is complete, you are left with a familiar sight, namely an interface that looks almost exactly like the one used to configure group policy settings, as shown below.
By clicking on the individual policy elements and drilling down through settings, the RSoP tool provides precise information about which settings actually apply to the user Dan. For example, in the screen shot below, you can see the password policy settings that apply to Dan, along with the source GPO from which these particular settings are gathered.
Once all is said and done, the RSoP tool provides capabilities that few system administrators will want to be without. Such a tool would have been excellent for Windows 2000 administrators, but I suppose this is a case of better late than never.
Another nice feature about this tool is that you don't have to worry about running through the entire wizard each and every time you want to analyze the impact of a change to policy settings or assess the impact of policy on a different user or computer. The tool also allows you to refresh queries based on policy changes or easily change your queries to view the impact on a different user or computer. Overall, the RSoP tool goes a long way toward making the challenges of security and user environment administration easier to manage for Windows Server 2003 administrators.