GPO not applied and visible server 2012
-
Monday, September 24, 2012 2:46 PM
Hello,
I hope some one can help me with this. I have installed server 2012 standard join the domain en placed it in the OU TSENV. Now the strange thing is that all policy from the OU above TSENV are applied and shown in gpresult /r but all gpo linked to the TSENV not. I have exactly the same setup for a server 2008 standard and this works. Maybe somehow i have to tell my domain controller that this is a server 2012 version.....?
All Replies
-
Monday, September 24, 2012 4:35 PM
Hello,
Maybe somehow i have to tell my domain controller that this is a server 2012 version.....?
Do you have any WMI Filters that could prevent the policy from applying?
MVP Group Policy - Mythen, Insiderinfos und Troubleshooting zum Thema GPOs: Let's go, use GPO!
- Marked As Answer by Roy_1986 Tuesday, September 25, 2012 7:10 AM
- Unmarked As Answer by Andy QiMicrosoft Contingent Staff, Moderator Wednesday, October 03, 2012 7:34 AM
- Marked As Answer by Andy QiMicrosoft Contingent Staff, Moderator Wednesday, October 03, 2012 7:34 AM
-
Tuesday, September 25, 2012 6:59 AM
Yes i am using a wmi filter (select * from Win32_OperatingSystem where Version like "6.2%") When i disable wmi filtering i have te same problem.
GPresult on server 2012:
mydomain\royadmin Data collected on: 24-9-2012 16:16:33 SummaryNo data available.During last user policy refresh on 24-9-2012 15:12:38 A fast link was detected More information... The following GPOs have special alerts GPO Name Alert Lockout Policy User Configuration Disabled Firewall voor Internet-verbindingen van Small Business Server AD / SYSVOL Version Mismatch Small Business Server Remote Assistance Policy User Configuration Disabled Vergrendelingsbeleid van Small Business Server User Configuration Disabled Small Business Server Internet Connection Firewall AD / SYSVOL Version Mismatch Beleidsregels voor Hulp op afstand van Small Business Server User Configuration Disabled Terminal server Taal DE AD / SYSVOL Version Mismatch,Enforced Terminal server Taal ENG AD / SYSVOL Version Mismatch Small Business Server Windows Firewall AD / SYSVOL Version Mismatch Windows Firewall van Small Business Server AD / SYSVOL Version Mismatch Computer DetailsNo data available.User DetailsGeneralUser name mydomain\royadmin Domain xxx.local Organizational Unit xxxx.local/MyBusiness/Users/SBSUsers/Nederland Security Group Membership showComponent StatusComponent Name Status Time Taken Last Process Time Event Log Group Policy Infrastructure Success 24-9-2012 15:12:38 Group Policy Files Success 24-9-2012 11:20:04 Internet Explorer Branding Failed 24-9-2012 15:12:38 Internet Explorer Branding failed due to the error listed below.
The specified procedure could not be found.
Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 24-9-2012 15:12:38 and 24-9-2012 15:12:38.Registry Success 24-9-2012 11:20:04 Scripts Success 24-9-2012 11:20:04 SettingsPoliciesWindows SettingsScriptsLogoffName Parameters Last Run Script Order in GPO Winning GPO \\dc01\NETLOGON\logoff.bat Not configured Default Domain Policy Administrative TemplatesPolicy definitions (ADMX files) retrieved from the local computer.Desktop/DesktopPolicy Setting Winning GPO Desktop Wallpaper Enabled Background policy Wallpaper Name: C:\achtergrond\background_fattclient.jpg Example: Using a local path: C:\windows\web\wallpaper\home.jpg Example: Using a UNC path: \\Server\Share\Corp.jpg Wallpaper Style: Stretch Microsoft Outlook 2010/Account Settings/Exchange/Cached Exchange ModePolicy Setting Winning GPO Use Cached Exchange Mode for new and existing Outlook profiles Disabled Default Domain Policy Microsoft Outlook 2010/Outlook Social ConnectorPolicy Setting Winning GPO Turn off Outlook Social Connector Enabled Default Domain Policy Windows Components/Internet ExplorerPolicy Setting Winning GPO Prevent changing proxy settings Enabled Default Domain Policy Group Policy ObjectsApplied GPOsBackground policyLink Location xxxxx.local Extensions Configured Group Policy Files
Registry
Group Policy InfrastructureEnforced No Disabled None Security Filters xxxx\Domain Users Revision AD (34), SYSVOL (34) WMI Filter Default Domain PolicyLink Location xxxx.local Extensions Configured Internet Explorer Branding
Scripts
Registry
{3060E8D0-7020-11D2-842D-00C04FA372D4}Enforced No Disabled None Security Filters NT AUTHORITY\Authenticated Users Revision AD (16), SYSVOL (16) WMI Filter Denied GPOsBeleidsregels voor domeinwachtwoordenLink Location xxxx.local Extensions Configured Enforced No Disabled None Security Filters NT AUTHORITY\Authenticated Users Revision AD (0), SYSVOL (0) WMI Filter Reason Denied Empty Beleidsregels voor Hulp op afstand van Small Business ServerLink Location xxxx.local Extensions Configured Enforced No Disabled User Configuration Security Filters NT AUTHORITY\Authenticated Users Revision AD (0), SYSVOL (0) WMI Filter Reason Denied Disabled GPO Clientcomputer voor Small Business ServerLink Location xxxx.local Extensions Configured Enforced No Disabled None Security Filters NT AUTHORITY\Authenticated Users Revision AD (0), SYSVOL (0) WMI Filter Reason Denied Empty Firewall voor Internet-verbindingen van Small Business ServerLink Location xxxx.local Extensions Configured Enforced No Disabled None Security Filters NT AUTHORITY\Authenticated Users Revision AD (0), SYSVOL (65535) WMI Filter PreSP2 Reason Denied False WMI Filter Local Group PolicyLink Location Local Extensions Configured Enforced No Disabled None Security Filters Revision AD (0), SYSVOL (0) WMI Filter Reason Denied Empty Lockout PolicyLink Location xxxx.local Extensions Configured Enforced No Disabled User Configuration Security Filters NT AUTHORITY\Authenticated Users Revision AD (0), SYSVOL (0) WMI Filter Reason Denied Disabled GPO Small Business Server Client ComputerLink Location xxxxx.local Extensions Configured Enforced No Disabled None Security Filters NT AUTHORITY\Authenticated Users Revision AD (0), SYSVOL (0) WMI Filter Reason Denied Empty Small Business Server Domain Password PolicyLink Location xxxx.local Extensions Configured Enforced No Disabled None Security Filters NT AUTHORITY\Authenticated Users Revision AD (0), SYSVOL (0) WMI Filter Reason Denied Empty Small Business Server Internet Connection FirewallLink Location xxxx.local Extensions Configured Enforced No Disabled None Security Filters NT AUTHORITY\Authenticated Users Revision AD (0), SYSVOL (65535) WMI Filter PreSP2 Reason Denied False WMI Filter Small Business Server Remote Assistance PolicyLink Location xxxx.local Extensions Configured Enforced No Disabled User Configuration Security Filters NT AUTHORITY\Authenticated Users Revision AD (0), SYSVOL (0) WMI Filter Reason Denied Disabled GPO Small Business Server Windows FirewallLink Location xxxxx.local Extensions Configured Enforced No Disabled None Security Filters NT AUTHORITY\Authenticated Users Revision AD (0), SYSVOL (65535) WMI Filter PostSP2 Reason Denied False WMI Filter Terminal server Taal DELink Location xxxx.local Extensions Configured Registry Enforced Yes Disabled None Security Filters xxxx\xxxxDuitsland Revision AD (2), SYSVOL (65535) WMI Filter Reason Denied Access Denied (Security Filtering) Terminal server Taal ENGLink Location xxxx.local Extensions Configured Registry Enforced No Disabled None Security Filters xxx\xxxPolen
