troubleshooting Question

Windows 10 Machine not applied beeing applied by the WHOLE GPO , 2012 R2 Domain

Avatar of yairge
yairge asked on
Active DirectoryWindows Server 2012IT Administration
8 Comments1 Solution655 ViewsLast Modified:
Hi,
I have very weird issue.
I have 2012R2 Domain Controller(I have imported Windows 10 ADMX into the 2012DC, via this manual http://www.windowstricks.in/2016/07/group-policy-setting-not-applying-windows-10-computers.html)

along windows 7 machines, i recently started to add windows 10 machines
windows 7 machines receive the GPO fine.



All the windows 10 machines receive only partial of the GPO
For instance: a machine and a user on Windows 7 computer will get more GPO then identical Windows 10 Machine

This is how the GPO look on server side:
gpo-problem.png
As you can see there are more GPO`s exists at the server then the onces applied at the machine below:

gpresult /r on windows 10 machine:
    Domain Type:                        Windows 2008 or later

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy
        LockWorkStationAllButSarin
        DLO
        NOD32

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        LockDC
            Filtering:  Denied (WMI Filter)
            WMI Filter: ApplyToDCS

        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Administrators
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        CONSOLE LOGON
        NT AUTHORITY\Authenticated Users
        This Organization
        LOCAL
        Authentication authority asserted identity
        High Mandatory Level

for instance, test3test GPO should be applied on the machine, It has no WMI filter, Its anabled and its marked as "Everyone"

So why i dont even see test3test GPO even beeing rejected under  "   The following GPOs were not applied because they were filtered out"

Help anyone?
Anyway to debug this?

It seem like the Client does not event get the GPO at all from the server.

i have also tried to do this:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths
“\\*\SYSVOL”
“RequireMutualAuthentication=0”

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths “\\*\NETLOGON”
“RequireMutualAuthentication=0”
ASKER CERTIFIED SOLUTION
DrDave242
Principal Support Engineer

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 8 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 8 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros