Solved

User Setting GPO is not shown on the PC.

Posted on 2014-11-06
13
113 Views
Last Modified: 2014-11-07
We have a new group policy which makes some Control Panel/Personalization changes in the User Configuration.

We link this GPO to a Test User OU and move my own AD account to to the OU.

I run gpupdate/force on my PC (login as myself) and run gpresult.  I still do not see that User Settings policy appears.

Please advise.

Thanks.
0
Comment
Question by:nav2567
  • 7
  • 6
13 Comments
 
LVL 2

Expert Comment

by:Amish Sanghrajka
ID: 40427537
Hi,

Have you checked that there is no security filtering on the linked GPO? When you run the gpresult /r command does the policy name appear at all in the results? If so it should tell you what, if anything, is blocking the GPO from being applied to the user. If not, then check that the GPO is enabled, linked to the appropriate OU and not being blocked by any inheritance/filter settings.

Kind regards,
0
 

Author Comment

by:nav2567
ID: 40427547
Ok, now I see it in User Settings when I typed gpresult.

The GPO makes changes in the User Configuration.  Can I apply it to OU that contain computers and expect it to work?  

In our environment, we only group computers but we do not group users.  I also do not want to apply the GPO directly under our domain.

Please advise again.

Thank you!!
0
 
LVL 2

Accepted Solution

by:
Amish Sanghrajka earned 500 total points
ID: 40427552
Hi,

To get the result that you are looking for you may have to configure loopback processing of a GPO. To do this edit your existing GPO in the following way:
1) Go to Computer Configuration
2) Go to Administrative Templates -> System -> Group Policy
3) Enable the Loopback policy option

This will change the loopback policy on all the computers in the OU and should force them to apply the user policies after a user logs in.

Kind regards,
Amish.

Reference: http://support.microsoft.com/kb/231287
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:nav2567
ID: 40427559
Sorry, I follow your way: edit my GPO>computer configuration>administrative templates>system>group policy but I do not see the "Loopback Policy Option".
0
 
LVL 2

Expert Comment

by:Amish Sanghrajka
ID: 40427562
Sorry, I should have asked this first: what server version are you using?
0
 
LVL 2

Expert Comment

by:Amish Sanghrajka
ID: 40427573
If you are using Server 2012 the full path is:
Computer Configuration -> Policies -> Administrative Templates -> System -> Group Policy

The full name of the setting is:
Configure user Group Policy loopback processing mode

The setting should be set to Enabled.
0
 

Author Comment

by:nav2567
ID: 40427575
we use Windows 2008.

I just enable "User Group Policy Loopback Processing Mode" and set it to replace.

I move my workstation to a test OU that links to that GPO (the one that modifies the User Configurations).  I run gpupdate/force and run gpresult /R, I do not see the GPO in User Settings.
0
 

Author Comment

by:nav2567
ID: 40427583
I just tried Merge mode and same result.

Please advise again.
0
 
LVL 2

Expert Comment

by:Amish Sanghrajka
ID: 40427585
Bear in mind that a computer policy takes effect on startup rather than login so you will have to restart the computer which the policy is targeting. Have you rebooted the PC?
0
 

Author Comment

by:nav2567
ID: 40427594
rebooting now.   I think I have to use "Merge" mode in my case, right?
0
 
LVL 2

Expert Comment

by:Amish Sanghrajka
ID: 40427891
Yes, you should use the Merge mode. Did the GPO apply after a reboot?
0
 

Author Comment

by:nav2567
ID: 40428386
Works.  

One last question, I need to apply that GPO to a Windows 8 PC.  Is GPUPDATE & GPRESULT the commands to use?
0
 
LVL 2

Expert Comment

by:Amish Sanghrajka
ID: 40428446
Yes, that will work on Windows 8 as well.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question