Group Policy not taking effect

Dear All,

I have configured a set of GPO, linked and enforced to an existing OU in AD. However it seems like most of the settings are overwritten by the Default Domain Policy.

I tried using Block Inheritance and the Default Domain Policy still took precedence.
I tried using Group Policy Loopback Processing Mode with 'Replace' as setting and it still didn't work.

I want this new set of GPO to take effect as this is a server hardening policy.

Any advise?

Thanks in advance!
Gapseudo081Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AnuroopsunddCommented:
Run RSOP. can you also check if no overide is selected on the Default Group policy?
0
robdlCommented:
If this is a 2008 or 2008 R2 Domain, use Item Level Tareting to users or groups in the OU.
0
motnahp00Commented:
Do you have any other enforcements? Make sure your policy's precedence level on the OU is lowest number possible so it holds the trump card over the other policies.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

cshepfamCommented:
In the OU with the Group Policy you set it place, unlink everything except for the OU you want the policy to have effect in.  That should be the only one linked and keep "Block Inheritance" off.

Then do a "gpupdate" and that should do the trick.
0
Gapseudo081Author Commented:
Hi all,

I realised that the reason why my GPO did not take effect was because of the Default Domain Policy.

After  doing a RSOP, i found that some of the settings was overridden by the Default Domain Policy.

I also found that because the Default Domain Policy is enforced ( No Override ), even if you check 'Block Inheritance' it would not work because the No Override takes precedence over the Block Inheritance.

I think the only way is to un-enforce the Default Domain Policy in order for my GPO to take effect.

Is it uncommon to have a Default Domain Policy that is un-enforced?

Any comments or advice?

Thanks!
0
Gapseudo081Author Commented:
I found something strange today. I ran a RSOP and realise that , for example, all the audit policies' winning GPO is the Template GPO. However when i do a secpol.msc on the server, the audit policies are not configured.

This is strange...

Any advise?

Thanks!
0
Gapseudo081Author Commented:
Hi guys,

Any advise from my previous comment?

Thanks!
0
Gapseudo081Author Commented:
I think i know what was the problem. If the settings in the Default Domain Policy or the Local Policy has already got an entry and even though its 'Not Defined', they will still take precendence.

Therefore i had to go disable all those policies which are 'Not Defined' and only then my GPO will work.

Thanks guys for the help
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Gapseudo081Author Commented:
I don't think the suggested solutions resolved my issues although they are good solutions to ensure that the GPO would take effect.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.