Help with GPO not applying (specific to Computer Configuration settings)
Posted on 2011-03-18
Hey everyone, I'd love some assistance with a problem I can't seem to get past; I've altered the Default Domain Policy to include entries for EFS Recovery Agents etc. at the following locations:
Computer Configuration\Windows Settings\Security Settings\Public Key Policies\Encrypting File System
Computer Configuration\Windows Settings\Security Settings\Public Key Policies\Trusted Root Certificates
Everything is great except that these settings do not seem to get pushed out to client machines. (mix of WinXP pro and Win7pro) I've run "gpupdate /force" on the servers (mix of 2k3, 2k3 R2, and 2008 R2) and run "gpupdate" on the clients but no luck. I've been working on this problem for over a day now, so I'm thinking that even without the gpupdate commands things should have updated by now.
Trying to track down the problem I ran RSOP based on the domain, and a particular computer I'm using as a guinea pig; both returned the expected result. I also looked at the syslog for that machine which showed that the GP configuration was updated successfully.
To make things more interesting I did a simple test by adding a new GPO and linking to the domain, then made a simple change in the User Configutation (placed a bookmark in IE); this policy updated on the client just fine. It seems that the user config is working but computer config is not...
Please let me know if anything jumps out as a possible cause or if any other quick checks come to mind, thanks in advance.