Can somebody tell me why the local GPO settings are not overridden by the default domain controller policy? I thought the order was:
Here is the case: on a Windows 8 workstation the user can change the time zone. I would like to prevent this. In the local GPO in computer configuration / policies / windows settings / security settings / local policies / user rights assignment the following user(groups) are allowed to change the timezone: administrators, Local Service and Users.
In the domain controllers policy, I have changed it from not defined to only administrators and Local Service. Users can still change it after restarts and gpupdate /force.
Anybody any ideas?