Dueling GPO's, computer portion not being applied.
Posted on 2010-11-19
Ok so I have a default Domain GPO that's been working perfectly for years now. I've had an MIS GPO for that long as well, but until yesterday it only contained User components which were applied just fine.
My goal here was to distribute a pair of powershell scripts and matching batch files to initiate them to the members of IT's computers.
So what I did was I added:
Computer Config/Admin template/powershell/Execution Policy Allow All Scripts.
Computer Config/Admin template/Group Policy/Loopback enabled - merge
User Config/Software/Assigned Apps/msxml core 6.0 and quest active roles ad mgmt
User config/Windows Settings/Scripts/Logon/copy-script.bat (which copied the files to a folder on c:)
Now rebooting as a test both of the assigned apps were installed upon logon, but loopback more didnt get applied nor did the execution policy.
Looking at gpresult is worthless, at the top where Computer Config starts, the list of applied gpo's does not include the MIS one, the list of Denied GPO's doesnt either.
Now the Scope of this GPO for Locations are both IT Computers and IT Staff. One containing our computer accounts, the other our user accounts.. and Security filtering is for Authenticated Users and the GPO is linked in both containers.
On a whim I disabled this one since it was originally created back on Windows 2003 (now all of my DC's are 2008), but the same issues are happening.
Can anyone tell me what I'm doing wrong here?
Also should any subsequent GPO created for a specific OU have loopback enabled so the domain default doesnt get overwritten?
And lastly how can I get that logons cript, which is just a batch file to copy files into the windows/users or windows/system32 folders w/o complaing about permissions?