The RSoP (Resultant Set of Policy) is very useful when you need to understand which particular GPO will be applied to the computer. You can use the standard Windows snap-in to view the DeviceLock policy currently being applied, as well as to predict the policy to be applied to a computer.
This article contains instructions on generating the RSoP report.
To generate RSoP report, start MMC and add the Resultant Set of Policy snap-in manually:
1. Run 'mmc' from the command line or use the Run menu to execute this command;
2. On the 'File' menu, click 'Add/Remove' snap-in;
3. Select 'Resultant Set of Policy' from the list, then click 'Add'. Click 'OK' to add the snap-in;
4. In the console tree, select 'Resultant Set of Policy'. Click 'More actions' -> 'Generate RSoP Data'. Go through the 'Resultant Set of Policy' wizard to obtain RSoP information from the selected computer:
4.2.Select the mode you need. 'Logging' will let you see what policy is currently being applied, while 'Planning' mode will show what will be done via GP after reboot. We will need 'Logging' mode;
4.3.Choose the computer you want to see. It can be either local computer or a remote one;
4.4.Check the last choice, so you can see policy for the computer (not for a specific user);
4.5.Click 'Next' and wait until all data will be collected;
5. Expand the 'Computer Configuration' container, and then select DeviceLock.
*You cannot modify the policy using RSoP, – all parameters are in the read-only mode.
**For more information on Resultant Set of Policy, please refer to the Microsoft’s on-line article: http://technet.microsoft.com/en-us/library/cc775741%28WS.10%29.aspx.