none
Group Policies Not Applied At Startup with SSD PC

    Question

  • I have a problem with some new computers containing solid state drives which will not apply group policies at startup. All other PC's apply the GPO's no problem.

    Manually running gpupdate /force successfully applies the GPO's.

    I have set the following policies: Always wait for the network at computer startup and logon: Enabled Startup policy processing wait time: 60 seconds.

    The event viewer has the following error:

    The system calls to access specified file completed. 
    ...Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini 
    The call failed after 1141 milliseconds.
    

    I can access the gpt.ini file and policies folder just fine from the client.

    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
      <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" /> 
      <EventID>7017</EventID> 
      <Version>0</Version> 
      <Level>2</Level> 
      <Task>0</Task> 
      <Opcode>0</Opcode> 
      <Keywords>0x4000000000000000</Keywords> 
      <TimeCreated SystemTime="2016-04-02T21:37:13.149910400Z" /> 
      <EventRecordID>3244</EventRecordID> 
      <Correlation ActivityID="{DCF633C7-4000-4643-83C6-ED71691672ED}" /> 
      <Execution ProcessID="896" ThreadID="340" /> 
      <Channel>Microsoft-Windows-GroupPolicy/Operational</Channel> 
      <Computer>...</Computer> 
      <Security UserID="S-1-5-18" /> 
      </System>
    - <EventData>
      <Data Name="OperationElaspedTimeInMilliSeconds">1141</Data> 
      <Data Name="ErrorCode">65</Data> 
      <Data Name="OperationDescription">%%4132</Data> 
      <Data Name="Parameter">...\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini</Data> 
      </EventData>
      </Event>
    Saturday, April 2, 2016 10:38 PM

Answers

  • Answer:

    As a test if you change the Local Computer Policy>Computer Configuration>Administrative Templates>Network>Network Provider>Hardened UNC Paths to Enabled and click into the Show button enter the following Values 

    \\*\NETLOGON and \\*\SYSVOL both with the following values RequireMutualAuthentication=0, RequireIntegrity=0

    Solution found here:

    https://community.spiceworks.com/topic/1119601-windows-10-group-policy-issue?page=1

    • Marked as answer by Reafidy Sunday, April 3, 2016 8:11 PM
    Sunday, April 3, 2016 8:11 PM

All replies

  • Answer:

    As a test if you change the Local Computer Policy>Computer Configuration>Administrative Templates>Network>Network Provider>Hardened UNC Paths to Enabled and click into the Show button enter the following Values 

    \\*\NETLOGON and \\*\SYSVOL both with the following values RequireMutualAuthentication=0, RequireIntegrity=0

    Solution found here:

    https://community.spiceworks.com/topic/1119601-windows-10-group-policy-issue?page=1

    • Marked as answer by Reafidy Sunday, April 3, 2016 8:11 PM
    Sunday, April 3, 2016 8:11 PM
  • Hi,

    Thanks for your posting here and sharing the resolution as it would be helpful to anyone who encounters similar issues.

    If there is anything else we can do for you, please feel free to post in the forum.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, April 4, 2016 1:30 AM
    Moderator
  • Just FYI for anyone else who finds this thread, turning off UNC hardening via this method is disabling some of your security.  We're running into similar issues with win7 clients and trying to work with Microsoft on it. 

    See this other thread for more info

    https://social.technet.microsoft.com/Forums/en-US/6a20e3f6-728a-4aa9-831a-6133f446ea08/gpos-do-not-apply-on-windows-10-enterprise-x64

    Monday, May 8, 2017 11:30 AM