Skip navigation

Monitor GPO Deployment

GPInventory tool queries and reports on remote systems

Solutions Snapshot

Gathering GPO application status for users and computers
Microsoft GPInventory tool
GP Inventory tool; computer running Windows 2003 or XP and .NET Framework; administrator rights on each machine being queried to get WMI information and at least Generate Resultant Set of Policy (logging) rights on each machine from which you want to gather RSOP data
3 out of 5
1. Download and install GPInventory.
2. Using the GPInventory GUI, select the compuers you want to query.
3. Select the queries you want to run, run them, and save the query definition and the query results for possible reuse
4. Optionally, rerun saved queries from the command line.
5. Optionally, customize pre-defined queries for added flexiblity.

Sometimes a software rollout or other IT project will depend on certain Group Policy Objects (GPOs) being in place. For example, given the wide-ranging impact of Windows XP Service Pack 2 (SP2) on end users, you might want to use one or more GPOs to control the new features and you'll obviously want to have the GPOs in place before installing SP2.

Gathering GPO deployment status one user or computer at a time through GPResultor the Group Policy Management Console's (GPMC's) GP Results Wizard would be mind-numbing and next to impossible in an environment with a large number of clients. Fortunately, Microsoft recognized the need for a centrally manageable tool to monitor application of GPOs, and it has developed a resource kit tool called GPInventory to make this task easier for administrators. GPInventory is a simple yet powerful tool to run both Resultant Set of Policies (RSoP) and Windows Management Instrumentation (WMI) queries on one or more remote systems and collect the results of those queries.

In addition to using GPInventory's GUI to perform straightforward inventories of a few systems,you can use the command-line version of the tool to automate inventories for many systems and you can create and run custom queries with either the GUI or command-line interface.

Minimum Requirements
Before you dive in, it's worth noting that because GPInventory executes WMI and RSOP queries on remote machines, you can use it to pull information only from machines that support those types of queries. WMI is supported on all recent Windows OSs, but only Windows XP and Windows Server 2003 (and most likely future OSs) will return GPO data to GPInventory. It might also save you some frustration to note that you will need administrator rights on each machine being queried to get WMI information and at least Generate Resultant Set of Policy (logging) rights on each machine from which you want to gather RSOP data. Also note that the .NET Framework is required for GPInventory to run from an XP system.

Obtaining and Installing the Tool
You can download the GPInventory tool from the Micosoft Web site. go to, type


into the search field, and follow the instructions to download the gpinventory.msi file.

Run the installation either directly from the Web site or by double-clicking the .msi file you downloaded. The installation routine lets you choose the path to which GPInventory is installed. For the purposes of testing the tool and to be able to identify all GPInventory's associated files more easily, I specified an alternative installation folder (the default resource kit folder is already chock full of files). After installation, you'll see seven files, including the GPInventory executable, several sample and configuration files, and documentation.

You can run GPInventory strictly by using its GUI, or you can run it from the command line and pass it input and output parameters to automate some reporting tasks. It's a good idea to check out the GUI first because it will familiarize you with the tool and let you create some XML files that you can use later for automated operations.

GUI Operations
When you first launch GPInventory, you'll see a screen that looks like lined notebook paper with three menu choices along the top: File, Query, and Results. Your first step is to define which computers you want to query. Choose one of the Select Computers options from the Query menu. The options are pretty much self-explanatory—you can select computers from an Active Directory (AD) container or from a text file. A file called examplecomputerlist.txt is installed with GPInventory to provide an example of the format used for a text-file–based computer list. Once you've selected a group of computers, they'll be displayed in the main GPInventory window under the Computer column heading.

After specifying the computers from which you wish to gather information, you need to define what information you want to collect from that group of computers. Click the Select Information to Gather item from the Query menu. The Information window will open and let you select the queries you wish to run. You'll notice two categories of queries: RSOP and WMI. To select a query, you first need to highlight the query, then click it again to put a check in its checkbox. This is a bit different from typical checkbox behavior in Windows applications but only takes a second to get used to. Try something simple the first time, such as the RSOP: GPOs applied to computer query and the WMI: Logged on user query, then click OK.

