The Resultant Set of Policy (RSoP) Tool

Resultant Set of Policy allows you to gather policy data in one of two modes – logging mode and planning mode, as shown below. Logging mode allows you to view the settings that would apply to a particular user or computer based on existing GPO settings. Planning mode is a little different, but another great feature – it allows you to carry out a type of “what if” analysis, simulating a policy implementation for users or groups that are part of a specific container. In this article, we’ll walk through the steps associated with logging mode, since that will probably be the more popular choice when trying to ascertain the impact of existing policy settings.

After choosing logging mode, the first step is to choose whether you want to view the impact of policy settings on the current computer (which is likely a server) or another computer on the network. This is a really neat feature, because it would allow you to view the results of policy settings on the user’s specific PC, which may be impacted by specific policy settings as well.

After selecting the computer for which the analysis should occur, the next step involves selecting the user. The currently logged on user is selected by default; however, it is also possible to select a different user – in this case I have chosen the user Dan. The screen below shows that it is also possible to view computer-related policy information only if that is your preference.

Once you have selected the user for whom results should be generated, the wizard gathers the necessary policy information in order to present a set of results. This can take anywhere from a few seconds to several minutes, depending upon the number of policy objects that need to be processed, and their related settings. Once the process is complete, you are left with a familiar sight, namely an interface that looks almost exactly similar to the one used to configure group policy settings.

By clicking on the individual policy elements and drilling-down through settings, the RSoP tool provides precise information on which settings actually apply to the user Dan. For example, in the screen shot below, you can see the password policy settings that apply to Dan, along with the source GPO from which these particular settings are gathered.

Once all is said and done, the Resultant Set of Policy tool provides capabilities that few system administrators will want to live without. Such a tool would have been excellent for Windows 2000 administrators, but I suppose this is a case of better late than never. You also don’t have to worry about running through the entire wizard each and every time you want to analyze the impact of a change to policy settings, or assess the impact of policy on a different user or computer – the tool also allows you to refresh your queries based on policy changes, or easily change your queries to view the impact on a different user or computer. Overall, the RSoP tool goes a long way towards making the challenges of security and user environment administration easier to manage for Windows Server 2003 admins.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of 2000Trainers.com. He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.