GPResult Usage Examples

  • List GPOs applied with summary data: gpresult /r
  • Just user settings: gpresult /r /scope:user
  • Just computer settings: gpresult /r /scope:computer
  • Export result to text file: gpresult /r > gpresult.txt
  • Export result to the clipboard: gpresult /r |clip
  • Specified non-admin user: gpresult /r /user:yourdomain\userfirst.userlast
  • Generate HTML report: gpresult /h report.html /user:yourdomain\userfirst.userlast /f
  • Remote computer: gpresult /s server1 /r

Force Logoff of a User Remotely

Occasionally there may be a need to force logoff a user from a remote workstation. Here’s how to do that:

This can be useful in larger office networks as it saves you a trip to the computer in question if you’re on a different floor, and this works for both workgroup and domain environments.

Query a User’s Mapped Drives, Logon Server, GPOs

If your company’s drive mapping GPOs are not functioning correctly, manual drive mapping may be a last resort, which often ends up in high inconsistency between what shares each user is using. One way you can start gaining control of the situation is to do a mass query to find out what drives each user has. While is would be quite nice to use PSExec and query each machine as its local system account, this will query mapped drives of the local system user, not the user you want. Thus, it must be done under the HKEY_CURRENT_USER security context, and the following script is one easy way to accomplish this.

## Title:           discovery.ps1
## Description:     Query for local mapped drives, logon server, and GPOs applied, and report to a uniquely named file using format MACHINE.DOMAIN.USER.txt. Also clears a problematic entry from the Credential Manager. Designed to be used as a logon script.
## Author:          Steven J. Borrelli
## Email: 
## Serial:          2018082900
## Version:         1.03

## Example usage:
## Place script in the NETLOGON folder of the domain controller and include the following command in your logon batch file.
## PowerShell.exe -noprofile -executionpolicy bypass -file %logonserver%\netlogon\discovery.ps1

# Location of export file
$folderpath = "\\fileserver\discovery\"

# File name structure
#$filename = [string]::Join(".",$env:COMPUTERNAME,$env:userdomain,$env:username,"txt") # use with Powershell 5.0
$filename = -join ($env:COMPUTERNAME,".",$env:userdomain,".",$env:username,".txt") # use with Powershell 2.0

# Full file path
$filepath = join-path -path $folderpath -childpath $filename

# See if file exists first
$checkfile = Test-Path $filepath

# If file doesn't already exist, get mapped drives and write to specified file
#if ($checkfile) {Write-Host "$filename exists!"} else {Get-WmiObject -Query "SELECT Caption, ProviderName FROM Win32_MappedLogicalDisk" | Select-Object @{ Name = 'DriveLetter'; Expression = { $_.Caption } }, @{ Name = 'NetworkPath'; Expression = { $_.ProviderName } } | Out-File $filepath}
Get-WmiObject -Query "SELECT Caption, ProviderName FROM Win32_MappedLogicalDisk" | Select-Object @{ Name = 'DriveLetter'; Expression = { $_.Caption } }, @{ Name = 'NetworkPath'; Expression = { $_.ProviderName } } | Out-File $filepath

# Identify the logon server and append to the file
echo "Logon Server: "$Env:LOGONSERVER | Out-File $filepath -Append

# Do a silent gpupdate of computer and user policies
echo n | gpupdate /force /wait:0 /target:computer
echo n | gpupdate /force /wait:0 /target:user

# List the GPOs and groups applied, and append it to the file
gpresult /r | Out-File $filepath -Append

# Clear problematic credentials if exist, but list it first
cmdkey /list | findstr server2 | Out-File $filepath -Append
cmdkey /list | ForEach-Object{if($_ -like "*Target:*" -and $_ -like "*server2*"){cmdkey /del:($_ -replace " ","" -replace "Target:","")}}

Find Domain Logon Session in PowerShell

This script is designed to search for a given username’s logon session within the entire pool of domain computers. This is very handy if you need to find out where a user is logged in at.

