We have shown you a lot of tips and tricks over the years that involve modifying Local Group Policy. If you would ever like to see all the Group Policy settings in effect on your PC, here’s how to do it.
In the Windows world, Group Policy provides a way for network administrators to assign specific settings to groups of users or computers. Those settings then get applied whenever a user in the group logs in to a networked PC or whenever a PC in the group is started. Local Group Policy is a slightly more limited version that applies settings only to a local computer or users—or even a group of local users. We’ve featured a number of tricks here in the past that use Local Group Policy to change settings that you can’t change anywhere else—except by editing the Windows Registry. If you’re in the habit of changing Local Group Policy settings, you might find it useful to see all the changes you’ve made in one place, rather than digging through the Local Group Policy Editor.
RELATED: What Is "Group Policy" in Windows?
Note: Local Group Policy is only available in the Professional and Enterprise versions of Windows. If you’re using a Home edition, you won’t have access to the Local Group Policy Editor.
View Applied Policies with the Resultant Set of Policy Tool
The easiest way to see all the Group Policy settings you’ve applied to your PC or user account is by using the Resultant Set of Policy tool. It doesn’t show every last policy applied to your PC—for that you’ll need to use the Command Prompt, as we describe in the next section. However, it does show pretty much all the policies you will have set for regular use. And it provides a simple, graphical interface for browsing through the Group Policy settings currently in effect on your PC—whether those settings come from Group Policy or Local Group Policy.
To open the tool, hit Start, type “rsop.msc,” and then click the resulting entry.
The Resultant Set of Policy tool starts by scanning your system for applied Group Policy settings.
After it’s done scanning, the tool shows you a management console that looks very much like the Local Group Policy Editor—except that it only displays enabled settings along with a few unconfigured security settings.
This makes it easy to browse through and see what policies are in effect. Note that you can’t use the Resultant Set of Policy tool to change any of these settings. You can double-click a setting to view details, but if you want to disable or make changes to a setting, you’ll have to use the Local Group Policy Editor.
View Applied Policies with the Command Prompt
If you’re comfortable using the Command Prompt, it does provide a couple of advantages over using the Resultant Set of Policy tool. First, it can show every last policy in effect on your PC. Second, it will show some additional security information—like what security groups a user is part of or what privileges they have.
To do this, we’ll be using the
gpresult command. You must specify a scope for the results, and valid scopes include “user” and “computer.” This means that to see all the policies in effect for the user and the PC, you’ll have to run the command twice.
To view all the policies applied to the user account you’re currently logged in with, you would use the following command:
gpresult /Scope User /v
/v parameter in that command specifies verbose results, so you’ll see everything. Scroll down a bit and you’ll see a section named “Resultant Set Of Policies for User,” which contains the information you’re after.
If you’re looking for all policies applied to your Computer, all you need to do is change the scope:
gpresult /Scope Computer /v
If you scroll down, you’ll see that there is now a Resultant Set Of Policies for Computer section.
And there are other things you can do with the gpresult command. For example, if you’d like to save the report instead of viewing it at the Command Prompt, you could switch out the
/v parameter in either of those commands and instead use
/x (for XML format) or
/h (for HTML format). Of course, you could also just use the
/v version of the command and pipe it to a text file, if you prefer.