Saturday, April 25, 2020

Group Policy Troubleshooting from the Command Prompt

A series of useful tips and tools for diagnosing group policy issues in windows.

Force a system to expire its current kerberos ticket, this will make the system check what OU its in and thus apply any new group policy’s. Useful if you have moved a computer to a new OU and need it to apply the new policies of that OU but cant afford the down time of a reboot.

klist -li 0x3e7 purge

Change what domain controller group policy is being pulled from. This is especially useful if you have just discovered that your DFSR SYSVOL is no longer replicating correctly.

nltest /dsgetdc:example.com
nltest /Server:$ClientComputerName /SC_RESET:example.com\dc.example.com

See policies applied to the local computer

gpresult /r

Getting the group policy results from a workstation through psexec

gpresult /user User-Logged-In /scope computer /r

See remotely installed printers I use:

wmic printer list brief
wmic printer get name

This just shows a short list of printer attached to the system you run the command on. It will also show what computer a printer is connected to if there’s a network printer.

You can also use this to get a very detailed list of configuration for each printer installed on a system:

wmic printer list full

To output it to a text file, nothing fancy can be done with basicly any command that has an output.

wmic printer list brief >> c:\users\admin\documents\printerlist.txt