Problem with GPO, trying to allow an application to run


We have a domain GP that only allows certain programs to run on user's machines. It works great, recently we purchased an internal chat system and we want to allow users to run. I edited the GPO and entered the program path in the allowed applications (Like I do for other programs), when I login as the user and try to run the program it gives me this message: "The operation has been cancelled due to restritcion on this computer, please contact your system administrator". I am sure I am entering the correct path. Any ideas why this is not working?

Who is Participating?
SolarisCitizenConnect With a Mentor Commented:
You can run comman line when the user is loggen on by for example:
creating shortcut to cmd.exe on the desktop > right click the ishortcut and select Run AS >
enter details of local admin account or domain admin account >
You should have command line  open when you can try gpresult , gpupdate /force .
Have you run GPUPDATE /FORCE and/or rebooted the machine?  If it's a machine based policy it gets applied on boot up.

Have you done a gp results query for a user and machine in the GPMC?
htabbachAuthor Commented:
It is a domin GP and not local machine one, I thought you did not need to reboot the server after updating the GP, right?
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

It's a domain gp, but it's being applied to your computers, correct?  Or are your users logging onto your server?  You don't need to reboot the server unless you're applying a computer policy to the server.  If you're applying the policy to the entire domain, then unless you've excluded your servers through the security tab of the policy, then they will get the policy too when they reboot.

In order for a workstation to update a Group Policy that is applied to it it needs to be rebooted.  Using GPUPDATE /FORCE makes it check to see if there's been a change to Group Policies that apply to that workstation and if a computer based policy has changed, it'll tell you it needs a reboot.  In any case, the machine needs to be rebooted for a new computer policy to be applied.  User policies get applied at logon.

When you create and apply a group policy to a workstation (or server for that matter) anything specified in the policy overrides the local policy.
htabbachAuthor Commented:
I restarted the user machine that did not help. Also, I am setting the rule in the user configuration and not the computer.
Make sure that the user is in the OU where the group policy you want to enforce is enabled.
Run gpresult from command line when logged on as affected user and check if the policy you edited is applied.

group policy refreshes every 90mins +random 30mins automatically so to make sure it is applied properly run gpupdate /force .

If it still doesn't work
-check if the user is in proper OU (where the policy is linked and enforced)
-check the scope of the gp (user should be a member of defined here group)

htabbachAuthor Commented:
I know that the policy is enforced because all other allowed programs run, the user is in the correct OU. I cannot run command line under their profile.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.