{
	"id": "40afd1f5-f655-4a98-971c-598244624da9",
	"created_at": "2026-04-06T01:29:21.273191Z",
	"updated_at": "2026-04-10T03:22:01.449882Z",
	"deleted_at": null,
	"sha1_hash": "b09b5125c7a658430b92d01dcb02ffbb1b31e006",
	"title": "gpresult",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 54405,
	"plain_text": "gpresult\r\nBy robinharwood\r\nArchived: 2026-04-06 00:37:13 UTC\r\nDisplays the Resultant Set of Policy (RSoP) information for a remote user and computer. To use RSoP reporting\r\nfor remotely targeted computers through the firewall, you must have firewall rules that enable inbound network\r\ntraffic on the ports.\r\ngpresult [/s \u003csystem\u003e [/u \u003cusername\u003e [/p [\u003cpassword\u003e]]]] [/user [\u003ctargetdomain\u003e\\]\u003ctargetuser\u003e] [/scope {user |\r\nNote\r\nExcept when using /?, you must include an output option, /r, /v, /z, /x, or /h.\r\nParameter Description\r\n/s \u003csystem\u003e\r\nSpecifies the name or IP address of a remote computer. Don't use backslashes.\r\nThe default is the local computer.\r\n/u \u003cusername\u003e\r\nUses the credentials of the specified user to run the command. The default\r\nuser is the user who is signed in to the computer that issues the command.\r\n/p [\u003cpassword\u003e]\r\nSpecifies the password of the user account that is provided in the /u\r\nparameter. If /p is omitted, gpresult prompts for the password. The /p\r\nparameter can't be used with /x or /h.\r\n/user [\u003ctargetdomain\u003e\\]\r\n\u003ctargetuser\u003e]\r\nSpecifies the remote user whose RSoP data is to be displayed.\r\n/scope {user | computer}\r\nDisplays RSoP data for either the user or the computer. If /scope is omitted,\r\ngpresult displays RSoP data for both the user and the computer.\r\n[/x | /h] \u003cfilename\u003e\r\nSaves the report in either XML (/x) or HTML (/h) format at the location and\r\nwith the file name that is specified by the filename parameter. Can't be used\r\nwith /u, /p, /r, /v, or /z.\r\n/f\r\nForces gpresult to overwrite the file name that is specified in the /x or /h\r\noption.\r\n/r Displays RSoP summary data.\r\n/v\r\nDisplays verbose policy information. This includes detailed settings that were\r\napplied with a precedence of 1.\r\nhttps://docs.microsoft.com/en-us/windows-server/administration/windows-commands/gpresult\r\nPage 1 of 2\n\nParameter Description\r\n/z\r\nDisplays all available information about Group Policy. This includes detailed\r\nsettings that were applied with a precedence of 1 and higher.\r\n/? Displays help at the command prompt.\r\nGroup Policy is the primary administrative tool for defining and controlling how programs, network\r\nresources, and the operating system operate for users and computers in an organization. In an active\r\ndirectory environment, Group Policy is applied to users or computers based on their membership in sites,\r\ndomains, or organizational units.\r\nBecause you can apply overlapping policy settings to any computer or user, the Group Policy feature\r\ngenerates a resulting set of policy settings when the user signs in. The gpresult command displays the\r\nresulting set of policy settings that were enforced on the computer for the specified user when the user\r\nsigned in.\r\nBecause /v and /z produce much information, it's useful to redirect output to a text file (for example,\r\ngpresult/z \u003epolicy.txt ).\r\nOn ARM64 versions of Windows, only the gpresult in SysWow64 works with the /h parameter.\r\nTo retrieve RSoP data for only the remote user maindom\\targetuser, on the computer srvmain, enter:\r\ngpresult /s srvmain /user maindom\\targetuser /scope user /r\r\nTo save all available information about Group Policy to a file named policy.txt for only the remote user\r\nmaindom\\targetuser, on the computer srvmain, enter:\r\ngpresult /s srvmain /user maindom\\targetuser /z \u003e policy.txt\r\nTo display RSoP data for the signed-in user, maindom\\hiropln with the password p@ssW23, for the computer\r\nsrvmain, enter:\r\ngpresult /s srvmain /u maindom\\hiropln /p p@ssW23 /r\r\nCommand-Line Syntax Key\r\nSource: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/gpresult\r\nhttps://docs.microsoft.com/en-us/windows-server/administration/windows-commands/gpresult\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/gpresult"
	],
	"report_names": [
		"gpresult"
	],
	"threat_actors": [],
	"ts_created_at": 1775438961,
	"ts_updated_at": 1775791321,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b09b5125c7a658430b92d01dcb02ffbb1b31e006.pdf",
		"text": "https://archive.orkl.eu/b09b5125c7a658430b92d01dcb02ffbb1b31e006.txt",
		"img": "https://archive.orkl.eu/b09b5125c7a658430b92d01dcb02ffbb1b31e006.jpg"
	}
}