gpresult.exe

  • File Path: C:\windows\system32\gpresult.exe
  • Description: Query Group Policy RSOP Data

Hashes

Type Hash
MD5 B4121C79FEB8A9A7D9ABA60F8F8ED404
SHA1 8B54F0B59851BA107A57833C7251085FD9296E2F
SHA256 DA9933AD0A30D1A978F7F7B3EAAC46047829FE3200EF29FF363CB1131428A441
SHA384 879A714D203549BEEEF881F24C6FB7454A2D727BC8A52497E26AD202DD3EEDA5202690E1FB5315CA8D0CC674B86879B3
SHA512 24E4E72EF2149F1A657E09EAE9B14CEB406AE18ED30CA6B76BD42502F353E1F8660347597E10FDE26E6DAEE679D16DA9510D7E16DEB56B9EE2C2E2C41A617B92
SSDEEP 3072:VwA1pUC/76BQJIH9jpmtuPMVsjlmjiEBuXnqQ7a8Yr7eLkqqFpLrC:D3U276+GH9jkE0VsMaqEazeCp

Signature

  • Status: The file C:\windows\system32\gpresult.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: gprslt.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
  • Product Version: 6.3.9600.16384
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of gpresult.exe being misused. While gpresult.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
stockpile 5c4dd985-89e3-4590-9b57-71fed66ff4e2.yml gpresult /R Apache-2.0

Additional Info*

*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.


gpresult

Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

Displays the Resultant Set of Policy (RSoP) information for a remote user and computer. To use RSoP reporting for remotely targeted computers through the firewall, you must have firewall rules that enable inbound network traffic on the ports.

Syntax

gpresult [/s <system> [/u <username> [/p [<password>]]]] [/user [<targetdomain>\]<targetuser>] [/scope {user | computer}] {/r | /v | /z | [/x | /h] <filename> [/f] | /?}

[!NOTE] Except when using /?, you must include an output option, /r, /v, /z, /x, or /h.

Parameters

Parameter Description
/s <system> Specifies the name or IP address of a remote computer. Don’t use backslashes. The default is the local computer.
/u <username> Uses the credentials of the specified user to run the command. The default user is the user who is logged on to the computer that issues the command.
/p [<password>] Specifies the password of the user account that is provided in the /u parameter. If /p is omitted, gpresult prompts for the password. The /p parameter can’t be used with /x or /h.
/user [<targetdomain>\]<targetuser>] Specifies the remote user whose RSoP data is to be displayed.
/scope {user | computer} Displays RSoP data for either the user or the computer. If /scope is omitted, gpresult displays RSoP data for both the user and the computer.
[/x | /h] <filename> Saves the report in either XML (/x) or HTML (/h) format at the location and with the file name that is specified by the filename parameter. Can’t be used with /u, /p, /r, /v, or /z.
/f Forces gpresult to overwrite the file name that is specified in the /x or /h option.
/r Displays RSoP summary data.
/v Displays verbose policy information. This includes detailed settings that were applied with a precedence of 1.
/z Displays all available information about Group Policy. This includes detailed settings that were applied with a precedence of 1 and higher.
/? Displays help at the command prompt.
Remarks
  • Group Policy is the primary administrative tool for defining and controlling how programs, network resources, and the operating system operate for users and computers in an organization. In an active directory environment, Group Policy is applied to users or computers based on their membership in sites, domains, or organizational units.

  • Because you can apply overlapping policy settings to any computer or user, the Group Policy feature generates a resulting set of policy settings when the user logs on. The gpresult command displays the resulting set of policy settings that were enforced on the computer for the specified user when the user logged on.

  • Because /v and /z produce a lot of information, it’s useful to redirect output to a text file (for example, gpresult/z >policy.txt).

  • On ARM64 versions of Windows, only the gpresult in SysWow64 works with the /h parameter.

Examples

To retrieve RSoP data for only the remote user, maindom\hiropln with the password p@ssW23, who’s on the computer srvmain, type:

gpresult /s srvmain /u maindom\hiropln /p p@ssW23 /user targetusername /scope user /r

To save all available information about Group Policy to a file named, policy.txt, for only the remote user maindom\hiropln with the password p@ssW23, on the computer srvmain, type:

gpresult /s srvmain /u maindom\hiropln /p p@ssW23 /user targetusername /z > policy.txt

To display RSoP data for the logged on user, maindom\hiropln with the password p@ssW23, for the computer srvmain, type:

gpresult /s srvmain /u maindom\hiropln /p p@ssW23 /r

Additional References


MIT License. Copyright (c) 2020-2021 Strontic.