JSI Tip 9897. The Group Policy Verification Tool (GPOTool) is a command-line tool that allows administrators to check Group Policy object (GPO) stability and monitor policy replication.

The GPOTool can browse GPOs and check for GPO consistency within and across domains. This tool also displays information about GPOs, including properties that cannot be accessed through Group Policy Object Editor, such as the functionality version number and extension globally unique identifiers (GUIDs).

Download the Windows Server 2003 Resource Kit and install it.

When you type gpotool /?, you receive:

Group Policy Object verification tool

Usage: gpotool \[options\]

/gpo:GPO\[,GPO...\] Preffered policies. Partial GUID and friendly name
                match accepted. If not specified, process all policies in the
/domain:name    Specify the DNS name for the domain hosting the policies. If
                not present, assume user's domain.
/dc:DC\[,DC...\]  Preffered list of domain controllers. If not specified, find
                all controllers in the domain.
/checkacl       Verify sysvol ACL. For faster processing, this step is skipped by default.
/verbose        Display detailed information.
When I typed gpotool, I received:
Validating DCs...
Available DCs:
Searching for policies...
Found 3 policies

Policy \{13260F1E-7506-4C3C-9ECE-E326B31543F3\} Friendly name: TemporaryInternetFilesSize Policy OK


Policy \{31B2F340-016D-11D2-945F-00C04FB984F9\} Friendly name: Default Domain Policy Policy OK


Policy \{6AC1786C-016F-11D2-945F-00C04FB984F9\} Friendly name: Default Domain Controllers Policy Policy OK

======================================================= Policies OK

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.