• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1267
  • Last Modified:

Trying to use "Deny logon locally" in a GPO

I just created a GPO to set  "Deny Log on Locally" and "Deny log on through Remote Desktop" to one AD group, and "Deny logon as a batch job" and "Deny log on as a service" to another group.   I intend to put special-purpose accounts in one or both of these groups.
But when I view the "Settings" tab for this new GPO in the GPEDIT.MSC, it shows "No settings defined".   And when I link the GPO to my domain, the GPRESULT shows that the GPO is not applied because it is empty !!!
I even tried adding another, completely unrelated computer policy setting so the GPO would not be empty.  The "Deny logon..." settings still have no effect.

This is a very simple domain.  Just one site with two DCs, both running Windows 2008 R2+SP1, Domain functional level and Forest functional level both Windows 2008 R2.

Any ideas??
Editing the GPO
GPO setting summary
  • 2
1 Solution
Sarang TinguriaSr EngineerCommented:
delete this GPO and recreate it ..make sure FRS has no error event ID's points of failing replication
Your picture1 shows that you are not editing the GPO that picture2 shows but a local GPO. :)
jackportAuthor Commented:
No, McKnife, the picture does NOT show that at all.  The portion of the MMC showing the domain context has been cropped out.
jackportAuthor Commented:
Thank you....I don't  know what caused the problem, but I just created another GPO as sarang_tinguria suggested and the problem did not recur.   I really should have thought of that myself!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now