How can I view the Resultant Set of Policy (RSOP) from the command line?

A. Windows offers the GPResult command-line tool, which, when run with no parameters, displays the GPOs that affect the currently logged-on user for the local machine.

By default, GPResult doesn’t display the actual policies, but these can be displayed by adding the /V switch (/Z gives a super-verbose mode that displays all the settings that attempted to be applied, even those that were overwritten by a higher-precedence GPO). Below is a sample non-verbose output:

RSOP data for SAVILLTECHjohn on SAVDALWKS01 : Logging Mode
------------------------------------------------------------

OS Configuration: Member Workstation
OS Version: 6.0.6000
Site Name: Dallas
Roaming Profile: N/A
Local Profile: C:Usersjohn
Connected over a slow link?: No

COMPUTER SETTINGS
------------------
CN=SAVDALWKS01,CN=Computers,DC=savilltech,DC=net
Last time Group Policy was applied: 9/4/2007 at 1:44:34 PM
Group Policy was applied from: savdaldc01.savilltech.net
Group Policy slow link threshold: 500 kbps
Domain Name: SAVILLTECH
Domain Type: Windows 2000

Applied Group Policy Objects
-----------------------------
Default Domain Policy

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Office 2007 Installation
Filtering: Denied (WMI Filter)
WMI Filter: 1TB C: drive disk space check

Block Software
Filtering: Not Applied (Empty)

Local Group Policy
Filtering: Not Applied (Empty)

The computer is a part of the following security groups
-------------------------------------------------------
BUILTINAdministrators
Everyone
BUILTINUsers
NT AUTHORITYNETWORK
NT AUTHORITYAuthenticated Users
This Organization
SAVDALWKS01$
Domain Computers
System Mandatory Level

USER SETTINGS
--------------
CN=John Savill,CN=Users,DC=savilltech,DC=net
Last time Group Policy was applied: 9/4/2007 at 1:44:34 PM
Group Policy was applied from: savdaldc01.savilltech.net
Group Policy slow link threshold: 500 kbps
Domain Name: SAVILLTECH
Domain Type: Windows 2000

Applied Group Policy Objects
-----------------------------
Default Domain Policy
Block Software

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Office 2007 Installation
Filtering: Denied (WMI Filter)
WMI Filter: 1TB C: drive disk space check

Local Group PolicyAdministrators
Filtering: Not Applied (Empty)

Local Group Policy
Filtering: Not Applied (Empty)

The user is a part of the following security groups
---------------------------------------------------
Domain Users
Everyone
Netmon Users
BUILTINUsers
BUILTINAdministrators
NT AUTHORITYINTERACTIVE
NT AUTHORITYAuthenticated Users
This Organization
LOCAL
Domain Admins
Group Policy Creator Owners
MOM Admins
Enterprise Admins
High Mandatory Level

If you want to generate RSOP for other users and computers via GPResult, use the /s switch to name the system, and use /u to name the user. For example:

gpresult /s machine /user domainuser /v

See also: The Two Generate Resultant Set of Policy Permissions