Solved

User Setting GPO is not shown on the PC.

Posted on 2014-11-06
13
115 Views
Last Modified: 2014-11-07
We have a new group policy which makes some Control Panel/Personalization changes in the User Configuration.

We link this GPO to a Test User OU and move my own AD account to to the OU.

I run gpupdate/force on my PC (login as myself) and run gpresult.  I still do not see that User Settings policy appears.

Please advise.

Thanks.
0
Comment
Question by:nav2567
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
13 Comments
 
LVL 2

Expert Comment

by:Amish Sanghrajka
ID: 40427537
Hi,

Have you checked that there is no security filtering on the linked GPO? When you run the gpresult /r command does the policy name appear at all in the results? If so it should tell you what, if anything, is blocking the GPO from being applied to the user. If not, then check that the GPO is enabled, linked to the appropriate OU and not being blocked by any inheritance/filter settings.

Kind regards,
0
 

Author Comment

by:nav2567
ID: 40427547
Ok, now I see it in User Settings when I typed gpresult.

The GPO makes changes in the User Configuration.  Can I apply it to OU that contain computers and expect it to work?  

In our environment, we only group computers but we do not group users.  I also do not want to apply the GPO directly under our domain.

Please advise again.

Thank you!!
0
 
LVL 2

Accepted Solution

by:
Amish Sanghrajka earned 500 total points
ID: 40427552
Hi,

To get the result that you are looking for you may have to configure loopback processing of a GPO. To do this edit your existing GPO in the following way:
1) Go to Computer Configuration
2) Go to Administrative Templates -> System -> Group Policy
3) Enable the Loopback policy option

This will change the loopback policy on all the computers in the OU and should force them to apply the user policies after a user logs in.

Kind regards,
Amish.

Reference: http://support.microsoft.com/kb/231287
0
MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

 

Author Comment

by:nav2567
ID: 40427559
Sorry, I follow your way: edit my GPO>computer configuration>administrative templates>system>group policy but I do not see the "Loopback Policy Option".
0
 
LVL 2

Expert Comment

by:Amish Sanghrajka
ID: 40427562
Sorry, I should have asked this first: what server version are you using?
0
 
LVL 2

Expert Comment

by:Amish Sanghrajka
ID: 40427573
If you are using Server 2012 the full path is:
Computer Configuration -> Policies -> Administrative Templates -> System -> Group Policy

The full name of the setting is:
Configure user Group Policy loopback processing mode

The setting should be set to Enabled.
0
 

Author Comment

by:nav2567
ID: 40427575
we use Windows 2008.

I just enable "User Group Policy Loopback Processing Mode" and set it to replace.

I move my workstation to a test OU that links to that GPO (the one that modifies the User Configurations).  I run gpupdate/force and run gpresult /R, I do not see the GPO in User Settings.
0
 

Author Comment

by:nav2567
ID: 40427583
I just tried Merge mode and same result.

Please advise again.
0
 
LVL 2

Expert Comment

by:Amish Sanghrajka
ID: 40427585
Bear in mind that a computer policy takes effect on startup rather than login so you will have to restart the computer which the policy is targeting. Have you rebooted the PC?
0
 

Author Comment

by:nav2567
ID: 40427594
rebooting now.   I think I have to use "Merge" mode in my case, right?
0
 
LVL 2

Expert Comment

by:Amish Sanghrajka
ID: 40427891
Yes, you should use the Merge mode. Did the GPO apply after a reboot?
0
 

Author Comment

by:nav2567
ID: 40428386
Works.  

One last question, I need to apply that GPO to a Windows 8 PC.  Is GPUPDATE & GPRESULT the commands to use?
0
 
LVL 2

Expert Comment

by:Amish Sanghrajka
ID: 40428446
Yes, that will work on Windows 8 as well.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question