FleX3DesignsFleX3Designs
Back to Software
GPO Impact Analyzer logo
FreeC#v1.0.0Windows x64

GPO Impact Analyzer

Read-only Group Policy diagnostics for Windows admins

GPO Impact Analyzer is a portable, read-only Windows diagnostic tool for understanding how Group Policy is applying on a workstation. It collects local policy evidence, summarizes applied and denied GPOs, records detected policy effects and timings, and packages the results into static reports that can be reviewed without changing the machine.

Download EXEView GitHubRelease Notes

What It Does

  • Static HTML report with JSON, CSV, and raw evidence outputs.
  • Applied and denied GPO review with policy effect summaries.
  • Warnings, timing data, and change tracking since the previous run.
  • Portable executable with GUI and headless collection modes.

Good For

  • Review effective Group Policy before or after a workstation change.
  • Package evidence for help desk, escalation, or audit review.
  • Run a quiet collection from a script and copy the report bundle to a share.

How It Works

  • Collects local Group Policy evidence from the target Windows machine.
  • Builds an offline report bundle without editing policy, registry, services, or scheduled tasks.
  • Can optionally include current-user context, system context, zip packaging, and share copy output.
Command Line

Command-Line and Automation Notes

The same executable supports a headless collect command for scripted diagnostics.

Run a quiet collection

.\GPOImpactAnalyzer.exe collect --quiet --timeout-seconds 180

Create a zipped report bundle

.\GPOImpactAnalyzer.exe collect --zip --quiet

Send output to a folder and open the report

.\GPOImpactAnalyzer.exe collect --output "C:\Temp\GPOImpact" --open-report

Common Commands and Switches

--domain--output--include-current-user--no-current-user--include-system-context--zip--no-zip--open-report--copy-to-share--quiet--timeout-seconds

Exit Codes

  • 0: Success.
  • 10: Collection completed with warnings.
  • 20: Partial user-context collection.
  • 30: SYSVOL unavailable.
  • 40: Share copy failure.
  • 1-9: Critical failure.

Safety and Scope

  • Read-only by design.
  • Does not run gpupdate, remediate policy, install services, or edit the registry.