GPO not applying to all systems

I have setup a gpo to apply to system that in a group. I set this group in the gpo filtering, so any system in the group will get the gpo.

I see some systems got the gpo without a reboot, but most are not getting the gpo, even after setting the gpo 20hrs ago.

I have set the gpo to be applied to an OU that has all the other OU's off of that and the gpo is replicated to all the dc's.

Any thoughts how I can fix this?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

So to clarify,

You have a GPO setup, this GPOs Security Filtering has been amended from Authenticated Users to Security Group which has computers in it? That GPO is then applied to the OU which has those Computers within it?

Could you maybe share a screenshot of the GPO Scope Tab, Where the GPO is applying to aswell?

Try running a GPResult on the clients that are meant to be receiving the policy to see if they are. Also ensure the machines that need to receive the policy are in the Security Group as you specified within the Security Filtering and also within the OU where the GPO is applied.
rdefinoAuthor Commented:
This is all correct. I have applied the gpo to an OU that has multiple OUs under it, so they should get the gpo through inheritance. Non of these OU have "blocked inheritance" enabled.

I have run gpresult on some of the workstations and the gpo is not shown in the list of applied gpos.

Now, these systems should get this gpo applied without a reboot, correct?
Providing the required machines are in the Pilot-banner-login-remove Security Group.

Try running a GPUpdate /force on the machines not getting the policy. Although it sounds strange how they haven't receive the policy already the GP Refresh should have enabled them to receive the new policy/policies.

i'm also assuming the GPO is link enabled? the setting your trying to apply i'm guessing its a computer configuration correct?
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

rdefinoAuthor Commented:
I did run gpupdate ./force on a system and it's not getting the GPO.

GPO is link enabled and it is a computer configuration.
Restart the clients not getting the policy. What settings are contained within the GPO?

I would do this to see if the GPO or the machines are at fault. Remove the link of the GPO from the OU its applying to right now, Create a Test OU, Put the clients not getting the policy into that OU, once in the OU then remove the security group you have applied via Security Filtering and then put the authenticated users back in. If then the clients receive the policy then we can troubleshoot futher.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Will SzymkowskiSenior Solution ArchitectCommented:
Is this in fact a computer policy? And do you have the correct computers in the Group you are using for Security Filtering? If not then that would be the reason why it is not applying.

Also do the OU's beneath the OU (where you applied this policy) have any other policies applied to them which could possibly be blocking them from being applied?

If you run rsop.msc on the machine that is not getting the policies, right click on Computer Config and check the policies that are being applied. If you have the correct Computers in the Security Filtering the policy should be listed there. If not you will see that it was filtered out during policy processing.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.