Citrix Logon Process

 

Here are the steps the client, Web Interface and Citrix service all combine to give you a session:

1. The user logs on the Web Interface (WI)
2. Web interface speaks to the XML broker, and passes the credentials
3. The XML broker reaches out to an Active Directory Domain Controller with the credentials to authenticate
4. If you pass authentication the WI will enumerate the applications and desktops you have. At this point a user can start/select an application to run
5. A server will respond back to the WI with ICA file for the app/desktop
6. The ICA file is passed from WI to the client machine
7. Client machine open the ICA and reaches out directly to the given XenApp/XenDesktop  device
8. The XenApp Server confirms the correct RDS/TS License is available
9. The standard Windows computer logon starts (RDS or XD session)
10. XenApp/DDC checks with the Citrix license server to obtain a licence
11. The Microsoft GPO’s are applied
12. The Citrix policies are applied
13. The remaining standard Windows logon process run, FirstRun, Run, Startup etc
14. The user is happy…

 

Much of this detail came from here and here:

http://support.citrix.com/article/CTX128909

http://support.citrix.com/article/CTX129589

Lost admin password for Citrix Licensing Server?

 

A default administrator account ‘admin’ is created during installation of the Citrix License Administration Console. You can set the password for this account during installation.

Try to logon with the default ‘admin’ password ‘admin’ to configure your domain users. NOTE: ‘admin’ is not ‘Admin’ they are case sensitive.

If you have lost the licensing server admin password then you can reset the admin password in the licence server configuration file.

1. Find the ‘server.xml’ file in Citrix Licensing folder
2. Open and Administrator CMD prompt to edit it.
3. Find the entry that looks something like this:

<user firstName=”System” id=”admin” lastName=”Administrator” password=”--lots-of-characters-encrypting-your-password--” passwordExpired=”false” privileges=”admin”/>;

1. Delete the text in the password section, in the above example change password=”(ERD-32)IUJ676h43wedftQ(lots-of-characters-encrypting-your-password--” to  password=”Password”
2. Change passwordExpired to ‘true’
3. Restart the licensing services, ‘Citrix Licensing Server’
4. Log onto the licensing console using user name ‘admin’ and the ‘Password’
5. Change your password and you are done.

 

Some of this came from:

http://philipflint.com/2011/08/22/reset-the-admin-password-for-citrix-licensing-server/

http://support.citrix.com/proddocs/topic/licensing-119/lic-lmadmin-users-b.html

Aero Glass Remote Desktop Connection (RDS/TS)

 

To enable Aero Glass in a Remote Desktop session:

Remote Desktop client, Windows Aero hardware and Aero driver is required.

The following settings should be selected in the Remote Desktop client:

1. Colour depth of the remote session must be set to 32-bit
2. “Desktop composition” must be enabled on the Experience tab

  

If the remote computer is a Windows Server 2008 R2 machine

• Desktop Session Host (RDSH) role is required
• Desktop Experience feature is required
• Themes service is set to auto start
• Video settings are 32bit per pixel

(In Server Manager, go to “RD Session Host Configuration” under “Remote Desktop Services” role, right-click on the connection to bring up “RDP-Tcp Properties” Uncheck “Limit Maximum Colour Depth” from “Remote Desktop Session Host Configuration.”)

• Group Policy is required to enable the settings for RDP

(The policy path is “Computer Configuration\ AdministrativeTemplates\ WindowsComponents\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment”)

  

Would you like to user Aero Flip, good luck with the key combination, if you find it let me know. NOTE: Does not work on a Citrix ICA session, only RDP.

Create a shortcut like so:

This information is generally from here:

http://blogs.msdn.com/b/rds/archive/2009/06/23/aero-glass-remoting-in-windows-server-2008-r2.aspx

http://mandeeptech.com/2010/02/how-to-create-aero-flip-3d-shortcut-on-desktop-quick-launch-or-windows-7-taskbar/

Windows 7 Theme for XenApp 6.5 Desktops

 

Windows Server 2008 R2 does not have the Windows 7 theme out of the box so to fix this. Install the Desktop Experience feature allows users to look like a traditional Windows 7 PC.

The steps are:

1. Go to Features and click Add Desktop Experience
2. Enable Powershell remote signed code
3. Run …\Citrix\App Delivery Setup Tools\New-CtxManagedDesktopGPO.ps1
4. This will create 3 GPOs that you can edit and apply if they suite (CtxStartMenuTaskbarUser and CtxPersonalizableUser or CtxRestrictedUser)
5. Check that the ‘themes’ service is running

Edit and update to suite.

