Solved

GPO adm template not staying unchecked

Posted on 2010-09-02
7
423 Views
Last Modified: 2012-06-27
I have added a custom adm template to redirect users favorites folder.  I have to uncheck the "Only show policy settings that can be fully managed" box to get setting to appear in the GPO.  It works great "once".  I log on and the setting is applied correctly.  The problem is if I go into the registry and change my favorites setting under User Shell folders and re-logon, it doesn't get reapplied.  I go back to my GPO and have to uncheck the box again, then re-logon to get the setting applied again.

Is there anyway for this adm to work on every login without having to go into the GPO and uncheck the "Only show policy settings that can be fully managed" box everytime?
0
Comment
Question by:RFiorini
  • 3
  • 3
7 Comments
 
LVL 7

Expert Comment

by:ieden
ID: 33587746
enforce the policy.
0
 

Author Comment

by:RFiorini
ID: 33587774
The policy is enforced.
0
 
LVL 16

Expert Comment

by:Spike99
ID: 33588228
The "only show policy setitngs that can be fully managed" is always checked by default.  I don't think there's anything you can do to change it, though.

However, I don't think it's any cause for concern: that setting only affects which policies you see when you edit the GPO: it has no impact on how the GPO is applied.  It's intensely annoying that you have to change the view setting every time you edit GPOs, but that's just the way it works.

Is the GPO linked to the user OU or the server OU? If it's linked to the server OU, be sure that you have loopback policy processing of group policy enabled otherwise the policy won't be applied.  Here's some info on that:
     http://support.microsoft.com/kb/231287

You might want to run GPRESULT in a DOS window to see what policies are being applied.  Here's the MS technet article on how to run GPRESULT from the command line:
   http://technet.microsoft.com/en-us/library/cc755461%28WS.10%29.aspx

Alicia
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:RFiorini
ID: 33588898
Thanks Alicia for you response.  This is all about redirecting folders.  Tried through GPO.  Sometimes it works, other times not.  Tried through scripts to import registry keys, again, sometimes and sometimes not.  Tried with adm template, again, same pattern.  Does Microsoft do anything that works the same way all the time?  And this all came about because the mapping of a users home directory through the Active Directory sometimes falls short of mapping to the users directory and winds up mapping to the root share.  I'd be seriously chasing my tail if I had one.

Anyway, thanks again for your response.

Bob
0
 
LVL 7

Accepted Solution

by:
ieden earned 500 total points
ID: 33649275
I've found that modifying certain defaults in Windows the application of folder redirection can be adversly affected.
1. The HDD needs to be NTFS
2. The My Documents folder needs to be in the Users profile.
3. The Temporary Internet Files folder needs to be in the Local Settings directory of the users profile.
4. Profile must be owned by the user and not a group.
0
 

Author Comment

by:RFiorini
ID: 33649582
Thanks ieden.  I'll give all that a try.
0
 
LVL 7

Expert Comment

by:ieden
ID: 33649737
Also in the policy you might want to enable loopback processing.
Setting permissions on redirected folders can be pretty tricky too.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now