xxxx\xxxFrankrijk
xxx\xxHongarijeRevision AD (2), SYSVOL (65535) WMI Filter Reason Denied Access Denied (Security Filtering) Vergrendelingsbeleid van Small Business ServerLink Location xxx.local Extensions Configured Enforced No Disabled User Configuration Security Filters NT AUTHORITY\Authenticated Users Revision AD (0), SYSVOL (0) WMI Filter Reason Denied Disabled GPO Windows Firewall van Small Business ServerLink Location xxx.local Extensions Configured Enforced No Disabled None Security Filters NT AUTHORITY\Authenticated Users Revision AD (0), SYSVOL (65535) WMI Filter PostSP2 Reason Denied False WMI Filter WMI FiltersName Value Reference GPO(s) PostSP2 False Windows Firewall van Small Business Server PostSP2 False Small Business Server Windows Firewall PreSP2 False Small Business Server Internet Connection Firewall PreSP2 False Firewall voor Internet-verbindingen van Small Business Server
-
Tuesday, September 25, 2012 7:01 AM
Server 2008 R2
xxxx\royadmin Data collected on: 25-9-2012 8:47:35 SummaryComputer Configuration SummaryNo data available.User Configuration SummaryGeneralUser name xxx\royadmin Domain xxx.local Last time Group Policy was processed 25-9-2012 8:45:12 Group Policy ObjectsApplied GPOsName Link Location Revision Background policy xx.local AD (34), Sysvol (34) Default Domain Policy xx.local AD (16), Sysvol (16) Terminal server IE9 security settings xxx.local/TSENV AD (3), Sysvol (3) Terminal server baseline R2 64bit xx.local/TSENV AD (38), Sysvol (38) Denied GPOsName Link Location Reason Denied Local Group Policy Local Empty Terminal server Taal ENG xxx.local Access Denied (Security Filtering) Terminal server Taal DE xxx.local Access Denied (Security Filtering) Lockout Policy xx.local Disabled GPO Small Business Server Remote Assistance Policy xx.local Disabled GPO Small Business Server Domain Password Policy xx.local Empty Beleidsregels voor domeinwachtwoorden xxx.local Empty Vergrendelingsbeleid van Small Business Server xx.local Disabled GPO Beleidsregels voor Hulp op afstand van Small Business Server xx.local Disabled GPO Clientcomputer voor Small Business Server xx.local Empty Firewall voor Internet-verbindingen van Small Business Server xx.local False WMI Filter Windows Firewall van Small Business Server xx.local False WMI Filter Small Business Server Client Computer xx.local Empty Small Business Server Internet Connection Firewall xx.local False WMI Filter Small Business Server Windows Firewall xx.local False WMI Filter Terminal server 2012 baseline xx.local/TSENV Access Denied (Security Filtering) Terminal server Taal NL xx.local/TSENV Access Denied (Security Filtering) Terminal server start RES powerfuse als shell 64bit xx.local/TSENV Access Denied (Security Filtering) Terminal server User config xx.local/TSENV Disabled GPO Terminal server baseline xx.local/TSENV Access Denied (Security Filtering) WSUS policy terminal servers xxx.local/TSENV/TSENV Access Denied (Security Filtering) Security Group Membership when Group Policy was appliedxx\Domain Users
Everyone
TS09\Offer Remote Assistance Helpers
TS09\TS Web Access Computers
BUILTIN\Users
BUILTIN\Administrators
BUILTIN\Remote Desktop Users
NT AUTHORITY\REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
NT AUTHORITY\This Organization
LOCAL
xx\Verkoop Binnendienst NEDERLAND
xx\Domain Admins
xx\Calculatie
xx\Automatisering
xx\Redirect profiel
xx\Verkoop
xx\Tsusers
xx\Web Workplace Users
xx\Enterprise Admins
xx\SBS Mobile Users
xx\SBS Remote Operators
xx\Iedereen
x\SBS Report Users
xx\Offer Remote Assistance Helpers
xx\Hulp op afstand-aanbieders
xx\Denied RODC Password Replication Group
Mandatory Label\High Mandatory LevelWMI FiltersName Value Reference GPO(s) PostSP2 False Small Business Server Windows Firewall PostSP2 False Windows Firewall van Small Business Server PreSP2 False Small Business Server Internet Connection Firewall PreSP2 False Firewall voor Internet-verbindingen van Small Business Server Server 2008 R2 ONLY True Terminal server baseline R2 64bit, Terminal server IE9 security settings Component StatusComponent Name Status Last Process Time Group Policy Infrastructure Success 25-9-2012 8:45:17 Folder Redirection Success 25-9-2012 8:45:15 Group Policy Files Success 25-9-2012 8:45:16 Internet Explorer Branding Success 25-9-2012 8:45:17 Registry Success 25-9-2012 8:45:15 Scripts Success 25-9-2012 8:45:16 Computer ConfigurationNo data available.User ConfigurationPoliciesWindows SettingsScriptsLogoffName Parameters Last Run Script Order in GPO Winning GPO \\dc01\NETLOGON\logoff.bat Not configured Default Domain Policy Folder RedirectionContactsWinning GPO Terminal server baseline R2 64bit Setting: Basic (Redirect everyone's folder to the same location)Path: \\fs01\home$\royadmin\ContactsOptionsGrant user exclusive rights to Contacts Disabled Move the contents of Contacts to the new location Enabled Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems Disabled Policy Removal Behavior Leave contents DesktopWinning GPO Terminal server baseline R2 64bit Setting: Basic (Redirect everyone's folder to the same location)Path: \\fs01\home$\royadmin\DesktopOptionsGrant user exclusive rights to Desktop Enabled Move the contents of Desktop to the new location Enabled Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems Disabled Policy Removal Behavior Leave contents DownloadsWinning GPO Terminal server baseline R2 64bit Setting: Basic (Redirect everyone's folder to the same location)Path: \\fs01\home$\royadmin\DownloadsOptionsGrant user exclusive rights to Downloads Enabled Move the contents of Downloads to the new location Enabled Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems Disabled Policy Removal Behavior Leave contents FavoritesWinning GPO Terminal server baseline R2 64bit Setting: Basic (Redirect everyone's folder to the same location)Path: \\fs01\home$\royadmin\FavoritesOptionsGrant user exclusive rights to Favorites Enabled Move the contents of Favorites to the new location Enabled Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems Disabled Policy Removal Behavior Leave contents LinksWinning GPO Terminal server baseline R2 64bit Setting: Basic (Redirect everyone's folder to the same location)Path: \\fs01\home$\royadmin\LinksOptionsGrant user exclusive rights to Links Enabled Move the contents of Links to the new location Enabled Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems Disabled Policy Removal Behavior Leave contents MusicWinning GPO Terminal server baseline R2 64bit Setting: Basic (Redirect everyone's folder to the same location)Path: \\fs01\home$\royadmin\MusicOptionsGrant user exclusive rights to Music Enabled Move the contents of Music to the new location Enabled Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems Disabled Policy Removal Behavior Leave contents My DocumentsWinning GPO Terminal server baseline R2 64bit Setting: Basic (Redirect everyone's folder to the same location)Path: \\fs01\home$\royadmin\DocumentsOptionsGrant user exclusive rights to My Documents Enabled Move the contents of My Documents to the new location Enabled Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems Disabled Policy Removal Behavior Leave contents My PicturesWinning GPO Terminal server baseline R2 64bit Setting: Basic (Redirect everyone's folder to the same location)Path: \\fs01\home$\royadmin\PicturesOptionsGrant user exclusive rights to My Pictures Enabled Move the contents of My Pictures to the new location Enabled Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems Disabled Policy Removal Behavior Leave contents Saved GamesWinning GPO Terminal server baseline R2 64bit Setting: Basic (Redirect everyone's folder to the same location)Path: \\fs01\home$\royadmin\Saved GamesOptionsGrant user exclusive rights to Saved Games Enabled Move the contents of Saved Games to the new location Enabled Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems Disabled Policy Removal Behavior Leave contents SearchesWinning GPO Terminal server baseline R2 64bit Setting: Basic (Redirect everyone's folder to the same location)Path: \\fs01\home$\royadmin\SearchesOptionsGrant user exclusive rights to Searches Enabled Move the contents of Searches to the new location Enabled Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems Disabled Policy Removal Behavior Leave contents VideosWinning GPO Terminal server baseline R2 64bit Setting: Basic (Redirect everyone's folder to the same location)Path: \\fs01\home$\royadmin\VideosOptionsGrant user exclusive rights to Videos Enabled Move the contents of Videos to the new location Enabled Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems Disabled Policy Removal Behavior Leave contents Internet Explorer MaintenanceSecurity/Security Zones and Content RatingsSecurity Zones and PrivacyWinning GPO Terminal server IE9 security settings These settings were applied only by GPOs that do not contain Internet Explorer Enhanced Security Configuration (ESC) settings because this computer does not have ESC enabled. ESC settings cannot be applied to this computer.Internet (Security Level: Medium-high)ActiveX controls and plug-ins
DownloadsDownload signed ActiveX controls Prompt Download unsigned ActiveX controls Disable Initialize and script ActiveX controls not marked as safe Disable Run ActiveX controls and plug-ins Enable Script ActiveX controls marked safe for scripting Enable
Microsoft VMFile download Enable Font download Enable
MiscellaneousJava permissions High safety
ScriptingAccess data sources across domains Disable Don't prompt for client certificate selection when no certificates or only one certificate exists Disable Drag and drop or copy and paste files Enable Installation of desktop items Prompt Launching programs and files in an IFRAME Prompt Navigate sub-frames across different domains Disable Submit nonencrypted form data Enable Userdata persistence Enable
User AuthenticationActive scripting Enable Allow paste operations via script Prompt Scripting of Java applets Enable Logon Automatic logon only in Intranet zone Local intranet (Security Level: Medium-low)ActiveX controls and plug-ins
DownloadsDownload signed ActiveX controls Prompt Download unsigned ActiveX controls Disable Initialize and script ActiveX controls not marked as safe Disable Run ActiveX controls and plug-ins Enable Script ActiveX controls marked safe for scripting Enable
Microsoft VMFile download Enable Font download Enable
MiscellaneousJava permissions Medium safety
ScriptingAccess data sources across domains Prompt Don't prompt for client certificate selection when no certificates or only one certificate exists Enable Drag and drop or copy and paste files Enable Installation of desktop items Prompt Launching programs and files in an IFRAME Prompt Navigate sub-frames across different domains Enable Submit nonencrypted form data Enable Userdata persistence Enable
User AuthenticationActive scripting Enable Allow paste operations via script Enable Scripting of Java applets Enable
SitesLogon Automatic logon only in Intranet zone Require server verification (https:) for all sites in this zone Disabled Include all local (intranet) sites not listed in other zones Disabled Include all sites that bypass the proxy server Disabled Include all network paths (UNCs) Disabled Sites in this zone Source GPO None Trusted sites (Security Level: Medium)ActiveX controls and plug-ins
DownloadsDownload signed ActiveX controls Prompt Download unsigned ActiveX controls Disable Initialize and script ActiveX controls not marked as safe Disable Run ActiveX controls and plug-ins Enable Script ActiveX controls marked safe for scripting Enable
Microsoft VMFile download Enable Font download Enable
MiscellaneousJava permissions High safety
ScriptingAccess data sources across domains Disable Don't prompt for client certificate selection when no certificates or only one certificate exists Disable Drag and drop or copy and paste files Enable Installation of desktop items Prompt Launching programs and files in an IFRAME Prompt Navigate sub-frames across different domains Disable Submit nonencrypted form data Enable Userdata persistence Enable
User AuthenticationActive scripting Enable Allow paste operations via script Prompt Scripting of Java applets Enable
