C:\Windows\system32>gpresult /V
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 2/10/2010 at 10:27:41 AM
RSOP data for OQMSupport01\- on OQMSUPPORT01 : Logging Mode
------------------------------------------------------------
OS Configuration: Standalone Workstation
OS Version: 6.1.7600
Site Name: N/A
Roaming Profile: N/A
Local Profile: C:\Users\-
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
Last time Group Policy was applied: 2/10/2010 at 10:16:09 AM
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps
Domain Name: OQMSUPPORT01
Domain Type: <Local Computer>
Applied Group Policy Objects
-----------------------------
N/A
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The computer is a part of the following security groups
-------------------------------------------------------
System Mandatory Level
Everyone
Debugger Users
IIS_WPG
SQLServer2005MSSQLUser$OQMSUPPORT01$ACT7
SQLServerMSSQLServerADHelperUser$OQMSUPPORT01
BUILTIN\Users
NT AUTHORITY\SERVICE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
BDESVC
BITS
CertPropSvc
EapHost
hkmsvc
IKEEXT
iphlpsvc
LanmanServer
MMCSS
MSiSCSI
RasAuto
RasMan
RemoteAccess
Schedule
SCPolicySvc
SENS
SessionEnv
SharedAccess
ShellHWDetection
wercplsupport
Winmgmt
wuauserv
LOCAL
BUILTIN\Administrators
USER SETTINGS
--------------
Last time Group Policy was applied: 2/10/2010 at 10:00:51 AM
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps
Domain Name: OQMSupport01
Domain Type: <Local Computer>
The user is a part of the following security groups
---------------------------------------------------
None
Everyone
Debugger Users
HomeUsers
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
NTLM Authentication
High Mandatory Level
The user has the following security privileges
----------------------------------------------
Bypass traverse checking
Manage auditing and security log
Back up files and directories
Restore files and directories
Change the system time
Shut down the system
Force shutdown from a remote system
Take ownership of files or other objects
Debug programs
Modify firmware environment values
Profile system performance
Profile single process
Increase scheduling priority
Load and unload device drivers
Create a pagefile
Adjust memory quotas for a process
Remove computer from docking station
Perform volume maintenance tasks
Impersonate a client after authentication
Create global objects
Change the time zone
Create symbolic links
Increase a process working set
或者,如果您使用 ActiveDirectory PowerShell 模块(或使用远程服务器管理工具的客户端操作系统)登录到 Windows 服务器操作系统,请尝试使用Get-ADPrincipalGroupMembershipcmdlet:
C:\Users\username\Documents> Get-ADPrincipalGroupMembership username | Select name
name
----
Domain Users
All
Announcements
employees_US
remotes
ceo-report
all-engineering
not-sales
Global-NotSales
尝试以计算机管理员身份从命令行运行
gpresult /RRSoP 摘要或详细输出。gpresult /V它应该输出如下内容:或者,如果您使用 ActiveDirectory PowerShell 模块(或使用远程服务器管理工具的客户端操作系统)登录到 Windows 服务器操作系统,请尝试使用
Get-ADPrincipalGroupMembershipcmdlet:利用
如果我没记错的话,这不仅应该列出安全组,还应该列出通讯组(这也可能有助于了解)。还负责嵌套,即您在 B 中的 A 组中,因此它也向 B 中显示您(我再次尝试在这里回忆细节)。
在本机的 Vista 和 Win7 中,对于 XP,您可能需要 sp2 支持工具(当然,这也需要您有足够的权限来安装它们)。 http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38&displaylang=en
我认为您可以在 cmd 窗口中编写:
替换
USERNAME为您自己的用户名,不带域前缀。开始 - 运行 - CMD - GPRESULT /r 就足够了 -> 就 AD 而言,您不需要显示完整的“/v”来将组财物可视化为客户端用户(当然在 Windows 7 下,但我'不确定winxp)
如果您无权访问 AD:
开始 - 运行 - CMD - GPRESULT /v
您将在最后看到: 用户属于以下安全组
如果您正在寻找速度,那么 gpresult 会很慢......特别是如果应用了很多 GPO。
只需运行以下之一,一个用于本地组,另一个用于域组:-
本地 - 'c:\windows\system32\net.exe localgroup' + '要检查的组名'
域 - 'c:\windows\system32\net.exe group /domain' + '要检查的组名'
然后解析您要查找的用户名的输出,因为结果将列出该组中的用户。希望这可以帮助。