GPO not applying to Clients

active-directory windows-server-2008-r2 windows-7 group-policy
10,014

Solution 1

What you're seeing is perfectly normal. The Local Group Policy editor is for viewing and configuring the Local group policy object and its settings, not for viewing domain based Group Policy settings.

Domain based Group Policies override Local Group Policy settings, they do not overwrite Local Group Policy settings.

RSOP is the tool for viewing settings that are being applied to the computer and user from domain based Group Policy objects.

Your RSOP results show that the domain based Group Policy settings are in fact being applied to the computer.

Solution 2

In your RSOP screnclip, take a look at the GPO State column. Not configured means it's not configured. You have to set the state to either enable or disable for the GPO to actually do anything. If you enable the Remote Assistance GPO, Remote Assistance will be enabled on computers this GPO applies to, and users will be allowed to create Remote Assistance requests from these computers. If you disable the Remote Assistance GPO, Remote Assistance will be disabled on computers this GPO applies to, and users will be not allowed to create Remote Assistance requests.

If you take a look at your GPResult output, it tells you why the GPO is not being applied: Reason denied: Empty. IT telling you that your GPO doesn't actually contain any configurations to apply... so they're not being applied.

enter image description here

So, the reason those GPOs are applying is because they don't do anything. Change the state on those GPO settings from Not Configured to the desired state, and they should start working next time your clients fetch group policy. (And possibly reboot... I don't know off the top of my head if those particular configurations require a reboot or not).

Share:
10,014

Related videos on Youtube

David
Author by

David

Updated on September 18, 2022

Comments

  • David
    David over 1 year

    I am having issues applying the below GPOs to clients.

    Computer Configuration \ Policies \ Administrative Templates \ System \ Remote assistance \ "Offer Remote Assistance"

Computer Configuration \ Policies \ Administrative Templates \ Windows Components \ Autoplay Policies \ "Turn off Autoplay"

    These policies are applied against specific containers, but are not applying in both our production environment and our VMWare test lab, even with clean installs.

    I have tried with the Firewall and AV disabled on both client and server, without success, and gpupdate /force has no effect either. RSOP on the client is seeing the required policy changes but they are not applying for some reason. I have also added client names to the Security Filtering of that policy and have tried logging on to client with a Domain Admin account, also without success.

    At the same time, other policies like "Logon Scripts" and "Encrypting File System" apply fine.

    This is from a Windows Server 2008R2 Enterprise server, to Windows 7, SP1 Enterprise clients.

    Here is the link to the output of /gpresult on the client.

    RSOP on the client:

    enter image description here

    GPMC settings: enter image description here

    Does anyone have an idea what's going wrong here?

  • David
    David over 9 years
    Thanks for the reply. The thing is that the policies are set to enabled in the GPMC (as per the RSOP top snip). This state is however not replicating to the client. You might be onto something with regards to the Local Group Policy, will check it later in the day and report back
  • HopelessN00b
    HopelessN00b over 9 years
    @David That means the GPO link is enabled. It doesn't mean the settings within it are configured. You need to click into the "Offer Remote Assistance" Setting and change its state to either enabled or disabled.
  • MDMoore313
    MDMoore313 over 9 years
    @David you have enabled the group policy to be deployed to any workstations in that container, however the gpo you have enabled is empty, there's nothing for it to apply to the computer, so the computer has denied that gpo. Also, when you pull up the Local Group Policy editor, that show's you the local group policy on the workstation, not the domain policies being applied to the workstation (referring to your top screenshot).
  • David
    David over 9 years
    It seems like I need to go back to school to learn how GPO's work. As per your explanation, the GPO is indeed applying to the Client, it is just not reflecting as a change in the Local Policy of the client. Did a quick test with a flash drive with an autorun.inf file and the flash didn't run (which is what I expected), also managed to connect remote assistance to the cleint. Next time I will check and make sure something works instead of assuming it wont because I dont see the expected changes. Anyway, many thanks joeqwerty and HopelessN00b for your assistance, its much appreciated

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

GPO Software Deployment Errors %%1274 and %%2
Domain User Account Locks: Correct password used
Active Directory Allow User to Install Only
Why only one PC is not updating the GPO?
Local group policy not applying (gpresult says its empty, but it's not)
Group Policy for Computers not applying, can't find PDC?
Password Policy seems to be ignored for new Domain on Windows Server 2008 R2
Disable speakers on Windows client machines?
How to get additional Account Info tab in ADUC with Taskpads
How do you get around security warnings when redirecting AppData?