Solved

GPO User Configuration settings not being applied to Core servers

Posted on 2011-09-12
6
445 Views
Last Modified: 2013-11-05
I have a GPO that includes both computer and user configuration settings but only the computer setting get applied to servers running core installations. Running RSoP or GPresult on the full installation servers shows both the computer and user settings from the policy applied. On the core servers, all of the computer settings from the policy are there but the user configuration area shows no settings defined. Is this normal behavior for core servers? If not, what could be causing the user settings from the policy to be skipped or denied?  The core servers in question are a domain controller/DNS server and a certificate authority and neither has any other roles installed. The only features installed are WoW64 Support (installed on both) and .NET Framework (only on the DC).
0
Comment
Question by:MehtaJasmin
6 Comments
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36527665
Ran this cmd and check if displays both user and computer setting gpresult /user targetusername /scope computer /r

e.g gpresult /user noc /scope computer /r.....Where noc is the userid

You have to open your command prompt with elevated privileges. (you can do this by right clicking the command prompt application and selecting 'Run As Administrator') and execute the above command.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 36527764
Sorry if I'm pointing out the obvious - but which OU have the user policies been applied to.

The user policies will only be applied if
a) the user account is in the OU to which the policy is applied    and
b) if a user from that OU has actually logged on
0
 

Author Comment

by:MehtaJasmin
ID: 36529868
The policy is linked to the Domain Controllers OU, which is where the core servers live. It is also linked to my Servers OU, where all of the full installation R2 servers are. There are no user accounts in either OU, but RSoP reports show the user settings from the policy being applied to all of the servers in the Servers OU and none of the servers in the Domain Controllers OU. When I run the gpresult command as listed in the post above, the policy in question shows in the applied group policy objects list on all servers. When I change the scope to user, only the full installations show the policy being applied; the core servers only show the default domain policy in the applied list.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 77

Expert Comment

by:arnold
ID: 36529996
What are the filtering settings on the GPO?
Authenticated users or something else?
Use GPMC and run group policy wizard on the system with reference to the user and it will tell you what is being applied and why something is not being applied.

Only domain controllers should be in the domain controller OU.
There is the default domain controller policy which might be setting and enforcing the settings you want this GPO to do.
0
 

Accepted Solution

by:
MehtaJasmin earned 0 total points
ID: 36530346
Found an article on the vat of knowledge website that resolved my issue:

http://www.vatofknow.com/archives/325

So, loopback processing was enabled on the Servers OU but not on the Domain Controllers OU, which is why the systems in the Servers OU were getting the user settings from the policy but the ones in the DCs OU weren't.
0
 

Author Closing Comment

by:MehtaJasmin
ID: 36555803
found my own solution
0

Featured Post

[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was asked if I could set up a fax machine so that incoming faxes were delivered to people's Exchange inboxes and so that they could send faxes from their desktops without needing to print the document first.  I knew it was possible but I had no id…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now