# ********************************************************************************
# Script Name: QueryUsersForLastLogon.ps1
# Version: 1.0
# Author: CRA
# Date: 13.01.15
# Location: 
# Applies to: Computers
# Description: This script searches for a specific, logged on user on all or 
# specific Computers by checking the process "explorer.exe" and its owner.
# ********************************************************************************

#Set variables
$progress = 0

#Get Admin Credentials
Function Get-Login {
Write-Host "Please provide admin credentials (for example DOMAIN\admin.user and your password)"
$Global:Credential = Get-Credential

#Get Username to search for
Function Get-Username {
	$Global:Username = Read-Host "Enter username you want to search for"
	if ($Username -eq $null){
		Write-Host "Username cannot be blank, please re-enter username!"
	$UserCheck = Get-ADUser $Username
	if ($UserCheck -eq $null){
		Write-Host "Invalid username, please verify this is the logon id for the account!"

#Get Computername Prefix for large environments
Function Get-Prefix {
	$Global:Prefix = Read-Host "Enter a prefix of Computernames to search on (CXX*) use * as a wildcard or enter * to search on all computers"

#Start search
$computers = Get-ADComputer -Filter {Enabled -eq 'true' -and SamAccountName -like $Prefix}
$CompCount = $Computers.Count
Write-Host "Searching for $Username on $Prefix on $CompCount Computers`n"

#Start main foreach loop, search processes on all computers
foreach ($comp in $computers){
	$Computer = $comp.Name
	$Reply = $null
  	$Reply = test-connection $Computer -count 1 -quiet
  	if($Reply -eq 'True'){
		if($Computer -eq $env:COMPUTERNAME){
			#Get explorer.exe processes without credentials parameter if the query is executed on the localhost
			$proc = gwmi win32_process -ErrorAction SilentlyContinue -computer $Computer -Filter "Name = 'explorer.exe'"
			#Get explorer.exe processes with credentials for remote hosts
			$proc = gwmi win32_process -ErrorAction SilentlyContinue -Credential $Credential -computer $Computer -Filter "Name = 'explorer.exe'"
			#If $proc is empty return msg else search collection of processes for username
			write-host "Failed to check $Computer!"
			ForEach ($p in $proc) {				
				$temp = ($p.GetOwner()).User
				Write-Progress -activity "Working..." -status "Status: $progress of $CompCount Computers checked" -PercentComplete (($progress/$Computers.Count)*100)
				if ($temp -eq $Username){
				write-host "$Username is logged on $Computer"
write-host "Search done!"

Using PSExec to Run Commands Remotely

Let’s say you want to sit at your desk and run commands on someone else’s machine. If you’re on a domain, you can do this quite easily with the third-party utility PSExec.

psexec -s \\server. cmd
That’s correct. There should be a dot at the end of the hostname. This is so it will be interactive with your local machine. If the dot is not present, it will just open a CMD window on the remote machine.

Deploy Logon Hours via PowerShell

## Title:			setlogonhours.ps1
## Description:		Deploy logon time restrictions individually based on group membership.
## Author:			Steven J. Borrelli
## Email:
## Date:			20180629
## Version:			1.01

# First things first
  Import-Module ActiveDirectory
if (-not (Get-Module ActiveDirectory)){

# Specify the AD Security Groups to use
$group1 = "LogonHrs1"
$group2 = "LogonHrs2"
$group3 = "LogonHrs3"
$groups = $group1,$group2,$group3

## Group 1 logon hours // 7:00 a.m. – 7:00 p.m. Monday – Friday, and 7:00 a.m. to 6:00 p.m. Saturday
[byte[]]$hours1 = @(0,0,0,0,224,255,1,224,255,1,224,255,1,224,255,1,224,255,1,224,255)

## Group 2 logon hours // 6:00 a.m. – 9:00 p.m. Monday – Sunday
[byte[]]$hours2 = @(7,240,255,7,240,255,7,240,255,7,240,255,7,240,255,7,240,255,7,240,255)

## Group 3 logon hours // 24 hours a day, 7 days per week
[byte[]]$hours3 = @(255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255)

Each day of the week has 3 blocks. Each block is 8 hours.
Segment 1: 6pm-2am; Segment 2: 2am-10am; Segment 3: 10am-6pm
Note: I am in CST. These segements may be mapped to different timeframes if you are in a different time zone.
Each 1 hour block in the GUI represents 1 bit in a binary octet, but reversed order. Thus, a decimal value of 7 (binary value of 00000111) would equate to the first three hours of a segment. If the 7 were in segment 3 it would equate to 10am-1pm.


