none
GPO not applying but present in modeling

    Question

  • Hello,

    Since few weeks, we have missing GPO. 

    When i use gpresult /r or /h file.htm i not find somes GPO.

    When i make GPO modeling, i saw my GPO (in modeling i use my account, my computer account, my site and my DC).

    I did not find where is the issue. In eventvwr i saw nothing. (on my computer)

    I think my GPO is not deployed by my DC. There is anything for view which gpo is deployed from my DC to my computer ?

    regards

    Monday, September 26, 2016 8:55 AM

Answers

  • Hi,

    I have find the issue in Windows support : https://support.microsoft.com/en-us/kb/3163622

    Symptoms

    All user Group Policy, including those that have been security filtered on user accounts or security groups, or both, may fail to apply on domain joined computers.

    Cause

    This issue may occur if the Group Policy Object is missing the Read permissions for the Authenticated Users group or if you are using security filtering and are missing Read permissions for the domain computers group.

    Resolution

    To resolve this issue, use the Group Policy Management Console (GPMC.MSC) and follow one of the following steps:

    • Add the Authenticated Users group with Read Permissions on the Group Policy Object (GPO).
    • If you are using security filtering, add the Domain Computers group with read permission.

    I had add Authenticated Users with Read Permission on all my GPO where i had the issue and my issue was fixed.



    • Marked as answer by oliopy Thursday, November 17, 2016 1:45 PM
    • Edited by oliopy Thursday, November 17, 2016 1:48 PM
    Thursday, November 17, 2016 1:44 PM

All replies

  • run gpresult /R to view the list of applied and not applied GPOs

    Gleb.

    Monday, September 26, 2016 10:39 AM
  • I have try this command. (Writed on my first post). 

    In gpresult i not saw some GPO. There are not present. But in modeling i saw this GPO. 

    Monday, September 26, 2016 11:20 AM
  • > In gpresult i not saw some GPO. There are not present. But in modeling i
    > saw this GPO.
     
    Loopback "replace" enabled...?
     
    • Proposed as answer by Todd Heron Tuesday, September 27, 2016 12:53 AM
    Monday, September 26, 2016 1:14 PM
  • I have no loopback. With modeling and gpresult i saw no loopback.

    I have this issue on new computers (windows 7 and 10) and with our old computers (in same UO and same groups and same user account logged) i have my GPOs.

    Tuesday, September 27, 2016 8:18 AM
  • Hi,

    About this issue, firstly I would recommend to have AD and Group Policy Management on the same server.

    Secondly I would recommend to reenter this computers into domain and run gpupdate /force again.

    If the problem persists on a workstation, check the communication/synchronization/replication between the AD server and GP server.

    And thirdly check on your computer mmc->GP Computer Configuration | Administrative Templates | System | Group Policy | Configure User Group Policy Loopback Processing Mode should be not configured.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, September 28, 2016 5:37 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, September 30, 2016 9:27 AM
    Moderator
  • Hi,

    I have find the issue in Windows support : https://support.microsoft.com/en-us/kb/3163622

    Symptoms

    All user Group Policy, including those that have been security filtered on user accounts or security groups, or both, may fail to apply on domain joined computers.

    Cause

    This issue may occur if the Group Policy Object is missing the Read permissions for the Authenticated Users group or if you are using security filtering and are missing Read permissions for the domain computers group.

    Resolution

    To resolve this issue, use the Group Policy Management Console (GPMC.MSC) and follow one of the following steps:

    • Add the Authenticated Users group with Read Permissions on the Group Policy Object (GPO).
    • If you are using security filtering, add the Domain Computers group with read permission.

    I had add Authenticated Users with Read Permission on all my GPO where i had the issue and my issue was fixed.



    • Marked as answer by oliopy Thursday, November 17, 2016 1:45 PM
    • Edited by oliopy Thursday, November 17, 2016 1:48 PM
    Thursday, November 17, 2016 1:44 PM