 

 

Links for this information:

http://support.citrix.com/proddocs/topic/xenapp65-admin/ps-csp-win7-desktop-experience.html

http://support.citrix.com/article/CTX133429

This is a great example of why…

http://blogs.citrix.com/2011/02/22/repurposed-pcs-deliver-windows-7-like-experience-using-xenapp-hosted-shared-desktops/

Some more details on automation

http://community.citrix.com/display/CSP/Enabling+the+Windows+7+experience+on+a+XenApp+server

http://community.citrix.com/display/CSP/Configuring+a+theme+and+wallpaper+for+hosted+desktops

Contact me? Mobile enabled now

While I am embracing my inner Hipstep and not rolling with a mobile phone you may still need to beat down the doors to reach me, well fear not, using the power of the Internet I have amassed a range of ways to contact me…

0411 COLVIN – the new mobile number

LinkedIn

FaceStalker

Twitter

Skype me ‘dcolvin’

Whitepages – dead trees with names… That's hipster right there.

(l33t speak style hidden email address –>) d c o l v i n at g mail dot com

http://dave.colv.in …oh I see you are here already…

Ctrl-Alt-Del ® Terminal Server Tools

 

A bunch of handy Citrix and Terminal Server tools for FREE !

 

BOMBProf - manage multiple local/roaming profiles

CTXCOMMAP - to map serial ports beyond COM9:

CTXCliOS - to check the type of OS being run from the Client

DEFSET - manage default printer

ENVTSCIP - obtain the current session's client ip address and assign is to an environment variable

GETTSCIP - to obtain the current session's client ip address

GETPUBAPP - to query what specific Published Application is running in the current session

ICSWEEP - clear the Temporary Internet Files Cache and/or the TEMP files folder

LOGONMsg - displays a "message of the day"

PASSCHG - allow the end user to change their domain password

PINGWIZ - ping devices with an IPv4 address

PRTSRVCHG - remapping network printer paths

QRYDEPTAPP - running a specified Published Application based

QRYCLIENTIP - Current session's client ip address

QRYPUBAPP - Check whether the current session is running a specified Published Application

QRYTSCIP - Client ip address. No Citrix Required

REMProf - Delete local user profiles

TSAPPBOOST - Manage the CPU priority of applications

TSAPPINJECT - Launch an application with an assigned CPU priority

TSBADAPP - Manage Application Compatibility Flags

TSBACKDROP - display information about a Terminal Server background

TSHIDE - Run a named program as a hidden window

TSKAAPOP / TSKAAPOW / TSKAASPLAT - Run multiple applications from one command

TSLOADBAL - Load balancing of Terminal Servers in a single Domain.

TSLOADSTTS - Gather performance information

TSLOGOFF - Logoff Sessions from a particular server within a Domain

TSLOGINS - Set the status of remote logins

TSMSG - To message Sessions on any server within a Domain

TSPASSCHG / TSPASSCHG / TSPASSCHG - Allow the end user to change their password

TSREBOOT - Reboot selected or all Servers

TSRUNLOGOFF - Run a application with a logoff script upon exit

TSSELFSERVRESET - Users manage their own sessions from a single location

TSSESSIONNFO - Provide information on Sessions from a particular server

TSSNAPSEND - Take Screen shots of a user's Windows desktop

TSSRVTYPE - list Application Server Mode or Remote Application Mode

TSTASKMAN - show a user the list of processes/ applications running

TSTBARSET - Settings of the Windows Taskbar

TSWHATDOM - Query the domain membership

TSWHEREIS - locate a user within a Domain

XLAUNCH – Launce a programs based on 32 bit or 64 bit OS Platforms

Get the tools here: http://ctrl-alt-del.com.au/CAD_TSUtils.htm

Design guide, Server 2012, Cisco & NetApp

 

There are new design guide and deployment guide for Microsoft Windows Server 2012 based on FlexPod (UCS and NetApp).

