[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 135
  • Last Modified:

Group Policy


I have 2000 client systems and while working with GP , one of our engr has set proxy server address and port thro' GP . We have a mixed environment and users use diffrent proxies depending on the project . Sensing the trouble we jus disabled the user configuration part in GP and later unchecked proxy setting and then enabled user configuration . But still we coukld see that proxy settings are getting resetted to the address we set in Default policy . Please let me know how to go back to the original seetings safely.

Currently user configuration is kept disabled .

Sailor Song
3 Solutions
Naser GabajE&P Software Implementation SpecialistCommented:
Did he applied the GP on the domain level, if this the case, then it's better to deny applying the policy on the specific user groups or OU's, here is the steps:

In the Domain Controller

START>PROGRAMS>ADMINISTRATIVE TOOLS>ACTIVE USERS & COMPUTERS>right click DOMAIN>PROPERTIES>GROUP POLICY>click once on the group policy that he made the changes>PROPERTIES>SECURITY>in the name section of security window choose the domain users>and in the permissions section choose APPLY GROUP POLICY>check DENY

I hope this will help you.


Nirmal SharmaSolution ArchitectCommented:
You have many options to know from where the group policy settings are comming.

1. Install GMPC and RSOP.
2. Check with gpresult.exe
3. Enable Profile Logging on user's machine.

How to enable Profile Logging: -

Let me know.

salioursongAuthor Commented:
HI Naser ,

Policy is applied on the domain level.

Hi sys,

Since the default user policy is disabled now , I may not be able to check this . As soon as
I enable the user policy proxy settings get greyed out from users sytems.

I have created another OU and planned move all systems to that OU . But the user policy is not getting applied on clients . (Block inheritence is enbaled) . I guess its due to that disabled user policy in domain level.

So I have to repair that default policy.
yes just set the default domain policy as it was before and WAIT FOR APPLYing as it takes some time (you can try gpudate /force on the machines)
Nirmal SharmaSolution ArchitectCommented:
>>>I guess its due to that disabled user policy in domain level.

Not at all. A Disabled GPO is not applied at all but the changes are refreshed after 90 minutes on clients and 5 minutes on domain controllers. So i think you have already passed four or more hours and policies are still not applying. Better you run the tool i suggested so that you will come to know from where the settings are comming. You can also enable User Profile Logging which is usefull to know the GPO version being applied.

>>>So I have to repair that default policy.

What will you repair in it? What is there to repair in it? If the settings are applied when you Enable this GPO then you do not need to do anything. Do one thing...set "DISABLE" on the Default Domain Policy and you have created one GPO on a new OU so set "BLOCK POLICY INHERITENCE" on this GPO. Try.

Let me know.

Featured Post

[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now