?
Solved

Default GP computer configurations not applying to windows 7

Posted on 2011-10-11
6
Medium Priority
?
865 Views
Last Modified: 2012-05-12
I have a windows 2008 Server enviroment running in Native mode. My windows 7 machines will not apply the computer configuration changesform the GP. They do apply the User configuration Settings...? very odd. I have attached a copy of the Policy, and a gpresults from a laptop. I have turned off all AV nd FW apps. running as stripped down as possible. Thanks in advance for any help.
Ryan
0
Comment
Question by:TXRhino
  • 5
6 Comments
 

Author Comment

by:TXRhino
ID: 36950341
Computer Configuration (Enabled)hide
Policieshide
Windows Settingshide
Security Settingshide
Account Policies/Password Policyhide
Policy Setting
Enforce password history 3 passwords remembered
Maximum password age 90 days
Minimum password age 0 days
Minimum password length 8 characters
Password must meet complexity requirements Disabled
Store passwords using reversible encryption Disabled

Account Policies/Account Lockout Policyhide
Policy Setting
Account lockout duration 30 minutes
Account lockout threshold 5 invalid logon attempts
Reset account lockout counter after 30 minutes

Account Policies/Kerberos Policyhide
Policy Setting
Enforce user logon restrictions Enabled
Maximum lifetime for service ticket 600 minutes
Maximum lifetime for user ticket 10 hours
Maximum lifetime for user ticket renewal 7 days
Maximum tolerance for computer clock synchronization 7 minutes

Local Policies/Audit Policyhide
Policy Setting
Audit account logon events Failure
Audit account management Success
Audit logon events Failure

Local Policies/User Rights Assignmenthide
Policy Setting
Change the system time NT AUTHORITY\Authenticated Users
Change the time zone NT AUTHORITY\Authenticated Users
Load and unload device drivers NOBLEROYALTIES\Print Add, NOBLEROYALTIES\Funding Security, NOBLEROYALTIES\A&D Security GP
Log on as a service NOBLEROYALTIES\besadmin, S-1-5-21-330488401-199137737-2062348952-1685, NOBLEROYALTIES\Domain Admins

Local Policies/Security Optionshide
Interactive Logonhide
Policy Setting
Interactive logon: Do not display last user name Enabled

Network Securityhide
Policy Setting
Network security: Force logoff when logon hours expire Disabled

Event Loghide
Policy Setting
Retention method for application log As needed
Retention method for security log As needed
Retention method for system log As needed

Public Key Policies/Certificate Services Client - Auto-Enrollment Settingshide
Policy Setting
Automatic certificate management Enabled
Option Setting
Enroll new certificates, renew expired certificates, process pending certificate requests and remove revoked certificates Enabled
Update and manage certificates that use certificate templates from Active Directory Enabled
 

Public Key Policies/Encrypting File Systemhide
Certificateshide
Issued To Issued By Expiration Date Intended Purposes
Administrator Administrator 8/28/2006 12:31:17 PM File Recovery

For additional information about individual settings, launch Group Policy Object Editor.
Public Key Policies/Trusted Root Certification Authoritieshide
Propertieshide
Policy Setting
Allow users to select new root certification authorities (CAs) to trust Enabled
Client computers can trust the following certificate stores Third-Party Root Certification Authorities and Enterprise Root Certification Authorities
To perform certificate-based authentication of users and computers, CAs must meet the following criteria Registered in Active Directory only

Administrative Templateshide
Policy definitions (ADMX files) retrieved from the local machine.Network/Offline Fileshide
Policy Setting Comment
Allow or Disallow use of the Offline Files feature Enabled  
When enabled, files from auto-cache shared folders are cached on
the local computer. Users can also select specific folders and
files to always be available when working offline.
 

