asked on GPOs not applying
It is a SBS 2011 Server. All Windows 10 Professional workstations. When I do a gpresult /h the only GPOs it says are applied are the Default Domain Policy and the Folder Redirection Policy (linked to the User OU). It passes through 5 additional GPOs linked to the Domain and another 7 linked to the Computer OU but none of those 12 show up in the gpresult as being either applied or denied. It is like it isn't even looking at those 12.
Where do you start debug on something like this?
Where do you start debug on something like this?
Active DirectorySBS
Last Comment
LockDown32
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
This is an issue based on a security update
https://blogs.technet.microsoft.com/askds/2016/06/22/deploying-group-policy-security-update-ms16-072-kb3163622/
https://blogs.technet.microsoft.com/askds/2016/06/22/deploying-group-policy-security-update-ms16-072-kb3163622/
ASKER
It is not a result of the Microsoft Update back in June. All policies have Authenticates Users Read in Delegation.
When I do a gpresult /v I can see that the other GPOs are recognized in the list it is simple that they don't apply.
As stated above: When I do a gpresult /h the only GPOs it says are applied are the Default Domain Policy and the Folder Redirection Policy (linked to the User OU). It passes through 5 additional GPOs linked to the Domain and another 7 linked to the Computer OU but none of those 12 show up in the gpresult as being either applied or denied. It is like it isn't even looking at those 12.
The link to the AdmX files doesn't track either. The article says to download and copy the Admx files but the downloads are MSI and want to install the files someplace other then where it says to copy them to.
When I do a gpresult /v I can see that the other GPOs are recognized in the list it is simple that they don't apply.
As stated above: When I do a gpresult /h the only GPOs it says are applied are the Default Domain Policy and the Folder Redirection Policy (linked to the User OU). It passes through 5 additional GPOs linked to the Domain and another 7 linked to the Computer OU but none of those 12 show up in the gpresult as being either applied or denied. It is like it isn't even looking at those 12.
The link to the AdmX files doesn't track either. The article says to download and copy the Admx files but the downloads are MSI and want to install the files someplace other then where it says to copy them to.
Have you looked thru event viewer for any group policy errors ???
If the policies arent listed under the "applied" or "denied" section of the report, then its quite possible client-side policy processing isnt even evaluating the them. Check SYSVOL replication to make sure the policies are available and consistent on all DCs
Also:
Take a look at the trouble policies and verify in the security tab they arent being denied by some a security group membership or something else. When you add Authenticated Users to filtering, they automatically get read and apply, but if the objects are also in a group with an explicit deny, the policies wont even be evaluated.
Again, make sure you run gpresult in an administrator shell or you wont be able to see computer policy information.
Also:
Take a look at the trouble policies and verify in the security tab they arent being denied by some a security group membership or something else. When you add Authenticated Users to filtering, they automatically get read and apply, but if the objects are also in a group with an explicit deny, the policies wont even be evaluated.
Again, make sure you run gpresult in an administrator shell or you wont be able to see computer policy information.
ASKER
Well.... I had a problem with gpresult in a W10 workstation early in the game and it brought back memories of where gpresult was hosed on the workstation. Just for grins I ran Group Policy Results on the server and it looked like it was supposed to. It plainly pointed out what GPO was enforced and over-riding my settings. It showed the above 12 and being applied.
So the problem was gpresult on the W10 workstation (yet again). Wow. This Windows 10 has turned in to another Vista....
So the problem was gpresult on the W10 workstation (yet again). Wow. This Windows 10 has turned in to another Vista....
Is there a simple procedure for downloading and installing the admx files?