Solved

Group Policy not taking effect

Posted on 2012-04-04
9
406 Views
Last Modified: 2012-11-12
Dear All,

I have configured a set of GPO, linked and enforced to an existing OU in AD. However it seems like most of the settings are overwritten by the Default Domain Policy.

I tried using Block Inheritance and the Default Domain Policy still took precedence.
I tried using Group Policy Loopback Processing Mode with 'Replace' as setting and it still didn't work.

I want this new set of GPO to take effect as this is a server hardening policy.

Any advise?

Thanks in advance!
0
Comment
Question by:Gapseudo081
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37805242
Run RSOP. can you also check if no overide is selected on the Default Group policy?
0
 
LVL 2

Expert Comment

by:robdl
ID: 37805437
If this is a 2008 or 2008 R2 Domain, use Item Level Tareting to users or groups in the OU.
0
 
LVL 21

Expert Comment

by:motnahp00
ID: 37805572
Do you have any other enforcements? Make sure your policy's precedence level on the OU is lowest number possible so it holds the trump card over the other policies.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 13

Expert Comment

by:cshepfam
ID: 37805699
In the OU with the Group Policy you set it place, unlink everything except for the OU you want the policy to have effect in.  That should be the only one linked and keep "Block Inheritance" off.

Then do a "gpupdate" and that should do the trick.
0
 

Author Comment

by:Gapseudo081
ID: 37826315
Hi all,

I realised that the reason why my GPO did not take effect was because of the Default Domain Policy.

After  doing a RSOP, i found that some of the settings was overridden by the Default Domain Policy.

I also found that because the Default Domain Policy is enforced ( No Override ), even if you check 'Block Inheritance' it would not work because the No Override takes precedence over the Block Inheritance.

I think the only way is to un-enforce the Default Domain Policy in order for my GPO to take effect.

Is it uncommon to have a Default Domain Policy that is un-enforced?

Any comments or advice?

Thanks!
0
 

Author Comment

by:Gapseudo081
ID: 37831390
I found something strange today. I ran a RSOP and realise that , for example, all the audit policies' winning GPO is the Template GPO. However when i do a secpol.msc on the server, the audit policies are not configured.

This is strange...

Any advise?

Thanks!
0
 

Author Comment

by:Gapseudo081
ID: 38298963
Hi guys,

Any advise from my previous comment?

Thanks!
0
 

Accepted Solution

by:
Gapseudo081 earned 0 total points
ID: 38578355
I think i know what was the problem. If the settings in the Default Domain Policy or the Local Policy has already got an entry and even though its 'Not Defined', they will still take precendence.

Therefore i had to go disable all those policies which are 'Not Defined' and only then my GPO will work.

Thanks guys for the help
0
 

Author Closing Comment

by:Gapseudo081
ID: 38590326
I don't think the suggested solutions resolved my issues although they are good solutions to ensure that the GPO would take effect.
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question