It covered,

• Full FCoE, vPC
• iSCSi for WS 2012 Hyper-v
• VM-FEX for WS 2012 Hyper-v
• Single Wire Management for C220 M3 with N2232PP.

http://www.cisco.com/en/US/partner/solutions/collateral/ns340/ns517/ns224/ns944/whitepaper__c07-727095.html

http://www.cisco.com/en/US/partner/docs/unified_computing/ucs/UCS_CVDs/flexpod_mspc_hvws12.html#wp389869

Remove Missing Dependencies for SCVMM 2012 RC VHDs

 

Ran into this issue with SCVMMM2012 and I could not delete a VHD from my library as I had a series of items that were dependent on the VHD. I resolved the template issue by entering the following command from Powershell on the SCVMM server:

Get-SCVMTemplate | where {$_.Name -like "Temporary*"} | Remove-SCVMTemplate

The second issue will be identified by the following error when you attempt to delete the VHD:

The library object (VHDNAME) cannot be removed because following objects are dependent on it:

Virtual Hard Disk deployment configuration

Thanks to Ryan Holt for this (http://www.ryanholt.net/2012/02/07/quick-tip-remove-missing-dependencies-for-scvmm-2012-rc-vhds/) and @TheChadVent for the tip.

ABC Video of Cocky

 

This is funny…. www.abc.net.au/abc3/microsites/petsuperstars/petsuperstars.htm

Watch it NOW !

SCVMM 2012 SP1 and Linux

 

To automatically configure the Linux OS after SCVMM creates the OS there are extra tools that are needed. On the VMM management server, open a command prompt, (administrative).

They programs are found in the c:\Program Files\Microsoft System Center 2012\Virtual Machine Manager\agents\Linux folder.

Copy all the agent installation files from that folder to a new folder on the virtual machine, and then, on the virtual machine on which Linux is running as a guest operating system, open the new folder.

Make the installer executable

chmod +x install

Run either the x86 or x64 installer:

./install scvmmguestagent.1.0.0.544.x64.tar

or

/install scvmmguestagent.1.0.0.544.x86.tar

 

The official Microsoft link is: http://technet.microsoft.com/en-us/library/jj860429.aspx

Linux, on Hyper-V Server 2012

 

Supported Linux on Hyper-V 2012,  ALL Are 64 BIT ! (http://technet.microsoft.com/en-us/library/hh831531.aspx)

CentOS 5.7 and 5.8, CentOS 6.0 – 6.3 (Download and install Linux Integration Services Version 3.4 for Hyper-V.)

Red Hat Enterprise Linux 5.7 and 5.8, Red Hat Enterprise Linux 6.0 – 6.3 (Download and install Linux Integration Services Version 3.4 for Hyper-V.)

SUSE Linux Enterprise Server 11 SP2 (Integration services do not require a separate installation because they are built-in.

Open SUSE 12.1 (Integration services are built-in.)

Ubuntu 12.04 (Integration services are built-in.)

 

Dont forget there are Integration Services AND an SCVMM Agent

(http://windowsitpro.com/virtual-machine-manager/deploy-linux-scvmm )

Checking the OS (Red Hat)

Checking Redhat version installed

$ uname -a

Linux server.domain.com 2.4.22-32.ELsmp #1 SMP Mon Apr 15 21:17:59 EDT 2005 i686 i686 i386 GNU/Linux

To get the version in simple terms, check  /etc/redhat-release instead.

$ cat /etc/redhat-release

Red Hat Enterprise Linux AS release 3 (Taroon Update 5)

To turn on DHCP for Red Hat

To configure a DHCP client manually, modify  the /etc/sysconfig/network file to enable networking and the configuration file for each network device in the /etc/sysconfig/network-scripts directory. In this directory, each device should have a configuration file named ifcfg-eth0, where eth0 is the network device name.

The /etc/sysconfig/network file should contain the following line:

NETWORKING=yes

The NETWORKING variable must be set to yes if you want networking to start at boot time.

The /etc/sysconfig/network-scripts/ifcfg-eth0 file should contain the following lines:

DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes

Other options for the network script include:

• 
  

  DHCP_HOSTNAME — Only use this option if the DHCP server requires the client to specify a hostname before receiving an IP address. (The DHCP server daemon in Red Hat Enterprise Linux does not support this feature.)

  
  



• 
  

  PEERDNS=<answer>, where <answer> is one of the following:

  
  
  
  
  
  • 
    

    yes — Modify /etc/resolv.conf with information from the server. If using DHCP, then yes is the default.

    
    
  
  
  
  • 
    

    no — Do not modify /etc/resolv.conf.

    
    
  
  
  
  



• 
  

  SRCADDR=<address>, where <address> is the specified source IP address for outgoing packets.

  
  



• 
  

  USERCTL=<answer>, where <answer> is one of the following:

  
  
  
  
  
  • 
    

    yes — Non-root users are allowed to control this device.

