Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 462
  • Last Modified:

GPO User Configuration settings not being applied to Core servers

I have a GPO that includes both computer and user configuration settings but only the computer setting get applied to servers running core installations. Running RSoP or GPresult on the full installation servers shows both the computer and user settings from the policy applied. On the core servers, all of the computer settings from the policy are there but the user configuration area shows no settings defined. Is this normal behavior for core servers? If not, what could be causing the user settings from the policy to be skipped or denied?  The core servers in question are a domain controller/DNS server and a certificate authority and neither has any other roles installed. The only features installed are WoW64 Support (installed on both) and .NET Framework (only on the DC).
0
MehtaJasmin
Asked:
MehtaJasmin
1 Solution
 
SandeshdubeyCommented:
Ran this cmd and check if displays both user and computer setting gpresult /user targetusername /scope computer /r

e.g gpresult /user noc /scope computer /r.....Where noc is the userid

You have to open your command prompt with elevated privileges. (you can do this by right clicking the command prompt application and selecting 'Run As Administrator') and execute the above command.
0
 
KCTSCommented:
Sorry if I'm pointing out the obvious - but which OU have the user policies been applied to.

The user policies will only be applied if
a) the user account is in the OU to which the policy is applied    and
b) if a user from that OU has actually logged on
0
 
MehtaJasminAuthor Commented:
The policy is linked to the Domain Controllers OU, which is where the core servers live. It is also linked to my Servers OU, where all of the full installation R2 servers are. There are no user accounts in either OU, but RSoP reports show the user settings from the policy being applied to all of the servers in the Servers OU and none of the servers in the Domain Controllers OU. When I run the gpresult command as listed in the post above, the policy in question shows in the applied group policy objects list on all servers. When I change the scope to user, only the full installations show the policy being applied; the core servers only show the default domain policy in the applied list.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
arnoldCommented:
What are the filtering settings on the GPO?
Authenticated users or something else?
Use GPMC and run group policy wizard on the system with reference to the user and it will tell you what is being applied and why something is not being applied.

Only domain controllers should be in the domain controller OU.
There is the default domain controller policy which might be setting and enforcing the settings you want this GPO to do.
0
 
MehtaJasminAuthor Commented:
Found an article on the vat of knowledge website that resolved my issue:

http://www.vatofknow.com/archives/325

So, loopback processing was enabled on the Servers OU but not on the Domain Controllers OU, which is why the systems in the Servers OU were getting the user settings from the policy but the ones in the DCs OU weren't.
0
 
MehtaJasminAuthor Commented:
found my own solution
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now