[byte[]]$hours = @(
	255,255,255, #Sun, 6pm previous day to 6pm present day
	255,255,255, #Mon
	255,255,255, #Tue
	255,255,255, #Wed
	255,255,255, #Thu
	255,255,255, #Fri
	255,255,255  #Sat

# Iterate through group array
ForEach ($group in $groups) {

	# Retrieve a list of members for the current group
	#$membernames = Get-ADGroupMember -Identity $group -Recursive | Select -ExpandProperty Name
	$members = Get-ADGroupMember -Identity $group -Recursive | Select -ExpandProperty samAccountName
	# Iterate through each member of the current group
	ForEach ($member in $members) {
		switch ($group) {
			$group1 {
				Get-ADUser -Identity $member |
				Set-ADUser -Replace @{logonhours = $hours1}
				Write-Host "Setting GROUP 1 logon times for $member, a member of group $group."
			$group2 {
				Get-ADUser -Identity $member |
				Set-ADUser -Replace @{logonhours = $hours2}
				Write-Host "Setting GROUP 2 logon times for $member, a member of group $group."
			$group3 {
				Get-ADUser -Identity $member |
				Set-ADUser -Replace @{logonhours = $hours3}
				Write-Host "Setting GROUP 3 logon times for $member, a member of group $group."

Change O365 Desktop License

There may come a time when you need to re-license an O365 desktop installation, e.g. if it was licensed to a user who is no longer at the company and needs to be updated. You can uninstall and then reinstall under the correct user (by downloading from that user’s Office portal, or you can actually change how the installed software is licensed by doing the following.

  • Remove the Identities folder from the Registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\Identities and delete the “Identities” folder
  • Run as Administrator: cscript.exe "%ProgramFiles(x86)%\Microsoft Office\Office16\ospp.vbs" /dstatus
  • Run as Administrator: cscript.exe "%ProgramFiles(x86)%\Microsoft Office\Office16\ospp.vbs" /unpkey:XXXXX

Additionally, do this to remove the “Belongs to:” (example) from the Account properties in the Office programs.

  • Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration and remove the contents of the O365ProPlusRetail.EmailAddress string.

Windows 10 Settings App

Launch the Windows Settings app

Important APIs

Learn how to launch the Windows Settings app. This topic describes the ms-settings: URI scheme. Use this URI scheme to launch the Windows Settings app to specific settings pages.

Launching to the Settings app is an important part of writing a privacy-aware app. If your app can’t access a sensitive resource, we recommend providing the user a convenient link to the privacy settings for that resource. For more info, see Guidelines for privacy-aware apps.

How to launch the Settings app

To launch the Settings app, use the ms-settings: URI scheme as shown in the following examples.

In this example, a Hyperlink XAML control is used to launch the privacy settings page for the microphone using the ms-settings:privacy-microphoneURI.

<!--Set Visibility to Visible when access to the microphone is denied -->
<TextBlock x:Name="LocationDisabledMessage" FontStyle="Italic"
                 Visibility="Collapsed" Margin="0,15,0,0" TextWrapping="Wrap" >
          <Run Text="This app is not able to access the microphone. Go to " />
              <Hyperlink NavigateUri="ms-settings:privacy-microphone">
                  <Run Text="Settings" />
          <Run Text=" to check the microphone privacy settings."/>

Alternatively, your app can call the LaunchUriAsync method to launch the Settings app. This example shows how to launch to the privacy settings page for the camera using the ms-settings:privacy-webcam URI.

bool result = await Windows.System.Launcher.LaunchUriAsync(new Uri("ms-settings:privacy-webcam"));

The code above launches the privacy settings page for the camera:

camera privacy settings.

For more info about launching URIs, see Launch the default app for a URI.

ms-settings: URI scheme reference

Use the following URIs to open various pages of the Settings app.

Note that whether a settings page is available varies by Windows SKU. Not all settings page available on Windows 10 for desktop are available on Windows 10 Mobile, and vice-versa. The notes column also captures additional requirements that must be met for a page to be available.