    
    
  
  
  
  • 
    

    no — Non-root users are not allowed to control this device.

    
    
  
  
  
  

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/System_Administration_Guide/s1-dhcp-configuring-client.html

Set-ExecutionPolicy Unrestricted

 

(I use this all the time, so posted it for my convenience).

Using the Set-ExecutionPolicy Cmdlet

Changing the Windows PowerShell Script Execution Policy

The Set-ExecutionPolicy cmdlet enables you to determine which Windows PowerShell scripts (if any) will be allowed to run on your computer. Windows PowerShell has four different execution policies:

• Restricted - No scripts can be run. Windows PowerShell can be used only in interactive mode.

• AllSigned - Only scripts signed by a trusted publisher can be run.

• RemoteSigned - Downloaded scripts must be signed by a trusted publisher before they can be run.

• Unrestricted - No restrictions; all Windows PowerShell scripts can be run.

To assign a particular policy simply call Set-ExecutionPolicy followed by the appropriate policy name. For example, this command sets the execution policy to RemoteSigned:

http://technet.microsoft.com/en-us/library/ee176961.aspx 

System Center [sic] App Controller Certificate Import Error

 

I get this error when using a W2K12 Cluster File Server for a Library Server in SCVMM 2012 SP1…

 

Export of the library server certificate from the VMM server has failed for library server %clustered library server%. In order to perform this operation, you must be an Administrator in both Virtual Machine Manager and App Controller, and also a local Administrator on the server. (StatusCode: Microsoft.SystemCenter.CloudManager.Providers.ProviderException)

and

An internal error has occurred trying to contact an agent on the NO_PARAM server: NO_PARAM: NO_PARAM.
Ensure the agent is installed and running. Ensure the WS-Management service is installed and running, then restart the agent. (StatusCode: Microsoft.VirtualManager.Utils.CarmineException)

You we have some steps you can use to manually import the missing certificates.

1. Open MMC (Start -> Run -> MMC)
2. Add the certificate snap-in and select Computer account and specify your VMM server
3. Add the certificate snap-in and select Computer account and specify your App Controller server
4. Expand the Trusted People\Certificates folder for the App Controller server
5. Browse to the Trusted People\Certificates folder for the VMM server
6. Make sure you're looking in the Friendly Name column for the certificates
7. Find the certificates that start with SCVMM_CERTIFICATE_KEY_CONTAINER and then has the FQDN of the library cluster nodes
   You only need the certificates for the library server - you don't need any of the certificates for the Hyper-V hosts
8. Copy the certificates to the Trusted People\Certificates folder on the App Controller server

If you previously had success importing certificates, you might find that some of the library certificates are already present. You do not need to recopy these certificates - just the missing certificates for the library servers.

On the VMM server you will see a certificate for each of your host computers - you do NOT need to copy these certificates.

http://social.technet.microsoft.com/Forums/en-US/appcontroller/thread/48b86539-5a8e-4909-87a2-4eb97564ffff 

 

<DaveColvin>

All I have to say is ‘cool story Bro, tell it again’. Yep this did not work for me and I ended up creating a new W2K12 Server and presenting the storage that way… But it look good heh?

</DaveColvin>

Server 2012 Phone Activation

Hi Server,

Let me choose somewhere other than Afghanistan… That’d be great.

BTW Phone Australia on 13 20 58 Option 3 then option 1…

SCCM 2012 SP1, SQL 2012 on Server 2012

If like me you ‘skimmed’ the pre-reqs for SCCM 2012 SP1 and then cant install due to the database collation (see below), here is how to fix it.

Open up command prompt, from the SQL setup folder where the setup.exe is located and execute the command:

Setup.exe /QUIET 
/ACTION=REBUILDDATABASE  
/SQLCOLLATION=SQL_Latin1_General_CP1_CI_AS 
/INSTANCENAME=MSSQLSERVER 
/SQLSYSADMINACCOUNTS=Domain\Administrator

(all above is one line)

Note your

“INSTANCENAME=MSSQLSERVER” and/or


“SQLSYSADMINACCOUNTS=Domain\Administrator” may be different…

Duplicate SIDs in on multiple Cluster Nodes

 

I was working on a two node w2k8 R2 cluster running in VMware ESX 5.1, running SQL 2008 and a bunch of other services, the disks were local and also RDMs out to iSCSI NetApp disks. The system had been running for about three months, but started acting weird… yep just weird.

You could logon with a domain cache credential, but there was no ‘LogonServer’ but when you did you get a temporary profile.