SitesLogon Automatic logon only in Intranet zone Require server verification (https:) for all sites in this zone Enabled Sites in this zone Source GPO None Restricted sites (Security Level: High)ActiveX controls and plug-ins
DownloadsDownload signed ActiveX controls Disable Download unsigned ActiveX controls Disable Initialize and script ActiveX controls not marked as safe Disable Run ActiveX controls and plug-ins Disable Script ActiveX controls marked safe for scripting Disable
Microsoft VMFile download Disable Font download Disable
MiscellaneousJava permissions Disable Java
ScriptingAccess data sources across domains Disable Don't prompt for client certificate selection when no certificates or only one certificate exists Disable Drag and drop or copy and paste files Prompt Installation of desktop items Disable Launching programs and files in an IFRAME Disable Navigate sub-frames across different domains Disable Submit nonencrypted form data Prompt Userdata persistence Disable
User AuthenticationActive scripting Disable Allow paste operations via script Disable Scripting of Java applets Disable
SitesLogon Prompt for user name and password Sites in this zone Source GPO None PrivacyPrivacy Level Medium Programs/ProgramsWinning GPO Terminal server IE9 security settings Policy Setting Import the current program settings Enabled HTML Editor Not configured E-mail Not configured Newsgroups Not configured Internet Call Not configured Calendar Not configured Contact List Address Book Internet Explorer should check to see whether it is the default browser Disabled Administrative TemplatesPolicy definitions (ADMX files) retrieved from the local machine.Desktop/DesktopPolicy Setting Winning GPO Desktop Wallpaper Enabled Background policy Wallpaper Name: C:\achtergrond\background_fattclient.jpg Example: Using a local path: C:\windows\web\wallpaper\home.jpg Example: Using a UNC path: \\Server\Share\Corp.jpg Wallpaper Style: Stretch Microsoft Outlook 2010/Account Settings/Exchange/Cached Exchange ModePolicy Setting Winning GPO Use Cached Exchange Mode for new and existing Outlook profiles Disabled Default Domain Policy Microsoft Outlook 2010/Outlook Social ConnectorPolicy Setting Winning GPO Turn off Outlook Social Connector Enabled Default Domain Policy Start Menu and TaskbarPolicy Setting Winning GPO Prevent grouping of taskbar items Enabled Terminal server baseline R2 64bit Remove the volume control icon Enabled Terminal server baseline R2 64bit Windows Components/Internet ExplorerPolicy Setting Winning GPO Disable changing proxy settings Enabled Default Domain Policy Windows Components/Windows ExplorerPolicy Setting Winning GPO Turn off the display of thumbnails and only display icons on network folders Disabled Terminal server baseline R2 64bit Turn off the display of thumbnails and only display icons. Disabled Terminal server baseline R2 64bit
The strange thing is that in the server 2012 report i connot find Terminal server start RES powerfuse als shell 64bit gpo.
-
Wednesday, September 26, 2012 1:52 PM Sorry for that, but this reports are somewhat useless. You created themfrom a command line that was NOT running as administrator, therefore allcomputer policies are NOT evaluated.regards, Martin
NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!- Marked As Answer by Roy_1986 Monday, October 01, 2012 12:54 PM
-
Monday, October 01, 2012 12:54 PM
Hello Martin,
I have created this with the account royadmin this account is a member of the domain admins i think this must be correct?
-
Monday, October 01, 2012 2:51 PM
I have created this with the account royadmin this account is a member of the domain admins i think this must be correct?
I guess you fell into the UAC-trap.
You have to start an elevated command prompt.
MVP Group Policy - Mythen, Insiderinfos und Troubleshooting zum Thema GPOs: Let's go, use GPO!
- Edited by Matthias WolfMVP Monday, October 01, 2012 2:52 PM
-
Tuesday, October 02, 2012 7:56 AM
I see now i have used the elevated command prompt here are the results i hope you can help:
Server 2012:
Microsoft Windows [Version 6.2.9200]
(c) 2012 Microsoft Corporation. All rights reserved.
