GPO's not appearing in RSOP if they're attached to an OU

Hello, I have a Windows 2008 server that is a domain controller with terminal services. I'm having issues with Group Policy Objects which I know for a fact are working and are in effect, but not appearing in the RSOP report. Here's how it's configured:

I have an OU named Terminal Service Users. Certain users on the domain are in this OU.

If I attach Group Policies to this OU, they go into effect but they don't appear in RSOP if I run the report, even though I'm running it as one of the OU members. For auditing reasons, these GPOs absolutely MUST appear in the RSOP report. When running the report I choose "This Computer" and then "Another User" and choose one of the users in the Terminal Services OU.

If I attach any of these GPO's to the root of the domain, so it applies to the entire domain, the RSOP report then includes the GPOs.

DNS is installed and running properly on the server. Aside from this issue with RSOP I haven't had any other issues with Active Directory on this server.
Clay FoodyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
Are these computer or user policies that you are applying? What are you security filtering set to on the GPO linked to the OU?

Do you have both Computers and Users in the same OU and they are still not applying?

If you have User Policies that you want to apply to computers without having the Users in the same OU that the computers are located, you need to enable "Loopback Policy Processing"


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Clay FoodyAuthor Commented:
There are no other computers on the domain, just the one server. I have users in the same OU as the GPO, and I can see the GPOs are successfully applying. For example, because it's a terminal server, I have settings such as restricting access to the control panel, etc and I can see those working when I log in under one of the users in that. OU.

The problem is when I run RSOP under the same user the GPO and the settings in the GPO don't appear in the RSOP report. I have a 2012 server that's doing the same exact thing, so it's obviously something that I'm doing wrong, I just don't know what it is.
Will SzymkowskiSenior Solution ArchitectCommented:
What happens if you run the RSOP.msc againts the user/computer within Active Directory Users and Computers? This report should produce the correct info.

Another thing maybe these policies are being applied from another parent policy which is why it looks like they are applying but not from the GPO that you are referring to.

Clay FoodyAuthor Commented:
We figured out what was going on and I can see now what you were trying to do. Settings in the "Computer" section of the group policy will not enforce unless the computer is in the OU, just like the users section if a user is in the OU. Since this all occurs from the domain controller running terminal services, I don't see anyway to get his done other than to enable the "loopback processing" and the delegation settings to avoid issues that would arrive from dragging the server itself into the OU.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.