Services that had a domain service account that needed a profile would fail.

A local logon with Administrator would fail with a ‘the Group Policy service failed the logon. Access is denied’.

The issue turned out to be the first server was cloned to the second server and both had the same SID. This caused account and domain connection issues and looked like file corruption, virus issues, and got progressively worse, to the point you could not add/remove programs due to ‘appdata’ issues and finally the two servers we cut loose and rebuilt.

I have also been told of SQL server and FIM Portal 2010 that all have problem with this, so maybe a worthwhile check from time to time access environments… A quick powershell would be handy

 

Article on fixing Windows profiles.
http://www.sysprobs.com/fix-temporary-profile-windows-7

Why SIDs should matter. http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx

Installing SQL Server 2012 on Server 2012 error

 

Error while enabling Windows feature NetFX3 Error Code -2146498298

Thanks to my mate Tony to Install netfx3

Mount Windows 2012 ISO/DVD

open a command prompt and issue the command:

 

dism /online /enable-feature /featurename:netfx3 /all /source:d:\sources\sxs

An you are ready to try again.

 

Of course if you need a GUI here is how (hat tip to Scott):

kickthatcomputer.wordpress.com/2013/03/02/installing-dotnet-3-5-on-windows-8-and-server-2012/

Windows Phone 8 (Nokia Lumia 820)

 

Having been an Apple iPhone users for the 3g/3gs/4/4s I was recently given a Nokia Lumia 820 running Windows Phone 8. I wanted to give it a far review and commit to keeping it or putting it in the cupboard with the Motorola Q phone (Windows Mobile 6.5, I am waiting to kill a bugler with that). So I have had the phone for two weeks and here is a blow by blow of the good and bad.

Lets start with the good:

1. The screen size, colour, brightness, touch are all fantastic
2. The ability to have live tiles, configure the interface, move things around as you please, information on the home screen are all fantastic
3. The new twitter app is very good, the old one (last week) was so bad I was going to give it up for that
4. The pictures, people hubs are an interesting concept and take some time, but they are getting better – I understand more
5. The OS and phone look and feel, sliding around, moving is very snappy and very cool
6. The ability to pin just about anything to the home screen and lock screen is great
7. The Nokia apps are good and cost effective (free)
8. The dedicated button for the camera is great
9. The overall concept of endless scroll up-down and left-right is very cool
10. The web browser, flash support, generally web everything is really very good (tabs need a new way to access but otherwise great)

 

The Bad or confusing or what the f… moments

1. The side power button is exactly under the finger used to pick it up, I mean really…
2. The Windows phone software copied every podcast as it could not tell what was listened to, fair enough but a pain
3. The lack of feedback is odd, for example, subscribe to a podcast, sit back, wait, try again, give up, try again, google some, give up, try again, plug the damn thing in and do it via Windows Phone software and itunes
4. Want to subscript to a podcast on the phone, good luck, I cant.
5. The camera on this phone is poor indoors compared to the iPhone 4s !. It is not Windows it is the handset camera, natural light is however good.
6. Wifi and network, not sure here, slow to find, slow to connect, but seems ok, there is an issue with work where the phone reboots on that wifi maybe 4-5 times a day?
7. Reboots, yep for no reason maybe 1-2 a week? It does not have any real downside it is just odd
8. Youtube, don't start me, it works, lets just leave it there, re-open a video, restart from the beginning, want to fast forward, haha you funny man
9. The ‘Windows’ button could wake the phone (man I am ex iPhone and press it every time, every time)
10. The buttons at the bottom are too sensitive, I bump them all the time, see above youtube
11. The sound output to your ear is tiny, and at the lip of the top, could be down a bit and larger, but no big issue
12. Battery is on par for the iPhone, but so slow to charge (I mean 6-7 hours pugged into the computer)

So the big question, keep it or blend it?

1. Keep, yes it is new, fresh, different and has great potential
2. I will give away the iPhone and look forward to new apps and new OS updates as it is 90-95% as good and just needs some minor updates

UPDATES week 3

1. The reboots seem to have stoped now, just happens when I run out of juice.
2. Charging genuinely seems to take 6 hours? WTF? Anyway I can live with this, but really? Maybe I don't have the right charger? Used both laptop and someone elses Micro USB charger, but not the Nokia one…
3. Battery life, well.. lets just say; carry a charger, I am not close to my IPhone charge time with similar use. Hours less. But again can live with this I have a charger in the car and office.