Settings Page URI
Access work or school ms-settings:workplace
Email & app accounts ms-settings:emailandaccounts
Family & other people ms-settings:otherusers
options ms-settings:signinoptions
Sync your settings ms-settings:sync
Your info ms-settings:yourinfo


Settings Page URI
Apps & Features ms-settings:appsfeatures
App features ms-settings:appsfeatures-app (Reset, manage add-on & downloadable content, etc. for the app)
Apps for websites ms-settings:appsforwebsites
Default apps ms-settings:defaultapps
Manage optional features ms-settings:optionalfeatures
Startup apps ms-settings:startupapps


Settings Page URI
Cortana Permissions & History ms-settings:cortana-permissions
More details ms-settings:cortana-moredetails
Notifications ms-settings:cortana-notifications
Talk to Cortana ms-settings:cortana-language


Settings Page URI
Audio and speech ms-settings:holographic-audio (only available if the Mixed Reality Portal app is installed–available in the Microsoft Store)
AutoPlay ms-settings:autoplay
Bluetooth ms-settings:bluetooth
Connected Devices ms-settings:connecteddevices
Default camera ms-settings:camera
Mouse & touchpad ms-settings:mousetouchpad (touchpad settings only available on devices that have a touchpad)
Pen & Windows Ink ms-settings:pen
Printers & scanners ms-settings:printers
Touchpad ms-settings:devices-touchpad (only available if touchpad hardware is present)
Typing ms-settings:typing
USB ms-settings:usb
Wheel ms-settings:wheel (only available if Dial is paired)
Your phone ms-settings:mobile-devices

Ease of Access

Settings Page URI
Audio ms-settings:easeofaccess-audio
Closed captions ms-settings:easeofaccess-closedcaptioning
Display ms-settings:easeofaccess-display
Eye control ms-settings:easeofaccess-eyecontrol
Fonts ms-settings:fonts
High contrast ms-settings:easeofaccess-highcontrast
Holographic headset ms-settings:holographic-headset (requires holographic hardware)
Keyboard ms-settings:easeofaccess-keyboard
Magnifier ms-settings:easeofaccess-magnifier
Mouse ms-settings:easeofaccess-mouse
Narrator ms-settings:easeofaccess-narrator
Other options ms-settings:easeofaccess-otheroptions
Speech ms-settings:easeofaccess-speechrecognition


Settings Page URI
Extras ms-settings:extras (only available if “settings apps” are installed, e.g. by a 3rd party)


Settings Page URI
Broadcasting ms-settings:gaming-broadcasting
Game bar ms-settings:gaming-gamebar
Game DVR ms-settings:gaming-gamedvr
Game Mode ms-settings:gaming-gamemode
Playing a game full screen ms-settings:quietmomentsgame
TruePlay ms-settings:gaming-trueplay
Xbox Networking ms-settings:gaming-xboxnetworking

Home page

Settings Page URI
Settings home page ms-settings:

Network, wireless & internet

Settings Page URI
Airplane mode ms-settings:network-airplanemode (use ms-settings:proximity on Windows 8.x)
Cellular & SIM ms-settings:network-cellular
Data usage ms-settings:datausage
Dial-up ms-settings:network-dialup
DirectAccess ms-settings:network-directaccess (only available if DirectAccess is enabled)
Ethernet ms-settings:network-ethernet
Manage known networks ms-settings:network-wifisettings
Mobile hotspot ms-settings:network-mobilehotspot
NFC ms-settings:nfctransactions
Proxy ms-settings:network-proxy
Status ms-settings:network-status
VPN ms-settings:network-vpn
Wi-Fi ms-settings:network-wifi (only available if the device has a wifi adapter)
Wi-Fi Calling ms-settings:network-wificalling (only available if Wi-Fi calling is enabled)


Settings Page URI
Background ms-settings:personalization-background
Choose which folders appear on Start ms-settings:personalization-start-places
Colors ms-settings:personalization-colors
Glance ms-settings:personalization-glance
Lock screen ms-settings:lockscreen
Navigation bar ms-settings:personalization-navbar
Personalization (category) ms-settings:personalization
Start ms-settings:personalization-start
Sounds ms-settings:sounds
Task Bar ms-settings:taskbar
Themes ms-settings:themes


