Windows 10 Machine not applied beeing applied by the WHOLE GPO , 2012 R2 Domain

Hi,
I have very weird issue.
I have 2012R2 Domain Controller(I have imported Windows 10 ADMX into the 2012DC, via this manual http://www.windowstricks.in/2016/07/group-policy-setting-not-applying-windows-10-computers.html)

along windows 7 machines, i recently started to add windows 10 machines
windows 7 machines receive the GPO fine.



All the windows 10 machines receive only partial of the GPO
For instance: a machine and a user on Windows 7 computer will get more GPO then identical Windows 10 Machine

This is how the GPO look on server side:
gpo-problem.png
As you can see there are more GPO`s exists at the server then the onces applied at the machine below:

gpresult /r on windows 10 machine:
    Domain Type:                        Windows 2008 or later

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy
        LockWorkStationAllButSarin
        DLO
        NOD32

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        LockDC
            Filtering:  Denied (WMI Filter)
            WMI Filter: ApplyToDCS

        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Administrators
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        CONSOLE LOGON
        NT AUTHORITY\Authenticated Users
        This Organization
        LOCAL
        Authentication authority asserted identity
        High Mandatory Level

Open in new window


for instance, test3test GPO should be applied on the machine, It has no WMI filter, Its anabled and its marked as "Everyone"

So why i dont even see test3test GPO even beeing rejected under  "   The following GPOs were not applied because they were filtered out"

Help anyone?
Anyway to debug this?

It seem like the Client does not event get the GPO at all from the server.

i have also tried to do this:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths
“\\*\SYSVOL”
“RequireMutualAuthentication=0”

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths “\\*\NETLOGON”
“RequireMutualAuthentication=0”
LVL 1
yairgeAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

McKnifeCommented:
There is no technical explanation, at least not, if you do it right.
Do a gpupdate on an elevated command prompt on win10 and retest.
0
yairgeAuthor Commented:
Well,
Ofcourse i did gpupdate before the gpresult.


the output is the same.
how do i start to debug this
0
McKnifeCommented:
Do a group policy modeling at the DC for that win10 machine. That modeling will tell you if those policies should have gotten applied or not.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

yairgeAuthor Commented:
I have...
the Dc says should be applied
hence its only client side problem? this weird.. many clients have this issue
i havedisabled the FW
0
DonNetwork AdministratorCommented:
How about if you also add

RequireIntegrity=0,RequirePrivacy=0

to both those registry locations ??
0
McKnifeCommented:
Take a clean test vm with win10, join it to the domain, add it to that OU and test.
0
DrDave242Senior Support EngineerCommented:
Are the missing policies user policies, computer policies, or both?

If they're user policies, an update back in June changed the context under which those policies are applied. Have a look here for more information.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
yairgeAuthor Commented:
The issue is because
MS16-072 Update

I managed to solve it by doing this
https://blogs.technet.microsoft.com/askds/2016/06/22/deploying-group-policy-security-update-ms16-072-kb3163622/
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.