JSI Tip 7253. How do I install and use RSoP in Windows Server 2003?

Microsoft Knowledge Base Article 323276 contains the following summary:

This article describes how to install the Resultant Set of Policy (RSoP) snap-in and how to use the RSoP tool. RSoP is an addition to Group Policy that makes policy implementation and troubleshooting easier. RSoP is a query engine that polls existing policies and planned policies, and then reports the results of those queries. It polls existing policies based on site, domain, domain controller, and organizational unit. RSoP gathers this information from the Common Information Management Object Model (CIMOM) database (also known as CIM-compliant object repository) by using Windows Management Instrumentation (WMI).

RSoP provides the following three features that you can use to determine the comprehensive security policy that meets your needs:

RSoP provides security templates to create and assign security settings for one or more computers. A security template is a file representation of a security setting configuration. You can apply this security template to a local computer or you can import it to a Group Policy object (GPO) in Active Directory. When you import a security template to a GPO, Group Policy processes the security template and makes the corresponding changes to the members of that GPO (the member can be either users or computers). RSoP verifies those changes. RSoP polls the computer and the resultant policy that is displayed indicates a misapplied or overwritten policy setting and the policy setting's precedence. You can use this information to fix a security breach.
RSoP reports the scope of a GPO according to security group membership. RSoP uses Group Policy filtering to complete this task.
RSoP processes and displays the resulting policy for any computer or user. Administrators can use individual security settings to define a security policy in Active Directory that contains specific security settings for nearly all security areas. Security settings in a local GPO can also establish a security policy on a local computer. If a conflict between security settings occur, security settings that are defined in Active Directory always override any security settings that are defined locally.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.