GPOs across trusted peer domains


  • Hi, we have a forest domain A - with child domains B and C. 

    In domain B we applied a user level policy to block removable storage.

    Now a user of Domain B logs into domain C server as 'B\username'. 

    in the gpresult \r \scope:user as well as rsop.msc of the server in domain C - we can see that block removable storage is getting applied. However the user can still access the USB drive. 

    checked a few blogs, we also DONT have the following policy enabled:

    • Computer Configuration\Administrative Templates\System\Group Policy\Allow cross-forest user policy and roaming user profiles - Enabled

    If user policy of 1 domain will not work on another, does gpresult show an incorrect resultant on user ? Please see below the grpresult output

    RSOP data for 'B\username' on 'Domain C Machine' : Logging Mode

    OS Configuration:            
    OS Version:                  
    Site Name:                   N/A
    Roaming Profile:             N/A
    Local Profile:               C:\Users\'username'
    Connected over a slow link?: No

        Last time Group Policy was applied: 6/2/2016 at 3:14:48 PM
        Group Policy was applied from:      'Domain B domain controller'
        Group Policy slow link threshold:   ...
        Domain Name:                        Domain B
        Domain Type:                        
        Applied Group Policy Objects
            'Domain C policy # 1'
            'Domain B Policy # 2'
            Block Removable Storage ... (This USB block belongs to Domain B)

    Thursday, June 2, 2016 7:58 PM


All replies