X:\>gpresult /r
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
c 2012 Microsoft Corporation. All rights reserved.
Created on 2-10-2012 at 9:48:20
RSOP data for xxx\royadmin on TS12 : Logging Mode
-------------------------------------------------------
OS Configuration: Member Server
OS Version: 6.2.9200
Site Name: N/A
Roaming Profile: N/A
Local Profile: C:\Users\royadmin
Connected over a slow link?: No
USER SETTINGS
--------------
CN=Roy Admin,OU=Nederland,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=xxx,DC=
local
Last time Group Policy was applied: 2-10-2012 at 9:42:06
Group Policy was applied from: dc01.xx.local
Group Policy slow link threshold: 500 kbps
Domain Name: xx
Domain Type: Windows 2008 or later
Applied Group Policy Objects
-----------------------------
Default Domain Policy
Background policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Firewall voor Internet-verbindingen van Small Business Server
Filtering: Denied (WMI Filter)
WMI Filter: PreSP2
Small Business Server Client Computer
Filtering: Not Applied (Empty)
Small Business Server Windows Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PostSP2
Small Business Server Domain Password Policy
Filtering: Not Applied (Empty)
Beleidsregels voor domeinwachtwoorden
Filtering: Not Applied (Empty)
Terminal server Taal ENG
Filtering: Denied (Security)
Clientcomputer voor Small Business Server
Filtering: Not Applied (Empty)
Beleidsregels voor Hulp op afstand van Small Business Server
Filtering: Disabled (GPO)
Windows Firewall van Small Business Server
Filtering: Denied (WMI Filter)
WMI Filter: PostSP2
Local Group Policy
Filtering: Not Applied (Empty)
Small Business Server Internet Connection Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PreSP2
Terminal server Taal DE
Filtering: Denied (Security)
Small Business Server Remote Assistance Policy
Filtering: Disabled (GPO)
Lockout Policy
Filtering: Disabled (GPO)
Vergrendelingsbeleid van Small Business Server
Filtering: Disabled (GPO)
The user is a part of the following security groups
---------------------------------------------------
Domain Users
Everyone
BUILTIN\Users
BUILTIN\Administrators
Remote Desktop Users
REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
Verkoop Binnendienst NEDERLAND
Domain Admins
Calculatie
Automatisering
Redirect profiel
Verkoop
Tsusers
Web Workplace Users
Enterprise Admins
SBS Mobile Users
SBS Remote Operators
Iedereen
SBS Report Users
Offer Remote Assistance Helpers
Hulp op afstand-aanbieders
Denied RODC Password Replication Group
High Mandatory Level
X:\>Server 2008 r2:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
X:\>gpresult /r
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 2-10-2012 at 9:52:51
RSOP data for xxx\royadmin on TS06 : Logging Mode
-------------------------------------------------------
OS Configuration: Member Server
OS Version: 6.1.7601
Site Name: Default-First-Site-Name
Roaming Profile: \\fs01\tsprofiles$\royadmin.xx.V2
Local Profile: C:\Users\royadmin.xx.000
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=TS06,OU=TSENV,OU=TSENV,DC=xx,DC=local
Last time Group Policy was applied: 2-10-2012 at 9:08:01
Group Policy was applied from: dc01.xxx.local
Group Policy slow link threshold: 500 kbps
Domain Name: xxx
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
Terminal server baseline
Small Business Server Client Computer
Clientcomputer voor Small Business Server
Beleidsregels voor Hulp op afstand van Small Business Server
Vergrendelingsbeleid van Small Business Server
Beleidsregels voor domeinwachtwoorden
Small Business Server Domain Password Policy
Small Business Server Remote Assistance Policy
Lockout Policy
Default Domain Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Firewall voor Internet-verbindingen van Small Business Server
Filtering: Denied (WMI Filter)
WMI Filter: PreSP2
Small Business Server Windows Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PostSP2
Windows Firewall van Small Business Server
Filtering: Denied (WMI Filter)
WMI Filter: PostSP2
