gpresult.exe
- File Path:
C:\windows\SysWOW64\gpresult.exe - Description: Query Group Policy RSOP Data
Hashes
| Type | Hash |
|---|---|
| MD5 | CD9FDE5828EDDB4CF0E2144CAA5B0BA1 |
| SHA1 | B701B2F8D36910A0130E6B8F4A775CB1866ADC4A |
| SHA256 | 07C4E2F63F946AB1027A468F6977F15E5A64A99B75733D1ECB628CA38BBC9FC1 |
| SHA384 | 5D39A0DE789F5B1332E970C2419CDBC7CE1E98736B2A1A76E723A23B13FED660F5E0AA622CA571480C1DC47BD898F831 |
| SHA512 | FEC6A607D16AB9A79A063B0DFD888C3100F3CA2C2B0CA18020563583BF81344DC818B06ADA58BCEC807EDD7EBF550A0AB69AEF5AAFD40E65D5486C8C1C2667DB |
| SSDEEP | 3072:VQh1pUC/uIQQiDuznDN8KvQ3qo/LQ6uoErZYpW8yVrp1k3q9PsQrvjC7:C3UPJQiaqYQ3NzHKWvwPf0kC |
Signature
- Status: The file C:\windows\SysWOW64\gpresult.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
- Serial: ``
- Thumbprint: ``
- Issuer:
- Subject:
File Metadata
- Original Filename: gprslt.exe.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
- Product Version: 6.3.9600.16384
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
Possible Misuse
The following table contains possible examples of gpresult.exe being misused. While gpresult.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| stockpile | 5c4dd985-89e3-4590-9b57-71fed66ff4e2.yml | gpresult /R |
Apache-2.0 |
Additional Info*
*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.
gpresult
Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012
Displays the Resultant Set of Policy (RSoP) information for a remote user and computer. To use RSoP reporting for remotely targeted computers through the firewall, you must have firewall rules that enable inbound network traffic on the ports.
Syntax
gpresult [/s <system> [/u <username> [/p [<password>]]]] [/user [<targetdomain>\]<targetuser>] [/scope {user | computer}] {/r | /v | /z | [/x | /h] <filename> [/f] | /?}
[!NOTE] Except when using /?, you must include an output option, /r, /v, /z, /x, or /h.
Parameters
| Parameter | Description |
|---|---|
/s <system> |
Specifies the name or IP address of a remote computer. Don’t use backslashes. The default is the local computer. |
/u <username> |
Uses the credentials of the specified user to run the command. The default user is the user who is logged on to the computer that issues the command. |
/p [<password>] |
Specifies the password of the user account that is provided in the /u parameter. If /p is omitted, gpresult prompts for the password. The /p parameter can’t be used with /x or /h. |
/user [<targetdomain>\]<targetuser>] |
Specifies the remote user whose RSoP data is to be displayed. |
/scope {user | computer} |
Displays RSoP data for either the user or the computer. If /scope is omitted, gpresult displays RSoP data for both the user and the computer. |
[/x | /h] <filename> |
Saves the report in either XML (/x) or HTML (/h) format at the location and with the file name that is specified by the filename parameter. Can’t be used with /u, /p, /r, /v, or /z. |
| /f | Forces gpresult to overwrite the file name that is specified in the /x or /h option. |
| /r | Displays RSoP summary data. |
| /v | Displays verbose policy information. This includes detailed settings that were applied with a precedence of 1. |
| /z | Displays all available information about Group Policy. This includes detailed settings that were applied with a precedence of 1 and higher. |
| /? | Displays help at the command prompt. |
Remarks
-
Group Policy is the primary administrative tool for defining and controlling how programs, network resources, and the operating system operate for users and computers in an organization. In an active directory environment, Group Policy is applied to users or computers based on their membership in sites, domains, or organizational units.
-
Because you can apply overlapping policy settings to any computer or user, the Group Policy feature generates a resulting set of policy settings when the user logs on. The gpresult command displays the resulting set of policy settings that were enforced on the computer for the specified user when the user logged on.
-
Because /v and /z produce a lot of information, it’s useful to redirect output to a text file (for example,
gpresult/z >policy.txt). -
On ARM64 versions of Windows, only the
gpresultin SysWow64 works with the/hparameter.
Examples
To retrieve RSoP data for only the remote user, maindom\hiropln with the password p@ssW23, who’s on the computer srvmain, type:
gpresult /s srvmain /u maindom\hiropln /p p@ssW23 /user targetusername /scope user /r
To save all available information about Group Policy to a file named, policy.txt, for only the remote user maindom\hiropln with the password p@ssW23, on the computer srvmain, type:
gpresult /s srvmain /u maindom\hiropln /p p@ssW23 /user targetusername /z > policy.txt
To display RSoP data for the logged on user, maindom\hiropln with the password p@ssW23, for the computer srvmain, type:
gpresult /s srvmain /u maindom\hiropln /p p@ssW23 /r
Additional References
MIT License. Copyright (c) 2020-2021 Strontic.