asked on 1/29/2020

GPO will not apply policy to local workstation

I am having some issues applying a GPO to my workstations. I am currently in the process trying to setup a GPO to push a security group with 2 domain logins associated with that group to apply local administrator access to any machine on this current domain. Below is the link I am using.

https://richardstk.com/2013/11/26/adding-domain-users-to-the-local-administrators-group-using-group-policy/

I am attempting to use option 2 to ensure any local admins that are current on the workstation machine are not removed.

I created the policy and applied the policy to the workstations group in GPM and enforced the policy. (GPO Setup.jpg) Attached.

However after running a gpupdate /force I am experiencing the following error on the workstation.

C:\Users\testgpo>gpupdate /force
Updating policy...

Computer policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows attempted to read the file \\ecva2.local\SysVol\ecva2.local\Policies\{56134950-09B3-4597-950F-26CF3ED660BA}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
User Policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows attempted to read the file \\ecva2.local\SysVol\ecva2.local\Policies\{341E2438-DF51-484F-B045-A8BED0538FD7}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.

C:\Users\testgpo>

I created a GPO Policy results log and was unable to see my Policy I setup in applied or Denied GPO

Applied GPOshide
Name Link Location Revision
Local Group Policy Local AD (1), Sysvol (1)
TREND MICRO SA INSTALLER ecva2.local AD (2), Sysvol (2)
Disable Server Manager at Start ecva2.local AD (1), Sysvol (1)
Paychex trusted sites ecva2.local AD (10), Sysvol (10)
My Virtual Merchant IE settings ecva2.local AD (22), Sysvol (22)
Homepage ecva2.local AD (1), Sysvol (1)
DP Workstation Policy ecva2.local AD (147), Sysvol (147)
Default Domain Policy ecva2.local AD (427), Sysvol (427)
Passwords ecva2.local AD (14), Sysvol (14)

Denied GPOshide
Name Link Location Reason Denied
{35DC6AA3-1646-46D2-A55E-726654C76F08} ecva2.local Inaccessible
{3C6EBF5B-0547-48AA-90CD-CF40B1705DD0} ecva2.local Inaccessible
{F8E984D3-4761-41F2-BD63-1140181D55B0} ecva2.local Inaccessible
{82D58C3B-C670-484D-9681-F90ACC99274E} ecva2.local Inaccessible
{322E4805-1398-4405-A1A0-2C4838ADE889} ecva2.local Inaccessible
{5AE0ABD2-207D-4199-8168-098856D859BA} ecva2.local Inaccessible
{2C22853C-9139-449F-923A-77AEAEADAEAB} ecva2.local Inaccessible

I have the policy enforced.

My boss seems to think there is a replication issue somewhere. I have no clue from here where to look. Can someone assist? The workstation is running Windows 10 Pro and getting policies from Windows server 2008. This is a request from the CEO so this is high priority.
GPO-Setup.JPG

Windows 10 Windows OS Windows Server 2008 * gp1 Security

Last Comment