troubleshooting Question

GPO will not apply policy to local workstation

Avatar of Andrew N. Kowtalo
Andrew N. Kowtalo asked on
SecurityWindows OSWindows Server 2008Windows 10* gp1
29 Comments1 Solution172 ViewsLast Modified:
I am having some issues applying a GPO to my workstations.   I am currently in the process trying to setup a GPO to push a security group with 2 domain logins associated with that group to apply local administrator access to any machine on this current domain.   Below is the link I am using.

https://richardstk.com/2013/11/26/adding-domain-users-to-the-local-administrators-group-using-group-policy/

I am attempting to use option 2 to ensure any local admins that are current on the workstation machine are not removed.  

I created the policy and applied the policy to the workstations group in GPM and enforced the policy.   (GPO Setup.jpg) Attached.  

However after running a gpupdate /force I am experiencing the following error on the workstation.


C:\Users\testgpo>gpupdate /force
Updating policy...

Computer policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows attempted to read the file \\ecva2.local\SysVol\ecva2.local\Policies\{56134950-09B3-4597-950F-26CF3ED660BA}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
User Policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows attempted to read the file \\ecva2.local\SysVol\ecva2.local\Policies\{341E2438-DF51-484F-B045-A8BED0538FD7}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.

C:\Users\testgpo>

I created a GPO Policy results log and was unable to see my Policy I setup in applied or Denied GPO

Applied GPOshide
Name Link Location Revision
Local Group Policy Local AD (1), Sysvol (1)
TREND MICRO SA INSTALLER ecva2.local AD (2), Sysvol (2)
Disable Server Manager at Start ecva2.local AD (1), Sysvol (1)
Paychex trusted sites ecva2.local AD (10), Sysvol (10)
My Virtual Merchant IE settings ecva2.local AD (22), Sysvol (22)
Homepage ecva2.local AD (1), Sysvol (1)
DP Workstation Policy ecva2.local AD (147), Sysvol (147)
Default Domain Policy ecva2.local AD (427), Sysvol (427)
Passwords ecva2.local AD (14), Sysvol (14)

Denied GPOshide
Name Link Location Reason Denied
{35DC6AA3-1646-46D2-A55E-726654C76F08} ecva2.local Inaccessible
{3C6EBF5B-0547-48AA-90CD-CF40B1705DD0} ecva2.local Inaccessible
{F8E984D3-4761-41F2-BD63-1140181D55B0} ecva2.local Inaccessible
{82D58C3B-C670-484D-9681-F90ACC99274E} ecva2.local Inaccessible
{322E4805-1398-4405-A1A0-2C4838ADE889} ecva2.local Inaccessible
{5AE0ABD2-207D-4199-8168-098856D859BA} ecva2.local Inaccessible
{2C22853C-9139-449F-923A-77AEAEADAEAB} ecva2.local Inaccessible

I have the policy enforced.

My boss seems to think there is a replication issue somewhere.   I have no clue from here where to look.   Can someone assist?  The workstation is running Windows 10 Pro and getting policies from Windows server 2008.   This is a request from the CEO so this is high priority.
GPO-Setup.JPG
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 29 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 29 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros