Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 997
  • Last Modified:

Group policy issue

Im installing an application called Device Lock on my 2003 test domain.  Its used to block USB/CD rom acess, etc. All the configuration is done through group policy. I've created a new GPO at for the computers OU and ticked 'over ride' in options. I've GP forced on the server and the domain but the policy is not being picked up the workstation. Can someone assist please?

3 Solutions
Is the GPO at Group Level? Do you have inheritance on your OU's?
How many Domain Controllers do you have and if more than one is there any issues with File Replication between them? We have had issues in the past where very old GPO's & even login scripts wern't replicating to one server and for some reason it was mistakenly seen as the PDC/FSMO
Nagendra Pratap SinghCommented:
Is the workstation XP or something else?
Kimba123Author Commented:
No other polices have been applied and this one is aimed at a computers container with AD. The machine is XP and there is only one DC. No other replication issues appear as far as I know...

I tried to deploy the MSI (for the service to be installed on the client)through the software deployment option within GP, aimed my computers container (not the default container) but this also did not install.
Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

Although old school, have a nosey at TweakUI also.
Kimba123Author Commented:
Kiwistag, thanks for the reply but I do not want to install any third party apps on my server. Can anyone respond to my previous post?

As I said I attempted to deploy the MSI through GP but this did not work. Is there any way to check my group policy is actually working on the selcted OU in question?

GPRESULT on the client returns the following: 'The user does not have RSOP data'

GPRESULT on the server returns results as expected.

When I run rsop.msc on the client, I get the following error
RSoP data is invalid. Likely causes are, data is corrupt, data has been deleted or data has never been created.
Datails: Invalid namespace
Mike KlineCommented:
What errors are you seeing in your event logs?   Have you tried running an RSoP report from GPMC?  


U need to enable the setting " always wait for network".

This setting is under computer configuration, network, log on.
btanExec ConsultantCommented:
From this they found dns is not probably set...they also did the gpupdate /force
Leon FesterIT Project Change ManagerCommented:
No other polices have been applied and this one is aimed at a computers container with AD. The machine is XP and there is only one DC. No other replication issues appear as far as I know...

Group Policies cannot be applied to containers.
So make sure that you've created an OU and not a container.

Run gpresult /h results.html, and check which GPO's are being blocked/allowed on the result.html file
Under "User Configuration Summary -> General -> Group Policy Objects", you should see two sections: "Applied GPO's" and "Denied GPO's"

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now