Solved

User Setting GPO is not shown on the PC.

Posted on 2014-11-06
13
109 Views
Last Modified: 2014-11-07
We have a new group policy which makes some Control Panel/Personalization changes in the User Configuration.

We link this GPO to a Test User OU and move my own AD account to to the OU.

I run gpupdate/force on my PC (login as myself) and run gpresult.  I still do not see that User Settings policy appears.

Please advise.

Thanks.
0
Comment
Question by:nav2567
  • 7
  • 6
13 Comments
 
LVL 2

Expert Comment

by:Amish Sanghrajka
ID: 40427537
Hi,

Have you checked that there is no security filtering on the linked GPO? When you run the gpresult /r command does the policy name appear at all in the results? If so it should tell you what, if anything, is blocking the GPO from being applied to the user. If not, then check that the GPO is enabled, linked to the appropriate OU and not being blocked by any inheritance/filter settings.

Kind regards,
0
 

Author Comment

by:nav2567
ID: 40427547
Ok, now I see it in User Settings when I typed gpresult.

The GPO makes changes in the User Configuration.  Can I apply it to OU that contain computers and expect it to work?  

In our environment, we only group computers but we do not group users.  I also do not want to apply the GPO directly under our domain.

Please advise again.

Thank you!!
0
 
LVL 2

Accepted Solution

by:
Amish Sanghrajka earned 500 total points
ID: 40427552
Hi,

To get the result that you are looking for you may have to configure loopback processing of a GPO. To do this edit your existing GPO in the following way:
1) Go to Computer Configuration
2) Go to Administrative Templates -> System -> Group Policy
3) Enable the Loopback policy option

This will change the loopback policy on all the computers in the OU and should force them to apply the user policies after a user logs in.

Kind regards,
Amish.

Reference: http://support.microsoft.com/kb/231287
0
 

Author Comment

by:nav2567
ID: 40427559
Sorry, I follow your way: edit my GPO>computer configuration>administrative templates>system>group policy but I do not see the "Loopback Policy Option".
0
 
LVL 2

Expert Comment

by:Amish Sanghrajka
ID: 40427562
Sorry, I should have asked this first: what server version are you using?
0
 
LVL 2

Expert Comment

by:Amish Sanghrajka
ID: 40427573
If you are using Server 2012 the full path is:
Computer Configuration -> Policies -> Administrative Templates -> System -> Group Policy

The full name of the setting is:
Configure user Group Policy loopback processing mode

The setting should be set to Enabled.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:nav2567
ID: 40427575
we use Windows 2008.

I just enable "User Group Policy Loopback Processing Mode" and set it to replace.

I move my workstation to a test OU that links to that GPO (the one that modifies the User Configurations).  I run gpupdate/force and run gpresult /R, I do not see the GPO in User Settings.
0
 

Author Comment

by:nav2567
ID: 40427583
I just tried Merge mode and same result.

Please advise again.
0
 
LVL 2

Expert Comment

by:Amish Sanghrajka
ID: 40427585
Bear in mind that a computer policy takes effect on startup rather than login so you will have to restart the computer which the policy is targeting. Have you rebooted the PC?
0
 

Author Comment

by:nav2567
ID: 40427594
rebooting now.   I think I have to use "Merge" mode in my case, right?
0
 
LVL 2

Expert Comment

by:Amish Sanghrajka
ID: 40427891
Yes, you should use the Merge mode. Did the GPO apply after a reboot?
0
 

Author Comment

by:nav2567
ID: 40428386
Works.  

One last question, I need to apply that GPO to a Windows 8 PC.  Is GPUPDATE & GPRESULT the commands to use?
0
 
LVL 2

Expert Comment

by:Amish Sanghrajka
ID: 40428446
Yes, that will work on Windows 8 as well.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now