Solved

GPO User Configuration settings not being applied to Core servers

Posted on 2011-09-12
6
443 Views
Last Modified: 2013-11-05
I have a GPO that includes both computer and user configuration settings but only the computer setting get applied to servers running core installations. Running RSoP or GPresult on the full installation servers shows both the computer and user settings from the policy applied. On the core servers, all of the computer settings from the policy are there but the user configuration area shows no settings defined. Is this normal behavior for core servers? If not, what could be causing the user settings from the policy to be skipped or denied?  The core servers in question are a domain controller/DNS server and a certificate authority and neither has any other roles installed. The only features installed are WoW64 Support (installed on both) and .NET Framework (only on the DC).
0
Comment
Question by:MehtaJasmin
6 Comments
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36527665
Ran this cmd and check if displays both user and computer setting gpresult /user targetusername /scope computer /r

e.g gpresult /user noc /scope computer /r.....Where noc is the userid

You have to open your command prompt with elevated privileges. (you can do this by right clicking the command prompt application and selecting 'Run As Administrator') and execute the above command.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 36527764
Sorry if I'm pointing out the obvious - but which OU have the user policies been applied to.

The user policies will only be applied if
a) the user account is in the OU to which the policy is applied    and
b) if a user from that OU has actually logged on
0
 

Author Comment

by:MehtaJasmin
ID: 36529868
The policy is linked to the Domain Controllers OU, which is where the core servers live. It is also linked to my Servers OU, where all of the full installation R2 servers are. There are no user accounts in either OU, but RSoP reports show the user settings from the policy being applied to all of the servers in the Servers OU and none of the servers in the Domain Controllers OU. When I run the gpresult command as listed in the post above, the policy in question shows in the applied group policy objects list on all servers. When I change the scope to user, only the full installations show the policy being applied; the core servers only show the default domain policy in the applied list.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 76

Expert Comment

by:arnold
ID: 36529996
What are the filtering settings on the GPO?
Authenticated users or something else?
Use GPMC and run group policy wizard on the system with reference to the user and it will tell you what is being applied and why something is not being applied.

Only domain controllers should be in the domain controller OU.
There is the default domain controller policy which might be setting and enforcing the settings you want this GPO to do.
0
 

Accepted Solution

by:
MehtaJasmin earned 0 total points
ID: 36530346
Found an article on the vat of knowledge website that resolved my issue:

http://www.vatofknow.com/archives/325

So, loopback processing was enabled on the Servers OU but not on the Domain Controllers OU, which is why the systems in the Servers OU were getting the user settings from the policy but the ones in the DCs OU weren't.
0
 

Author Closing Comment

by:MehtaJasmin
ID: 36555803
found my own solution
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

To effectively work with Diskpart on a Server Core, it is necessary to write some small batch script's, because you can't execute diskpart in a remote powershell session. To get startet, place the Diskpart batch script's into a share on your loca…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now