Avatar of Gary Dewrell
Gary Dewrell
Flag for United States of America asked on

Need help with GPO execution order

I have a GPO that setts the IE proxy settings for all users.  I am about to move users to a non-proxy setup but I want to do this in phases.
I created a second GPO that has the proxy set blank, I added a filter that says only apply to systems in no-proxy security group.

In the OU, I have the No-Proxy GPO as number 1 and the Proxy GPO as number 2.

Even though I put systems in the security group, GPO 1 never seems to be applied. No mention of it in gpresults at all.
Active DirectoryWindows Server 2012

Avatar of undefined
Last Comment
Gary Dewrell

8/22/2022 - Mon
Krzysztof Pytko

Could you provide reports from your GPOs for PROXY settings. please?
Please provide output from your configuration by executing below cmd-lets in PowerShell and attach files to analyze here, please.

Code to execute in PowerShell
Import-Module GroupPolicy

Get-GPInheritance -Target "OU=Location,DC=Domain,DC=com" | Out-File gpo-inheritance.log

Get-GPOReport -Name "GPO Poxy Name 1" -ReportType Html | Out-File gporeport-proxy1.html
Get-GPOReport -Name "GPO Poxy Name 2" -ReportType Html | Out-File gporeport-proxy2.html

Get-GPPermissions -Name "GPO Proxy Name 1" -All | Out-File gpo-proxy1-perms.log
Get-GPPermissions -Name "GPO Proxy Name 2" -All | Out-File gpo-proxy1-perms.log

Open in new window


You need to replace GPO names with proper ones and put appropriate distinguished name of an OU where GPO links are linked.

If you need more support in code execution, please let me know.

Thank you in advance.

Regards,
Krzysztof
Gary Dewrell

ASKER
See attached files.

Let me explain what I am trying to do.
Currently we have a GPO named iesettings, that setups the proxy settings for all users.
We are decommissioning the proxy server (TMG) and will not be using a proxy going forward.
I created a new GPO named iesettings-noproxy, added a security filter, specifying a group so that this new GPO would only apply to members of that group so that I can do a phased migration.

I am totally open to another way to accomplish this goal.
gpo-proxy-perms.log
gpo-noproxy-perms.log
gporeport-proxy.html
gporeport-noproxy.html
gpo-inheritance.log
GPO.png
Krzysztof Pytko

Let me review logs and I will go back to you.

Krzysztof
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Gary Dewrell

ASKER
Thank you.
ASKER CERTIFIED SOLUTION
*** Hopeleonie ***

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
Krzysztof Pytko

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Gary Dewrell

ASKER
Will test this morning. Thank you.
Krzysztof Pytko

No problem, you are welcome. Do not hurry, take your time :)
We are here to help each other

Krzysztof
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Gary Dewrell

ASKER
Well that definitely got me closer! I now see in the gpresult that the GPO was applied. But it is being trumped by another GPO.

I attached two more screen shots.
GPOOrder.png shows that the IESettings-NoProxy is number 1, and enforced.
And that IEsettings is number 6 and not enforced.

My understanding is that the IESettings-NoProxy should win.

Yet looking at the UserGPOResults.png I see that IESEttings won.

What am I missing?
GPOOrder.png
UserGPOResults..png