Article ID: 258595 - View products that this article applies to.
This article was previously published under Q258595
Although the Gpresult.exe command-line tool displays information about the result that Group Policy has on the current computer and logged-on user, it does not reveal details of the security policy.
This article describes how to determine the resultant Windows 2000 computer security policy.
To determine the current security policy on a Windows 2000-based computer, use the Security Configuration and Analysis snap-in in Microsoft Management Console (MMC):
Expanding these items displays the underlying system settings. When you are viewing a branch or subbranch, the right pane (the Details pane) displays several columns. The first column indicates the name of the individual policy in the analysis results. For Account Policies, Local Policies, and Event Log, the second column indicates the security value in your template. The third column indicates the current security level in the system analyzed. For the remaining types of policies, the second and third columns represent comparison results specific to the type of policy.
In any type of policy, a red X indicates a difference from the base configuration. A green check mark indicates consistency with the base configuration. No icon indicates that the security attribute was not included in your template, and is therefore not analyzed.
Note that this analysis is static and only accurately reflects the settings that exist at the time of the analysis. Changes in the security settings are not displayed in the analysis until you perform a new analysis.
For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/250842/EN-US/ )Troubleshooting Group Policy Application Problems
(http://support.microsoft.com/kb/250454/EN-US/ )Error Returned Importing the BASICDC Security Template
(http://support.microsoft.com/kb/230263/EN-US/ )How to Create Custom MMC Snap-in Tools