Local Group Policy
Filtering: Not Applied (Empty)
Small Business Server Internet Connection Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PreSP2
The computer is a part of the following security groups
-------------------------------------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
This Organization
TS06$
Domain Computers
System Mandatory Level
USER SETTINGS
--------------
CN=Roy Admin,OU=Nederland,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=xxx,DC=
local
Last time Group Policy was applied: 2-10-2012 at 9:52:24
Group Policy was applied from: dc01.xx.local
Group Policy slow link threshold: 500 kbps
Domain Name: xx
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
Terminal server baseline R2 64bit
Terminal server IE9 security settings
Default Domain Policy
Background policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Small Business Server Client Computer
Filtering: Not Applied (Empty)
Lockout Policy
Filtering: Disabled (GPO)
Small Business Server Domain Password Policy
Filtering: Not Applied (Empty)
Terminal server Taal ENG
Filtering: Denied (Security)
Beleidsregels voor Hulp op afstand van Small Business Server
Filtering: Disabled (GPO)
Firewall voor Internet-verbindingen van Small Business Server
Filtering: Denied (WMI Filter)
WMI Filter: PreSP2
Small Business Server Windows Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PostSP2
Vergrendelingsbeleid van Small Business Server
Filtering: Disabled (GPO)
Small Business Server Remote Assistance Policy
Filtering: Disabled (GPO)
Terminal server baseline
Filtering: Denied (Security)
Local Group Policy
Filtering: Not Applied (Empty)
Small Business Server Internet Connection Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PreSP2
Terminal server Taal NL
Filtering: Denied (Security)
Windows Firewall van Small Business Server
Filtering: Denied (WMI Filter)
WMI Filter: PostSP2
Beleidsregels voor domeinwachtwoorden
Filtering: Not Applied (Empty)
Terminal server 2012 baseline
Filtering: Denied (Security)
Terminal server Taal DE
Filtering: Denied (Security)
Clientcomputer voor Small Business Server
Filtering: Not Applied (Empty)
Terminal server start RES powerfuse als shell 64bit
Filtering: Denied (Security)
WSUS policy terminal servers
Filtering: Denied (Security)
The user is a part of the following security groups
---------------------------------------------------
Domain Users
Everyone
TS Web Access Computers
BUILTIN\Users
BUILTIN\Administrators
Remote Desktop Users
REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
Verkoop Binnendienst NEDERLAND
Domain Admins
Calculatie
Automatisering
Redirect profiel
Verkoop
Tsusers
Web Workplace Users
Enterprise Admins
SBS Mobile Users
SBS Remote Operators
Iedereen
SBS Report Users
Offer Remote Assistance Helpers
Hulp op afstand-aanbieders
Denied RODC Password Replication Group
High Mandatory Level
X:\>- Edited by Roy_1986 Tuesday, October 02, 2012 7:57 AM
-
Tuesday, October 02, 2012 11:00 AMSeems on the 2012 server the commandline was not elevated - the computersettings are still missing. And I'm unaware of any (supported) way todisable computer GPO processing at all...It "should" look like the following:Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0¸ 2012 Microsoft Corporation. All rights reserved.Created on 02.10.2012 at 12:58:07RSOP data for CORP\admin on W2K12: Logging Mode----------------------------------------------------OS Configuration: Member ServerOS Version: 6.2.8400Site Name: Headquarters-SiteRoaming Profile: N/ALocal Profile: C:\Users\adminConnected over a slow link?: NoCOMPUTER SETTINGS------------------CN=W2K12,OU=Servers,OU=Corp Root,DC=corp,DC=contoso,DC=comNote that here we see computer settings, where your report startsdirectly with user settings.regards, Martin
NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating! -
Monday, December 10, 2012 3:25 PM
I solved the problem making a policy User Group Policyloopback processing mode and set it to replace.
http://technet.microsoft.com/en-us/library/cc757470%28v=ws.10%29.aspx
.png)