Settings Page URI
Accessory apps ms-settings:privacy-accessoryapps
Account info ms-settings:privacy-accountinfo
Activity history ms-settings:privacy-activityhistory
Advertising ID ms-settings:privacy-advertisingid
App diagnostics ms-settings:privacy-appdiagnostics
Automatic file downloads ms-settings:privacy-automaticfiledownloads
Background Apps ms-settings:privacy-backgroundapps
Calendar ms-settings:privacy-calendar
Call history ms-settings:privacy-callhistory
Camera ms-settings:privacy-webcam
Contacts ms-settings:privacy-contacts
Documents ms-settings:privacy-documents
Email ms-settings:privacy-email
Eye tracker ms-settings:privacy-eyetracker (requires eyetracker hardware)
Feedback & diagnostics ms-settings:privacy-feedback
File system ms-settings:privacy-broadfilesystemaccess
General ms-settings:privacy-general
Location ms-settings:privacy-location
Messaging ms-settings:privacy-messaging
Microphone ms-settings:privacy-microphone
Motion ms-settings:privacy-motion
Notifications ms-settings:privacy-notifications
Other devices ms-settings:privacy-customdevices
Pictures ms-settings:privacy-pictures
Phone calls ms-settings:privacy-phonecall
Radios ms-settings:privacy-radios
Speech, inking & typing ms-settings:privacy-speechtyping
Tasks ms-settings:privacy-tasks
Videos ms-settings:privacy-videos

Surface Hub

Settings Page URI
Accounts ms-settings:surfacehub-accounts
Session cleanup ms-settings:surfacehub-sessioncleanup
Team Conferencing ms-settings:surfacehub-calling
Team device management ms-settings:surfacehub-devicemanagenent
Welcome screen ms-settings:surfacehub-welcome


Settings Page URI
About ms-settings:about
Advanced display settings ms-settings:display-advanced (only available on devices that support advanced display options)
Battery Saver ms-settings:batterysaver (only available on devices that have a battery, such as a tablet)
Battery Saver settings ms-settings:batterysaver-settings (only available on devices that have a battery, such as a tablet)
Battery use ms-settings:batterysaver-usagedetails (only available on devices that have a battery, such as a tablet)
Display ms-settings:display
Default Save Locations ms-settings:savelocations
Display ms-settings:screenrotation
Duplicating my display ms-settings:quietmomentspresentation
During these hours ms-settings:quietmomentsscheduled
Encryption ms-settings:deviceencryption
Focus assist ms-settings:quiethours
Graphics Settings ms-settings:display-advancedgraphics (only available on devices that support advanced graphics options)
Messaging ms-settings:messaging
Multitasking ms-settings:multitasking
Night light settings ms-settings:nightlight
Offline Maps ms-settings:maps
Phone ms-settings:phone-defaultapps
Projecting to this PC ms-settings:project
Shared experiences ms-settings:crossdevice
Tablet mode ms-settings:tabletmode
Taskbar ms-settings:taskbar
Notifications & actions ms-settings:notifications
Remote Desktop ms-settings:remotedesktop
Phone ms-settings:phone
Power & sleep ms-settings:powersleep
Storage ms-settings:storagesense
Storage Sense ms-settings:storagepolicies
Video playback ms-settings:videoplayback

Time and language

Settings Page URI
Date & time ms-settings:dateandtime
Japan IME settings ms-settings:regionlanguage-jpnime (available if the Microsoft Japan input method editor is installed)
Pinyin IME settings ms-settings:regionlanguage-chsime-pinyin (available if the Microsoft Pinyin input method editor is installed)
Region & language ms-settings:regionlanguage
Speech Language ms-settings:speech
Wubi IME settings ms-settings:regionlanguage-chsime-wubi (available if the Microsoft Wubi input method editor is installed)

Update & security

Settings Page URI
Activation ms-settings:activation
Backup ms-settings:backup
Delivery Optimization ms-settings:delivery-optimization
Find My Device ms-settings:findmydevice
Recovery ms-settings:recovery
Troubleshoot ms-settings:troubleshoot
Windows Defender ms-settings:windowsdefender
Windows Hello setup ms-settings:signinoptions-launchfaceenrollment
Windows Insider Program ms-settings:windowsinsider (only present if user is enrolled in WIP)
Windows Update ms-settings:windowsupdate
Windows Update-Advanced options ms-settings:windowsupdate-options
Windows Update-Restart options ms-settings:windowsupdate-restartoptions
Windows Update-View update history ms-settings:windowsupdate-history


Settings Page URI
For developers ms-settings:developers

User Accounts

Settings Page URI
Provisioning ms-settings:workplace-provisioning (only available if enterprise has deployed a provisioning package)
Provisioning ms-settings:provisioning (only available on mobile and if the enterprise has deployed a provisioning package)
Windows Anywhere ms-settings:windowsanywhere (device must be Windows Anywhere-capable)