?
Solved

User Setting GPO is not shown on the PC.

Posted on 2014-11-06
13
Medium Priority
?
116 Views
Last Modified: 2014-11-07
We have a new group policy which makes some Control Panel/Personalization changes in the User Configuration.

We link this GPO to a Test User OU and move my own AD account to to the OU.

I run gpupdate/force on my PC (login as myself) and run gpresult.  I still do not see that User Settings policy appears.

Please advise.

Thanks.
0
Comment
Question by:nav2567
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
13 Comments
 
LVL 2

Expert Comment

by:Amish Sanghrajka
ID: 40427537
Hi,

Have you checked that there is no security filtering on the linked GPO? When you run the gpresult /r command does the policy name appear at all in the results? If so it should tell you what, if anything, is blocking the GPO from being applied to the user. If not, then check that the GPO is enabled, linked to the appropriate OU and not being blocked by any inheritance/filter settings.

Kind regards,
0
 

Author Comment

by:nav2567
ID: 40427547
Ok, now I see it in User Settings when I typed gpresult.

The GPO makes changes in the User Configuration.  Can I apply it to OU that contain computers and expect it to work?  

In our environment, we only group computers but we do not group users.  I also do not want to apply the GPO directly under our domain.

Please advise again.

Thank you!!
0
 
LVL 2

Accepted Solution

by:
Amish Sanghrajka earned 2000 total points
ID: 40427552
Hi,

To get the result that you are looking for you may have to configure loopback processing of a GPO. To do this edit your existing GPO in the following way:
1) Go to Computer Configuration
2) Go to Administrative Templates -> System -> Group Policy
3) Enable the Loopback policy option

This will change the loopback policy on all the computers in the OU and should force them to apply the user policies after a user logs in.

Kind regards,
Amish.

Reference: http://support.microsoft.com/kb/231287
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 

Author Comment

by:nav2567
ID: 40427559
Sorry, I follow your way: edit my GPO>computer configuration>administrative templates>system>group policy but I do not see the "Loopback Policy Option".
0
 
LVL 2

Expert Comment

by:Amish Sanghrajka
ID: 40427562
Sorry, I should have asked this first: what server version are you using?
0
 
LVL 2

Expert Comment

by:Amish Sanghrajka
ID: 40427573
If you are using Server 2012 the full path is:
Computer Configuration -> Policies -> Administrative Templates -> System -> Group Policy

The full name of the setting is:
Configure user Group Policy loopback processing mode

The setting should be set to Enabled.
0
 

Author Comment

by:nav2567
ID: 40427575
we use Windows 2008.

I just enable "User Group Policy Loopback Processing Mode" and set it to replace.

I move my workstation to a test OU that links to that GPO (the one that modifies the User Configurations).  I run gpupdate/force and run gpresult /R, I do not see the GPO in User Settings.
0
 

Author Comment

by:nav2567
ID: 40427583
I just tried Merge mode and same result.

Please advise again.
0
 
LVL 2

Expert Comment

by:Amish Sanghrajka
ID: 40427585
Bear in mind that a computer policy takes effect on startup rather than login so you will have to restart the computer which the policy is targeting. Have you rebooted the PC?
0
 

Author Comment

by:nav2567
ID: 40427594
rebooting now.   I think I have to use "Merge" mode in my case, right?
0
 
LVL 2

Expert Comment

by:Amish Sanghrajka
ID: 40427891
Yes, you should use the Merge mode. Did the GPO apply after a reboot?
0
 

Author Comment

by:nav2567
ID: 40428386
Works.  

One last question, I need to apply that GPO to a Windows 8 PC.  Is GPUPDATE & GPRESULT the commands to use?
0
 
LVL 2

Expert Comment

by:Amish Sanghrajka
ID: 40428446
Yes, that will work on Windows 8 as well.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question