Now you're ready to run your query by pressing F5 or choosing Run Query from the Query menu. The results will be displayed in the main GPInventory window, as shown in Figure 1. The number appearing after the GPO name in each result cell is the registry DWORD representation of the GPO version applied. For example, version one is 65537, version two is 131074 (2 × 65537), version three is 196611 (3 × 65537), and so on.

If you like what you've created, you can save both the results and the query definition. To save the results, choose either the Save to an XML file option or the Save to a text file option from the Results menu. The text file format has tabdelimited values and is easily used in Microsoft Office Excel; XML files can be imported into a database, into Excel 2003, or in the near future, into other Microsoft Office 12 applications.

To save the parameters of your query so that you can easily run it again, choose either Save or Save as from the File menu. Type a meaningful name in the Save dialog box and save your query with an XML extension.

Go ahead and open the query definition file you just created and take a look at its structure and data. You should be able to see pretty quickly how the selections you made are notated within the ManagedObjects and Target sections.

Command-Line Execution
Once you've saved an XML query definition as described above, you've created the recipe for running that query again manually from the GPInventory GUI or via an argument to the command-line version of GPInventory.

GPInventory accepts two arguments—the query file and an output file, in that order. The query file is the XML file that defines the query parameters, and the output file is where the results of the query will be stored. You control the format of the output file by specifying either a .txt or .xml extension on the filename you provide. For example, the command

gpinventory MyQuery.xml

would save the results of the query specified in MyQuery.xml to a tab-delimited file called MyOutput.txt. Keep in mind that you might need to specify paths to the GPInventory executable and query definition if these files aren't located in the folder from which you run the command.

You can use Scheduled Tasks to execute GPInventory from a command line to perform demanding or far-reaching queries during hours in which users and other resources won't be impacted. You can also use this functionality to schedule one or more queries on a repeating basis to establish a historical baseline.

Adding Custom Queries
GPInventory is pretty cool and powerful in its default state, but you can customize the available queries to further leverage this great utility. The editable list of query definitions is presented as a list of XML nodes in the wmiqueries.xml file. If you open the wmiqueries.xml file in your editor of choice, you’ll see the list of queries that GPInventory can run. For example, the default query to display the computer manufacturer is

  “WMI: Computer Manufacturer”
  Query=”select Manufacturer
  from Win32_

(entered all on one line). As you can see, the construction is fairly simple and quite readable by humans. The value following ManagedObjectName= is what will show up as a query type in GPInventory’s Information window, and the statement following Query= is the actual WMI Query Language (WQL) statement that “asks” clients for specific information.

To add your own custom queries or modify the default queries, you need only a little knowledge about WMI classes and a text editor. To create a custom query that returns information from only Dell systems, I copied the original computer manufacturer XML node, pasted it on a new line, and added a simple where clause. Here’s how the new node looks:

   “WMI: Custom -
Manufacturer is Dell”
Query=”select Manufacturer
from Win32_ComputerSystem"/>
where Manufacturer
Like ‘%Dell%’” />

Figure 2 shows the new node at the bottom of GPInventory’s Information window. This example is pretty simple, but it illustrates GPInventory’s straightforward and flexible nature. A simple node like this can also be added to your wmiqueries.xml file and run to check the validity of a WMI query before you use it to target a GPO to a specific group of clients.

If you're already used to WMI scripting, you're poised to make GPInventory jump through hoops for you. If you need a little more background on coaxing the goods from WMI, check out the resources in the Learning Path box.

To understand the where clause and operators, including the like operator, or to pinpoint system characteristics by using WQL, go to the first Web site in the Learning Path box. The WMI Administrative Tools download (at the second Web site) includes some great tools, including WMI CIM Studio and WMI Object Browser, for learning more about how WMI works. Finally, Scriptomatic (at the third Web site) is a great way to get your feet wet writing WMI scripts and to familiarize yourself with the constructs of WQL.

As provided, GPInventory is an effective utility for monitoring application of GPOs in your environment. If you add even the slightest bit of creativity, you'll find more and more uses for this great little tool.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.