Windows 8 with Surface

I have a surface Pro 3 that I joined the domain and this works very nice or at least I think it does.  The problem is that we use group policies for IE settings where users are not allowed to make certain changes.
I have moved the surface and my user account to a nopolicy OU and I was able to by-pass the policy settings.  But now I get the settings installed regardless if I am in the normal OU or Nopolicy OU!!
This is odd and I investifgated further doing gpupdate /force and get the following error:
Computer Policy update has completed successfully.

The following warnings were encountered during computer policy processing:

Windows failed to apply the Internet Explorer Zonemapping settings. Internet Explorer Zonemapping settings might have its own log file. Please click on the "More information" link.
User Policy update has completed successfully.

For more detailed information, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.

After some research it seems to point the way the surface boots up and reboots...  Not sure what is going on?

Any help would be much appreciated.  Thank you
Lou PereiraAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
Group Policy IE settings are USER based settings. They do not apply to the computer itself they apply to the User. So it does not matter where you computer is located in the OU structure. If it is a User Policy then it is based on where the User is located. Make sure that your account has not been recently moved into an OU where this policy is being applied.

Use rsop.msc on the client machine and also do it from ADUC to ensure that they match for your account and pc that you are logging into.

Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Lou PereiraAuthor Commented:
Well, the question and aswer did not match exactly.  for example, you can have a machine GPO to apply IE settings and every user that logs to that machine must adhere to machine settings, I believe it's more secure, because if you decide to log in locally you can bypass the domain user GPO.
0
Will SzymkowskiSenior Solution ArchitectCommented:
If you log on locally you are not getting any policies from the domain regardless. Users should not know local account passwords in the first place.

Not sure why you graded this question a C?

Any Reason?

Will.
0
Lou PereiraAuthor Commented:
Hello Will,
I am sorry for the low score, but if you have a machine GPO it will apply regardless you login locally or domain.  This because the machine is registered to domain.  I look forward to your input in other questions.
0
Will SzymkowskiSenior Solution ArchitectCommented:
There are some GPO's that are only designed for User Policies like the IE Settings. This is by design. Also Not all Computer Policies will be applied to a machine when you logon with a local account. When you logon locally you are not logging on to the domain, so not all computer policies are applied there a few specific ones but majority are not.

If you want user policies like the IE settings to be applied to a specific machine then you need to use Loopback Policy processing for this. This forces the User policies to be applied from GPO where you have linked it to the computer.

Will.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.