Can't get User Configuration GPO to work
Posted on 2014-10-24
I am pulling my hair out and need some help. I have numerous Computer Configuration policies that all seem to work, at least they show up in gpresult with a winning GPO that makes sense. However, I have several User Configuration policies that don't show up in gpresult and don't work. For example, i have one that is designed to stop the screen saver from running if someone in the *Administrators* group is logged onto a *Domain Server* (an OU). So - I link the Domain Server OU at the top of the Scope for this GPO, and under security filtering, I add "Administrators" which I search from the domain search box and it finds. So I think this means that if an Administrator group member is logged into a Domain Server, the GPO should apply. That does not happen. In gpresult, the only mention of my policy is under Computer Configuration and it shoes "Denied" as "Empty". Ok, I can reason that since there are no Computer Configuration items in the policy that could be empty. But why do I not see this GPO mentioned in the User Configuration part of the report? In fact the only User Configuration policies that show applied are those in the Default Domain Policy - my others are just missing. The report shows the computer name as a member of the Domain Server group, and shows the user as domain/administrator, a member of the Administrators group. I think I am missing something fundamental in this process since I have been hacking at it off and on for a while and still don't have it right. Help me learn how to get this corrected! Thanks.