Printershide
Policy Setting Comment
Disallow installation of printers using kernel-mode drivers Disabled  

System/Group Policyhide
Policy Setting Comment
Folder Redirection policy processing Enabled  
Allow processing across a slow network connection Enabled
Process even if the Group Policy objects have not changed Disabled
 
Policy Setting Comment
Scripts policy processing Enabled  
Allow processing across a slow network connection Enabled
Do not apply during periodic background processing Disabled
Process even if the Group Policy objects have not changed Enabled
 

System/Windows Time Servicehide
Policy Setting Comment
Global Configuration Settings Enabled  
Clock Discipline Parameters
FrequencyCorrectRate 4
HoldPeriod 5
LargePhaseOffset 1280000
MaxAllowedPhaseOffset 300
MaxNegPhaseCorrection 54000
MaxPosPhaseCorrection 54000
PhaseCorrectRate 1
PollAdjustFactor 5
SpikeWatchPeriod 90
UpdateInterval 30000
General Parameters
AnnounceFlags 10
EventLogFlags 2
LocalClockDispersion 10
MaxPollInterval 15
MinPollInterval 10
ChainEntryTimeout  
ChainMaxEntries  
ChainMaxHostEntries  
ChainDisable  
ChainLoggingRate  
 

System/Windows Time Service/Time Providershide
Policy Setting Comment
Configure Windows NTP Client Enabled  
NtpServer nrad1.corp.nobleroyalties.com,0x9
Type NT5DS
CrossSiteSyncFlags 2
ResolvePeerBackoffMinutes 15
ResolvePeerBackoffMaxTimes 7
SpecialPollInterval 3600
EventLogFlags 0
 
Policy Setting Comment
Enable Windows NTP Client Enabled  

Windows Components/Windows Updatehide
Policy Setting Comment
Allow non-administrators to receive update notifications Enabled  
Configure Automatic Updates Enabled  
Configure automatic updating: 4 - Auto download and schedule the install
The following settings are only required
and applicable if 4 is selected.
Scheduled install day:  4 - Every Wednesday
Scheduled install time: 18:00
 
Policy Setting Comment
No auto-restart with logged on users for scheduled automatic updates installations Enabled  
Specify intranet Microsoft update service location Enabled  
Set the intranet update service for detecting updates: http://172.17.2.36 
Set the intranet statistics server: http://172.17.2.36 
(example: http://IntranetUpd01)
 

User Configuration (Enabled)hide
Policieshide
Windows Settingshide
Remote Installation Serviceshide
Client Installation Wizard optionshide
Policy Setting
Custom Setup Disabled
Restart Setup Disabled
Tools Disabled

Security Settingshide
Public Key Policies/Certificate Services Client - Auto-Enrollment Settingshide
Policy Setting
Automatic certificate management Enabled
Option Setting
Enroll new certificates, renew expired certificates, process pending certificate requests and remove revoked certificates Enabled
Update and manage certificates that use certificate templates from Active Directory Enabled
 
Show certificate expiry notifications Disabled

Administrative Templateshide
Policy definitions (ADMX files) retrieved from the local machine.Control Panel/Printershide
Policy Setting Comment
Prevent addition of printers Disabled  

Microsoft Office Outlook 2003/Tools | Options.../Preferences/Calendar options/Free/Busy Optionshide
Policy Setting Comment
Options Enabled  
Months of Free/Busy information published: 12
Prevent users from changing Months of Free/Busy information Disabled
being published
 
Free/Busy updated on the server every xxx seconds: 900
 
0
 

Author Comment

by:TXRhino
ID: 36950344
Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
Print
Close
No explanation is available for this setting.
Supported On:
Not available
Group Policy Results
NOBLEROYALTIES\rbradshaw
Data collected on: 10/11/2011 11:37:22 AM  

Summary
Computer Configuration Summary
No data available.
User Configuration Summary
General
User name NOBLEROYALTIES\rbradshaw
Domain corp.nobleroyalties.com
Last time Group Policy was processed 10/11/2011 11:36:55 AM