P2V–Poverty pack edition for Linux

 

If you are running a tight (nah free, nah hobo data centre) you may from time to time need to P2V your Linux server to run it under VirtualBox. Here are some ways how:

If you have a USB HDD

Boot a Linux live CD, mount your USB somewhere, lets say /media/bigusb then simply run:

df –h (to find your {localdrivename})

dd if=/dev/{localdrivename} of=/media/bigusb/p2vdrive.raw

unmount the bigusb and move it to your virtualbox server, then run

VBoxManage convertdd p2vdrive.raw p2vdrive.vdi --format VDI

If you have a server

dd if=/dev/{localdrivename} | ssh logonname@ipAddress "dd of=/media/bigdisk/p2vdrive.raw"

VBoxManage convertdd p2vdrive.raw p2vdrive.vdi --format VDI

 

And away you go..

GPO Precendence and GPO testing

 

Group Policy processing and precedence

The Group Policy objects (GPOs) that apply to a user (or computer) do not all have the same precedence. Settings that are applied later can override settings that are applied earlier.

Order of processing settings

This section provides details about the order in which Group Policy settings for users and computers are processed. For information about where the processing of policy settings fits into the framework of computer startup and user logon, see steps 3 and 8 in Startup and logon, in this topic.

Group Policy settings are processed in the following order:

1. Local Group Policy object—Each computer has exactly one Group Policy object that is stored locally. This processes for both computer and user Group Policy processing.
2. Site—Any GPOs that have been linked to the site that the computer belongs to are processed next. Processing is in the order that is specified by the administrator, on the Linked Group Policy Objects tab for the site in Group Policy Management Console (GPMC). The GPO with the lowest link order is processed last, and therefore has the highest precedence.
3. Domain—Processing of multiple domain-linked GPOs is in the order specified by the administrator, on the Linked Group Policy Objects tab for the domain in GPMC. The GPO with the lowest link order is processed last, and therefore has the highest precedence.
4. Organizational units—GPOs that are linked to the organisational unit that is highest in the Active Directory hierarchy are processed first, then GPOs that are linked to its child organisational unit, and so on. Finally, the GPOs that are linked to the organisational unit that contains the user or computer are processed.
5. At the level of each organisational unit in the Active Directory hierarchy, one, many, or no GPOs can be linked. If several GPOs are linked to an organisational unit, their processing is in the order that is specified by the administrator, on the Linked Group Policy Objects tab for the organizational unit in GPMC. The GPO with the lowest link order is processed last, and therefore has the highest precedence.

 

Using Gpresult

Displays the Resultant Set of Policy (RSoP) information for a remote user and computer. For examples of how this command can be used, see Examples.

gpresult [/s <COMPUTER> [/u <USERNAME> [/p [<PASSWORD>]]]] [/user [<TARGETDOMAIN>\]<TARGETUSER>] [/scope {user | computer}] {/r | /v | /z | [/x | /h] <FILENAME> [/f] | /?}

Parameters

/s <COMPUTER> Specifies the name or IP address of a remote computer. Do not use backslashes. The default is the local computer.

/u <USERNAME> Uses the credentials of the specified user to run the command. The default user is the user who is logged on to the computer that issues the command.

/p [<PASSWORD>] Specifies the password of the user account that is provided in the /u parameter. If /p is omitted, gpresult prompts for the password. /p cannot be used with /x or /h.

/user [<TARGETDOMAIN>\]<TARGETUSER> Specifies the remote user whose RSoP data is to be displayed.

/scope {user | computer} Displays RSoP data for either the user or the computer. If /scope is omitted, gpresult displays RSoP data for both the user and the computer.

[/x | /h] <FILENAME>  Saves the report in either XML (/x) or HTML (/h) format at the location and with the file name that is specified by the FILENAME parameter. Cannot be used with /u, /p, /r, /v, or /z.

/f Forces gpresult to overwrite the file name that is specified in the /x or /h option.

/r Displays RSoP summary data.

/v Displays verbose policy information. This includes detailed settings that were applied with a precedence of 1.

/z Displays all available information about Group Policy. This includes detailed settings that were applied with a precedence of 1 and higher.

/? Displays Help at the command prompt.

Examples

The following example displays RSoP data for the computer srvmain and the logged-on user. Data is included about both the user and the computer. The command is run with the credentials of the user maindom\hiropln, and p@ssW23 is entered as the password for that user.

gpresult /s servername/u domainname\username /p password/r

These two links comr from http://microsoft.com