Solved

GPOs not applying

Posted on 2016-08-25
9
67 Views
Last Modified: 2016-08-26
It is a SBS 2011 Server. All Windows 10 Professional workstations. When I do a gpresult /h the only GPOs it says are applied are the Default Domain Policy and the  Folder Redirection Policy (linked to the User OU). It passes through 5 additional GPOs linked to the Domain and another 7 linked to the Computer OU but none of those 12 show up in the gpresult as being either applied or denied. It is like it isn't even looking at those 12.

Where do you start debug on something like this?
0
Comment
Question by:LockDown32
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 18

Accepted Solution

by:
Sushil Sonawane earned 250 total points
ID: 41770130
Hi

Download new admx template for windows 10 then check.

and  Please refer below link to resolve your issue.

http://www.windowstricks.in/2016/07/group-policy-setting-not-applying-windows-10-computers.html


http://wibier.me/windows-10-group-policy-objects-gpo-not-applied/
0
 
LVL 15

Author Comment

by:LockDown32
ID: 41770177
It is not the KB Microsoft released in June and there is not clear cut fix in either of those articles. As mentioned above it is not that none of the GPOs are applying. Two are. Both articles gave the impression that not of the GPOs apply.

Is there a simple procedure for downloading and installing the admx files?
0
 
LVL 6

Assisted Solution

by:sAMAccountName
sAMAccountName earned 125 total points
ID: 41770434
Take a look at this for some detailed information about ADMX files:  Step-By-Step: Managing Windows 10 with Administrative templates

Verify you have the right templates installed, then make sure you run GPRESULT /H as an administrator or you cant read computer information.  

If you look at "Applied Group Policies" and "Denied Group Policies" in the gpresult output, what do you see?
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 125 total points
ID: 41770438
Make sure that you have either "Authenticated Users" or "Domain Computers" added to the security filtering
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 41770442
0
 
LVL 15

Author Comment

by:LockDown32
ID: 41770459
It is not a result of the Microsoft Update back in June. All policies have Authenticates Users Read in Delegation.

When I do a gpresult /v I can see that the other GPOs are recognized in the list it is simple that they don't apply.

As stated above:  When I do a gpresult /h the only GPOs it says are applied are the Default Domain Policy and the  Folder Redirection Policy (linked to the User OU). It passes through 5 additional GPOs linked to the Domain and another 7 linked to the Computer OU but none of those 12 show up in the gpresult as being either applied or denied. It is like it isn't even looking at those 12.

The link to the AdmX files doesn't track either. The article says to download and copy the Admx files but the downloads are MSI and want to install the files someplace other then where it says to copy them to.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 41770487
Have you looked thru event viewer for any group policy errors ???
0
 
LVL 6

Expert Comment

by:sAMAccountName
ID: 41770613
If the policies arent listed under the "applied" or "denied" section of the report, then its quite possible client-side policy processing isnt even evaluating the them.  Check SYSVOL replication to make sure the policies are available and consistent on all DCs

Also:
Take a look at the trouble policies and verify in the security tab they arent being denied by some a security group membership or something else.  When you add Authenticated Users to filtering, they automatically get read and apply, but if the objects are also in a group with an explicit deny, the policies wont even be evaluated.

Again, make sure you run gpresult in an administrator shell or you wont be able to see computer policy information.
0
 
LVL 15

Author Comment

by:LockDown32
ID: 41770628
Well.... I had a problem with gpresult in a W10 workstation early in the game and it brought back memories of where gpresult was hosed on the workstation. Just for grins I ran Group Policy Results on the server and it looked like it was supposed to. It plainly pointed out what GPO was enforced and over-riding my settings. It showed the above 12 and being applied.

So the problem was gpresult on the W10 workstation (yet again). Wow. This Windows 10 has turned in to another Vista....
0

Featured Post

Veeam gives away 10 full conference passes

Veeam is a VMworld 2017 US & Europe Platinum Sponsor. Enter the raffle to get the full conference pass. Pass includes the admission to all general and breakout sessions, VMware Hands-On Labs, Solutions Exchange, exclusive giveaways and the great VMworld Customer Appreciation Part

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question