Solved

GPO User Configuration settings not being applied to Core servers

Posted on 2011-09-12
6
451 Views
Last Modified: 2013-11-05
I have a GPO that includes both computer and user configuration settings but only the computer setting get applied to servers running core installations. Running RSoP or GPresult on the full installation servers shows both the computer and user settings from the policy applied. On the core servers, all of the computer settings from the policy are there but the user configuration area shows no settings defined. Is this normal behavior for core servers? If not, what could be causing the user settings from the policy to be skipped or denied?  The core servers in question are a domain controller/DNS server and a certificate authority and neither has any other roles installed. The only features installed are WoW64 Support (installed on both) and .NET Framework (only on the DC).
0
Comment
Question by:MehtaJasmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36527665
Ran this cmd and check if displays both user and computer setting gpresult /user targetusername /scope computer /r

e.g gpresult /user noc /scope computer /r.....Where noc is the userid

You have to open your command prompt with elevated privileges. (you can do this by right clicking the command prompt application and selecting 'Run As Administrator') and execute the above command.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 36527764
Sorry if I'm pointing out the obvious - but which OU have the user policies been applied to.

The user policies will only be applied if
a) the user account is in the OU to which the policy is applied    and
b) if a user from that OU has actually logged on
0
 

Author Comment

by:MehtaJasmin
ID: 36529868
The policy is linked to the Domain Controllers OU, which is where the core servers live. It is also linked to my Servers OU, where all of the full installation R2 servers are. There are no user accounts in either OU, but RSoP reports show the user settings from the policy being applied to all of the servers in the Servers OU and none of the servers in the Domain Controllers OU. When I run the gpresult command as listed in the post above, the policy in question shows in the applied group policy objects list on all servers. When I change the scope to user, only the full installations show the policy being applied; the core servers only show the default domain policy in the applied list.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 78

Expert Comment

by:arnold
ID: 36529996
What are the filtering settings on the GPO?
Authenticated users or something else?
Use GPMC and run group policy wizard on the system with reference to the user and it will tell you what is being applied and why something is not being applied.

Only domain controllers should be in the domain controller OU.
There is the default domain controller policy which might be setting and enforcing the settings you want this GPO to do.
0
 

Accepted Solution

by:
MehtaJasmin earned 0 total points
ID: 36530346
Found an article on the vat of knowledge website that resolved my issue:

http://www.vatofknow.com/archives/325

So, loopback processing was enabled on the Servers OU but not on the Domain Controllers OU, which is why the systems in the Servers OU were getting the user settings from the policy but the ones in the DCs OU weren't.
0
 

Author Closing Comment

by:MehtaJasmin
ID: 36555803
found my own solution
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
This article explains how to install and use the NTBackup utility that comes with Windows Server.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question