Solved

Help with GPO not applying (specific to Computer Configuration settings)

Posted on 2011-03-18
5
444 Views
Last Modified: 2012-05-11
Hey everyone, I'd love some assistance with a problem I can't seem to get past; I've altered the Default Domain Policy to include entries for EFS Recovery Agents etc. at the following locations:

Computer Configuration\Windows Settings\Security Settings\Public Key Policies\Encrypting File System

Computer Configuration\Windows Settings\Security Settings\Public Key Policies\Trusted Root Certificates

Everything is great except that these settings do not seem to get pushed out to client machines. (mix of WinXP pro and Win7pro) I've run "gpupdate /force" on the servers (mix of 2k3, 2k3 R2, and 2008 R2) and run "gpupdate" on the clients but no luck. I've been working on this problem for over a day now, so I'm thinking that even without the gpupdate commands things should have updated by now.

Trying to track down the problem I ran RSOP based on the domain, and a particular computer I'm using as a guinea pig; both returned the expected result. I also looked at the syslog for that machine which showed that the GP configuration was updated successfully.

To make things more interesting I did a simple test by adding a new GPO and linking to the domain, then made a simple change in the User Configutation (placed a bookmark in IE); this policy updated on the client just fine. It seems that the user config is working but computer config is not...

Please let me know if anything jumps out as a possible cause or if any other quick checks come to mind, thanks in advance.
0
Comment
Question by:jostafew
  • 4
5 Comments
 
LVL 13

Expert Comment

by:BCipollone
ID: 35169165
Might want to try this:

"So, in the end, having all the computers in an OU linked to a GPO was not enough. I had to add the computers to a group within that OU, and then specify that group in the Security Filtering section"

Resource: http://www.petri.co.il/forums/showthread.php?t=23325

There is also an article that will take longer to read, but should help here: http://alsolorzano.com/blogs/tips__tricks/archive/2008/06/02/group-policy-preferences-in-a-windows-2003-domain-and-a-windows-2008-domain.aspx
0
 
LVL 3

Author Comment

by:jostafew
ID: 35169492
Hey BCipollone, thank you for the reply. I read over the article at petri.co and tried the same approach on my system;

Within the applicable OU for this site (Langley) I created a security group called Langley Computers and added the test computers to that group. Back in GP Management I added the new Langley Computers group to the list under Delegation and gave that group Read and Apply Group Policy permissions. After all that was another round of gpupdate /force on the server and gpupdate on the clients (Win XP pro and Win7 pro). Sadly still no luck.

I am going to go back and read the alsolorzano.com article now. Please let me know if you have any other thoughts.
0
 
LVL 3

Author Comment

by:jostafew
ID: 35183244
Still working on this problem.... I defined another test setting :

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Do not require CTRL+ALT+DEL

and that applied OK on both my XP and Win7 machine.... so that tells me that everything is working as it should (correctly linked to OU's, permissions OK etc.) but the machines just will not take the Public Key Policies!

Any other thoughts?
0
 
LVL 3

Accepted Solution

by:
jostafew earned 0 total points
ID: 35201384
A related thread has provided an answer to this problem; I was using gpedit.msc to view the status of the GPs being applied to the client machine. This was not giving the whole picture. Running rsop.msc confirmed that the GPOs were applied. I was also able to confirm the recovery agents' certificates being added to the encrypted files under the details section in the advanced properties of an encrypted file.

BCipollone thank you for your input.
0
 
LVL 3

Author Closing Comment

by:jostafew
ID: 35230095
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now