Solved

GPO not processing all items

Posted on 2014-01-27
10
263 Views
Last Modified: 2014-03-23
Hi Guys, i have created some registry entries in an existing policy under User Config and have found that the keys are not applying at all even though they are showing as entered in the policy.

I have run gpupdate /force as well as rebooted the server but to no avail.  When i perform a Group Policy Results wizard for my test user on the server, it says that it has successfully applied the GPO including all of the settings but they are not.

Does anyone know why this might be?  Your help is apprecaited

Running on Windows Server 2008 R2

Regards,
0
Comment
Question by:BCSITS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 39814083
A little more information would be helpful. What is the client OS? How are you pushing out these registry settings (preferences? or a custom adm file?) What registry settings did you change or add? These are all important questions that need to be answered to even begin to troubleshoot.
0
 

Author Comment

by:BCSITS
ID: 39814119
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\Feature_MaxConnectionsPerServer
REG D_WORD: mshta.exe Value: 16 (decimal)

HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\Feature_MaxConnectionsPer1_0Server
REG D_WORD: mshta.exe Value: 16 (decimal)

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
REG D_WORD: MaxConnectionsPerServer Value: 16 (decimal)

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
REG D_WORD: MaxConnectionsPer1_0Server Value: 16 (decimal)

no extra settings

Client OS is the same as Server OS, Windows Server 2008 R2

They are being applied through User Config\Preferences\Windows Settings\Registry

From what i can see from the results wizard, there are AD (150), Sysvol (150) being applied however, the Policy itself has AD (150), Sysvol (158).  

thanks,
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39834795
Just Apply this policy on OU containing 2008 R2 server object instead of users.
You may use GPO security filtering so that policy can be applied to single server computer only even if OU contains multiple server accounts

Also in same GPO enable loopback processing in replace mode, so no matter who will logon to server will get those polices (registries)

Loop back processing setting can be found in Computer config\administrative templates\system\group policy

Mahesh
0
Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations

 
LVL 14

Expert Comment

by:BlueCompute
ID: 39834994
gpresult /h %userprofile%\desktop\gpresult.html

This will give you a nice pretty HTML file on your desktop that will tell you what is happening wrt your GPOs.  What does gpresult.html say about your GPO?
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 39835847
Is this still an issue for you? I noticed something from your previous post that your Group Policy Container and Template version are not in sync...  AD (150), Sysvol (158).  

The Sysvol contain your ADM files, scripts registry entries etc...

Are you other group policies working OK.

CAn you please do a AD health check just to make sure you are not having any replication issues.

Please upload the following results..

dcdiag /v /e >C:\dcdiag.txt
0
 

Author Comment

by:BCSITS
ID: 39837540
thanks for the replies guys, i will do some further digging and post back the results.

regards, :)
0
 

Accepted Solution

by:
BCSITS earned 0 total points
ID: 39858231
ok, so after some major testing and some changes to permissions, i can say that all of the GPO settings are showing as applied however, when i run the results wizard there seems to be some confusion.

when i check the summary of applied GPO's it shows my GPO applied with all settings in AD and Sysvol showing the same number.  However, if i check the settings tab, the settings are not in the registry section where they are listed in the GPO.

could this be due to GPO inheritance or order of GPO's?  it looks like it is in the correct order but the settings do not apply that way.  i have attached images to explain a little better.

permissions are set for 'Authenticated Users' to have Read

any feedback is appreciated

Kind Regards,
image-1.jpg
image-2.jpg
image-3.jpg
0
 

Author Closing Comment

by:BCSITS
ID: 39948372
issue resolved itself.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question