Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

GPOs not applying

Posted on 2016-08-25
9
Medium Priority
?
70 Views
Last Modified: 2016-08-26
It is a SBS 2011 Server. All Windows 10 Professional workstations. When I do a gpresult /h the only GPOs it says are applied are the Default Domain Policy and the  Folder Redirection Policy (linked to the User OU). It passes through 5 additional GPOs linked to the Domain and another 7 linked to the Computer OU but none of those 12 show up in the gpresult as being either applied or denied. It is like it isn't even looking at those 12.

Where do you start debug on something like this?
0
Comment
Question by:LockDown32
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 18

Accepted Solution

by:
Sushil Sonawane earned 1000 total points
ID: 41770130
Hi

Download new admx template for windows 10 then check.

and  Please refer below link to resolve your issue.

http://www.windowstricks.in/2016/07/group-policy-setting-not-applying-windows-10-computers.html


http://wibier.me/windows-10-group-policy-objects-gpo-not-applied/
0
 
LVL 15

Author Comment

by:LockDown32
ID: 41770177
It is not the KB Microsoft released in June and there is not clear cut fix in either of those articles. As mentioned above it is not that none of the GPOs are applying. Two are. Both articles gave the impression that not of the GPOs apply.

Is there a simple procedure for downloading and installing the admx files?
0
 
LVL 6

Assisted Solution

by:sAMAccountName
sAMAccountName earned 500 total points
ID: 41770434
Take a look at this for some detailed information about ADMX files:  Step-By-Step: Managing Windows 10 with Administrative templates

Verify you have the right templates installed, then make sure you run GPRESULT /H as an administrator or you cant read computer information.  

If you look at "Applied Group Policies" and "Denied Group Policies" in the gpresult output, what do you see?
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 500 total points
ID: 41770438
Make sure that you have either "Authenticated Users" or "Domain Computers" added to the security filtering
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 41770442
0
 
LVL 15

Author Comment

by:LockDown32
ID: 41770459
It is not a result of the Microsoft Update back in June. All policies have Authenticates Users Read in Delegation.

When I do a gpresult /v I can see that the other GPOs are recognized in the list it is simple that they don't apply.

As stated above:  When I do a gpresult /h the only GPOs it says are applied are the Default Domain Policy and the  Folder Redirection Policy (linked to the User OU). It passes through 5 additional GPOs linked to the Domain and another 7 linked to the Computer OU but none of those 12 show up in the gpresult as being either applied or denied. It is like it isn't even looking at those 12.

The link to the AdmX files doesn't track either. The article says to download and copy the Admx files but the downloads are MSI and want to install the files someplace other then where it says to copy them to.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 41770487
Have you looked thru event viewer for any group policy errors ???
0
 
LVL 6

Expert Comment

by:sAMAccountName
ID: 41770613
If the policies arent listed under the "applied" or "denied" section of the report, then its quite possible client-side policy processing isnt even evaluating the them.  Check SYSVOL replication to make sure the policies are available and consistent on all DCs

Also:
Take a look at the trouble policies and verify in the security tab they arent being denied by some a security group membership or something else.  When you add Authenticated Users to filtering, they automatically get read and apply, but if the objects are also in a group with an explicit deny, the policies wont even be evaluated.

Again, make sure you run gpresult in an administrator shell or you wont be able to see computer policy information.
0
 
LVL 15

Author Comment

by:LockDown32
ID: 41770628
Well.... I had a problem with gpresult in a W10 workstation early in the game and it brought back memories of where gpresult was hosed on the workstation. Just for grins I ran Group Policy Results on the server and it looked like it was supposed to. It plainly pointed out what GPO was enforced and over-riding my settings. It showed the above 12 and being applied.

So the problem was gpresult on the W10 workstation (yet again). Wow. This Windows 10 has turned in to another Vista....
0

Featured Post

Enroll in September's Course of the Month

This month’s featured course covers 16 hours of training in installation, management, and deployment of VMware vSphere virtualization environments. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question