Saturday, April 25, 2020

Group Policy Troubleshooting from the Command Prompt

Group Policy CMD

A series of useful tips and tools for diagnosing group policy issues in windows.

Force a system to expire its current kerberos ticket, this will make the system check what OU its in and thus apply any new group policy's.  Useful if you have moved a computer to a new OU and need it to apply the new policies of that OU but cant afford the down time of a reboot.
klist -li 0x3e7 purge

Change what domain controller group policy is being pulled from.  This is especially useful if you have just discovered that your DFSR SYSVOL is no longer replicating correctly.
nltest /dsgetdc:example.com
nltest /Server:$ClientComputerName /SC_RESET:example.com\dc.example.com

Get a list of applied policies.
gpresult /r

Getting the group policy results from a workstation through psexec.
gpresult /user $User-Logged-In /scope computer /r

See remotely installed printers:
wmic printer list brief
wmic printer get name

The above just shows a short list of printer attached to the system you run the command on. It will also show what computer a printer is connected to if there's a network printer. You can also use this to get a very detailed list of configuration for each printer installed on a system:
wmic printer list full

To output it to a text file, append this to the end of the command:
wmic printer list brief >> c:\users\admin\documents\printerlist.txt