Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 235
  • Last Modified:

Problem with GPO, trying to allow an application to run

Helloe,

We have a domain GP that only allows certain programs to run on user's machines. It works great, recently we purchased an internal chat system and we want to allow users to run. I edited the GPO and entered the program path in the allowed applications (Like I do for other programs), when I login as the user and try to run the program it gives me this message: "The operation has been cancelled due to restritcion on this computer, please contact your system administrator". I am sure I am entering the correct path. Any ideas why this is not working?

Thanks
0
htabbach
Asked:
htabbach
  • 3
  • 2
  • 2
1 Solution
 
zelron22Commented:
Have you run GPUPDATE /FORCE and/or rebooted the machine?  If it's a machine based policy it gets applied on boot up.

Have you done a gp results query for a user and machine in the GPMC?
0
 
htabbachAuthor Commented:
It is a domin GP and not local machine one, I thought you did not need to reboot the server after updating the GP, right?
0
 
zelron22Commented:
It's a domain gp, but it's being applied to your computers, correct?  Or are your users logging onto your server?  You don't need to reboot the server unless you're applying a computer policy to the server.  If you're applying the policy to the entire domain, then unless you've excluded your servers through the security tab of the policy, then they will get the policy too when they reboot.

In order for a workstation to update a Group Policy that is applied to it it needs to be rebooted.  Using GPUPDATE /FORCE makes it check to see if there's been a change to Group Policies that apply to that workstation and if a computer based policy has changed, it'll tell you it needs a reboot.  In any case, the machine needs to be rebooted for a new computer policy to be applied.  User policies get applied at logon.

When you create and apply a group policy to a workstation (or server for that matter) anything specified in the policy overrides the local policy.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
htabbachAuthor Commented:
I restarted the user machine that did not help. Also, I am setting the rule in the user configuration and not the computer.
0
 
SolarisCitizenCommented:
Make sure that the user is in the OU where the group policy you want to enforce is enabled.
Run gpresult from command line when logged on as affected user and check if the policy you edited is applied.

group policy refreshes every 90mins +random 30mins automatically so to make sure it is applied properly run gpupdate /force .

If it still doesn't work
-check if the user is in proper OU (where the policy is linked and enforced)
-check the scope of the gp (user should be a member of defined here group)

0
 
htabbachAuthor Commented:
I know that the policy is enforced because all other allowed programs run, the user is in the correct OU. I cannot run command line under their profile.
0
 
SolarisCitizenCommented:
You can run comman line when the user is loggen on by for example:
creating shortcut to cmd.exe on the desktop > right click the ishortcut and select Run AS >
enter details of local admin account or domain admin account >
You should have command line  open when you can try gpresult , gpupdate /force .
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now