none
local policy not applied on local admin

    Question

  • I have a workstation within a domain. whenever I update the domain policy, it get reflected on all machines. but when I update the local policy for a local admin "called root", it wont reflect on that user. I have the "turn off local group policy objects processing" set to not configured. what I want to do is for the local admin "root" to have privilege on a specific MMC snap-in. so I added the group policy object editor on MMC, and from local users or groups selected the "root" user "in fact I configured all the local groups and users", and then opened the microsoft management console under windows components, then I enabled "restrict users to the explicitly permitted list of snap-ins" and enabled only one snap-in from restricted/permitted snap-ins list. afterwards when I open the MMC in the root user context I expect to only show that one snap-in I enabled. but it sadly shows all the snap-ins.

    how to correct this issue?


    your question

    Tuesday, March 24, 2015 8:27 AM

Answers

All replies

  • Hi Haster,

    Would you please check if the local policy applied or not and if there's any other group policy might take higher priority over the local policy you've configured?

    You can logged in the workstation with the local admin account and open the Command Prompt, in the Command Prompt type:

    Gpresult /h xx.html

    It will generate a detailed RSop report, the .html file could be founded under the %system root%\Users\"your log in account"\xx. html.

    With this report you could have a overview of all the group policies which applied on the machine and the current log on user, and which group policy is the winner.

    Hope it helps.

    Feel free to post back, if any concerns.

    Best Regards,

    Elaine


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, March 25, 2015 7:31 AM
    Moderator
  • hi Elaine,

    I ran the gpresult, and under user configuration it tells "Applied GPOs: none, Denied GPOs: none".


    your question

    Wednesday, March 25, 2015 9:27 AM
  • as I mentioned before I've edited the policy for all local accounts "root, administrators and non-admins", but when I run gpresult under root user context it gives the following "Applied GPOs: none, Denied GPOs: none".

    any updates regarding how to resolve this issue?


    your question

    Sunday, March 29, 2015 5:57 AM
  • Hi Haster,

    Since the GPO was not applied then we may need to troubleshoot your group policy configuration.

    Hereby, I provide you some links which introduce some common reasons cause the GPO not applied: http://social.technet.microsoft.com/wiki/contents/articles/22457.10-common-problems-causing-group-policy-to-not-apply.aspx

    http://www.windowsnetworking.com/articles-tutorials/windows-server-2008/Top-10-Reasons-Why-Group-Policy-Fails-to-Apply-Part1.html

    You may go through the documents and check whether the settings are configured correctly in your GPO.  

    Looking forward to your update.

    Best Regards,

    Elaine


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, March 30, 2015 2:13 AM
    Moderator