Resultant Set of Policy (RSoP)

What is Resultant Set of Policy (RSoP)?

Resultant Set of Policy (RSoP) refers to all the group policies applied to a user and computer. In Microsoft Windows systems, an RSoP utility (Rsop.msc) is provided to gather computer-specific policy information and create a report about the group policy settings being applied to users and computers.

Group Policy Objects and RSoP

In Windows systems, Group Policy Objects (GPOs) contain Group Policy settings. GPOs can be linked to sites, domains, and organizational units (OUs) and applied to users or computers in a specific site, domain or OU. They can also be filtered, inherited and blocked. Many such settings can exist, so group policy management can get complex and time consuming.

Rsop.msc in Windows computers simplifies group policy management. RSoP is the sum of all group policies applied to a user and computer while Rsop.msc is a Microsoft tool for Active Directory (AD) that makes it easy to gather computer-specific policy information, so all the group policies applied to a user and computer can be easily managed.

The RSoP can be viewed using the gprsesult tool in the Group Policy Management Console. There is also an RSoP wizard, which can be used to create RSoP queries, to determine the effects of existing group policies on users and computers, and to plan group policy implementation.

diagram visualizing Group Policy Objects
GPOs in Windows contain Group Policy settings. The RSoP utility simplifies group policy management, which can often become complex and time-consuming.

What RSoP.msc does

In Windows 7 and later systems, Rsop.msc provides a report of all Group Policy settings within AD and shows how these settings can affect a network. It also shows how existing GPOs affect various combinations of users and computers when the local security policy is applied.

System admins can create and run RSoP queries in Windows systems to find the RSoP of a computer or user. Based on the query and the information provided by the admin, the utility collects information about all existing group policies to determine which policies are associated with a specific user or computer. The utility and queries also determine the following:

  • The order in which the policies are applied.
  • What would happen if a particular user logged on to a particular computer.
  • What happens with group policies if a particular user or computer is moved to a different OU.

After gathering this information, the utility reports on its search results, simplifying group policy planning, management and troubleshooting.

screen shot of Group Policy Management Console
The Group Policy Management Console in Windows works in Active Directory's tree structure to add and modify GPOs.

Modes in RSoP queries

An RSoP query can operate in one of two modes. Both modes can be used to run RSoP queries on different containers and objects, including computer accounts, user accounts, domains, sites and OUs.

1. Planning Mode

The planning mode helps with group policy planning or restructuring. Admins can use this mode to create an RSoP query and then use the query to test group policy settings and understand its possible effects on users and computers. This mode is also used to determine how group policies will behave when a user (or computer) is moved to a different location or security group. In short, the mode is useful for planning “what if” scenarios.

Some other possible use cases for the RSoP query planning mode include the following:

  • Simulate loopbacks.
  • Simulate GPO processing over slow network connections.
  • Test the precedence of GPO applications if a user/computer are in different OUs or security groups.

The RSoP wizard in Windows provides numerous options when an RSoP query is run in planning mode. Admins can select any option depending on the policy information required. The most used options include the following:

  • Slow network connections.
  • Loopback processing.
  • Site name.
  • Alternate user location and computer location.
  • Alternate user security group and computer security group.

2. Logging Mode

The logging mode determines the policy settings that have already been applied to a particular user or computer. In short, it is for understanding “what is.” It is suitable when someone needs to re-examine the existing GPOs applied to a user or computer and make updates if required. The mode can also be used to do the following:

  • Determine and examine the existing software applications and security installations for a user or computer.
  • Identify failed or overwritten policy settings.
  • Determine how local policy affects Group Policy settings.
  • Determine how certain security groups affect the application of Group Policy settings.

How to use Rsop.msc in logging mode to gather computer-specific information in Windows

To gather policy information about a specific computer, admins can use Rsop.msc by following these steps:

  • Click Start, then click Run.
  • Type "mmc" in the Open box and click OK.
  • Click File, click Add/Remove Snapin, then click Add in the Add/Remove dialog box.
  • Click Resultant Set of Policy, click Add, click Close in the Add/Remove Standalone Snapin dialog box, then click OK in the box.
  • The Resultant Set of Policy Snapin will be displayed in the MMC.
  • On the Action menu, click Generate RSOP data.
  • Click Next, click Logging Mode, then click Next.
  • Click This Computer or Another Computer, then type in the computer name.
  • Click Select a specific user, then click the blank space below the listed users.
  • Click Next.

Clicking on Select a specific user has the same effect as clicking Do not display user policy settings in the results. At the end of the final step, computer-specific settings will be displayed on screen.

See how to avoid common Group Policy Objects backup and restore problems.

This was last updated in July 2023

Continue Reading About Resultant Set of Policy (RSoP)

Dig Deeper on IT operations and infrastructure management

Cloud Computing
Enterprise Desktop
Virtual Desktop