StrataDecisionIT
asked on
Group Policy not doing what expected
Hi,
We're trying to ensure a certain set of computers will never have their monitors go to sleep or have the screen saver kick in. The set of computers of interest is in its own OU, and we have a new GPO applied to the OU. The OU does inherit policies from upstream, and there are conflicting policies at a higher level. But the policies we've applied directly to the OU should override any conflicting inherited policies, right?
The screen saver setting (DISABLED) associated with the new GPO applied to the OU seems to be taking effect, but the power plan we've created and tried to put in place through that same GPO is not taking effect.
Looking at GP Results in the GPMC, what we see are both the inherited GPO (with the wrong power plan settings) and the directly-applied GPO (with the right power plan settings) both successfully applied to the computer/user--with the directly-applied GPO appearing higher in the results. This gives us the impression those settings should prevail, yet when we get onto the computer, the wrong power policy is always applied.
What are we missing?
Thanks,
Shawn
We're trying to ensure a certain set of computers will never have their monitors go to sleep or have the screen saver kick in. The set of computers of interest is in its own OU, and we have a new GPO applied to the OU. The OU does inherit policies from upstream, and there are conflicting policies at a higher level. But the policies we've applied directly to the OU should override any conflicting inherited policies, right?
The screen saver setting (DISABLED) associated with the new GPO applied to the OU seems to be taking effect, but the power plan we've created and tried to put in place through that same GPO is not taking effect.
Looking at GP Results in the GPMC, what we see are both the inherited GPO (with the wrong power plan settings) and the directly-applied GPO (with the right power plan settings) both successfully applied to the computer/user--with the directly-applied GPO appearing higher in the results. This gives us the impression those settings should prevail, yet when we get onto the computer, the wrong power policy is always applied.
What are we missing?
Thanks,
Shawn
Check the winning policy. Also make sure, objects are present in correct OU.
ASKER
Hey Will,
Thanks for responding!
We tried RSOP on one of the target machines, but what we're looking for is Computer\Preferences\Contr
If we run gpresult on one of the target machines, we'll see the same thing we see from GP Results in the GPMC: Both GPO's applied successfully, and the one we want appears first. But the settings shown in the second/lower GPO are the ones that end up in effect.
Thanks,
Shawn
Thanks for responding!
We tried RSOP on one of the target machines, but what we're looking for is Computer\Preferences\Contr
If we run gpresult on one of the target machines, we'll see the same thing we see from GP Results in the GPMC: Both GPO's applied successfully, and the one we want appears first. But the settings shown in the second/lower GPO are the ones that end up in effect.
Thanks,
Shawn
ASKER
Amit,
In Group Policy Results in the GPMC, both GPO's say "Successful" and are identified as "Winning GPO." The one we want to prevail is shown first, followed by the inherited GPO.
Thanks,
Shawn
In Group Policy Results in the GPMC, both GPO's say "Successful" and are identified as "Winning GPO." The one we want to prevail is shown first, followed by the inherited GPO.
Thanks,
Shawn
certain set of computers ?
Does these moved to single OU?
how you are applying it? Any filtered created?
Does these moved to single OU?
how you are applying it? Any filtered created?
ASKER
Yes, the computers of interest are in their own OU.
The link from our desired GPO is enabled and enforced on the OU.
"Security Filtering" shows "Authenticated Users" and nothing else.
I will mention that the GPO has our desired settings associated with both the Computer Configuration and the User Configuration:
Computer Configuration\Preferences\
User Configuration\Preferences\
The link from our desired GPO is enabled and enforced on the OU.
"Security Filtering" shows "Authenticated Users" and nothing else.
I will mention that the GPO has our desired settings associated with both the Computer Configuration and the User Configuration:
Computer Configuration\Preferences\
User Configuration\Preferences\
Did you enabled loop back processing mode? If not enable it and check it again.
ASKER
We tried loopback processing, with no effect.
Thanks,
Shawn
Thanks,
Shawn
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Amit provided ideas that kept us moving towards resolution, but I don't believe it would be accurate to say he directly provided us with a solution to the problem.
When you open up the RSOP window expand the GPO User or Computer (where ever it is applied) and see what the settings are listed as.
Another thing i would check is if this setting is set using local policy. Domain policies are suppose to override local policies but i have seen where this has created an issue if the setting was also applied locally.
Will.