Group Policy Objects
Applied GPOs
Name Link Location Revision
Local Group Policy Local AD (1), Sysvol (1)
Default Domain Policy corp.nobleroyalties.com AD (17), Sysvol (17)

Denied GPOs
Name Link Location Reason Denied
Terminal Server corp.nobleroyalties.com Access Denied (Security Filtering)
{99529C79-CEC8-4BDD-B962-CF769F6DDE17} corp.nobleroyalties.com Disabled Link
Remote Access corp.nobleroyalties.com/NR Addison Office/Users Access Denied (Security Filtering)

Security Group Membership when Group Policy was applied
NOBLEROYALTIES\Domain Admins
Everyone
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
NT AUTHORITY\This Organization
LOCAL
NOBLEROYALTIES\Accounting Data
NOBLEROYALTIES\CiscoVPN
NOBLEROYALTIES\Executive Printer Group
NOBLEROYALTIES\ITDept
NOBLEROYALTIES\A&D Print Group
NOBLEROYALTIES\All Noble
NOBLEROYALTIES\Enterprise Admins
NOBLEROYALTIES\Schema Admins
NOBLEROYALTIES\Denied RODC Password Replication Group
NOBLEROYALTIES\DHCP Administrators
Mandatory Label\High Mandatory Level
WMI Filters
Name Value Reference GPO(s)
None

Component Status
Component Name Status Last Process Time
Group Policy Infrastructure Success 10/11/2011 11:36:57 AM
Registry Success 10/11/2011 11:36:56 AM
Scripts Success 10/11/2011 11:36:57 AM
Software Installation Success 10/11/2011 11:36:57 AM

Computer Configuration
No data available.
User Configuration
Policies
Windows Settings
Scripts
Logoff
Name Parameters Last Run Script Order in GPO Winning GPO
SLlogoffScript.cmd    Not configured Local Group Policy

Security Settings
Public Key Policies/Certificate Services Client - Auto-Enrollment Settings
Policy Setting Winning GPO
Automatic certificate management Enabled Default Domain Policy
Option Setting
Enroll new certificates, renew expired certificates, process pending certificate requests and remove revoked certificates Enabled
Update and manage certificates that use certificate templates from Active Directory Enabled
 
Show certificate expiry notifications Disabled Default Domain Policy

Administrative Templates
Policy definitions (ADMX files) retrieved from the local machine.Control Panel/Printers
Policy Setting Winning GPO
Prevent addition of printers Disabled Default Domain Policy

Microsoft Office Outlook 2003/Tools | Options.../Preferences/Calendar options/Free/Busy Options
Policy Setting Winning GPO
Options Enabled Default Domain Policy
Months of Free/Busy information published: 12
Prevent users from changing Months of Free/Busy information Disabled
being published
 
Free/Busy updated on the server every xxx seconds: 900
 
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36950640
GPO debug logging for Windows 7
http://social.technet.microsoft.com/Forums/en/winserverGP/thread/a9b36648-aa9f-4ff7-b23f-c1123b7984e9

Hard to see where to start, but I would suggest to get some log files..... Anything in the Event Viewer of interest? Group Policy Client service started and set to Auto?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:TXRhino
ID: 36951413
Thanks for the comment John,

yes the GP Client service is started and they will run the user settings end of the GP but not the compter settings... nothing in the event viewer. I literally have a fresh OS on a laptop with nothing on it not even a AV app and I get the same results. what is odd, is when i run the gpresults /h form the command prompt and review the results it says the computer settings is empty(see above in my second comment with output) as if it has no relevane to that PC...? I even created a new policy with nothing in it other than a simple computer settings change like allow users to change time and time zone for any authenticated user and then assigned to to myself and a generic test user account... same result...

Ryan
0
 

Accepted Solution

by:
TXRhino earned 0 total points
ID: 36951713
founf the solution. when running GPUPDATE /FORCE you must be in a command prompt wit admin rights...
0
 

Author Closing Comment

by:TXRhino
ID: 36975466
be sure to run the command prompt with elevated permissions....
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question