Generating Resultant Set of Policy Queries

by Brien Posey
Sept. 1, 2017 0 comments TechGenix Apps & Hardening windows server security

Both the Active Directory and Windows in general offer a huge degree of flexibility. Group policies can be created that apply to anything from a single workstation to an entire organizational unit. Although it’s really nice to have a security model that can be custom tailored to meet your exact security needs, there is a definite downside to the way that Windows security works; it can be really complicated. A single group policy can apply to users or to computers, and can potentially contain contradictory settings. Furthermore, multiple group policies can be combined in a hierarchical fashion with higher level settings potentially canceling out some of the settings that were assigned by lower level policies. Throw in filters such as No Override and Block Policy Inheritance, and you can start to see how quickly things can become confusing. Fortunately, there is a way to tell exactly what the outcome of all of those policy elements is. You can run a Resultant Set of Policy (RSOP) quer...