none
enable screen saver GPO Denied on Windows 10

    Question

  • Hi All,

    I have a GPO with user configuration enabled with the following settings:

    These settings work fine for Windows 7 and Citrix sessions, but for Windows 10 the GPO is not applied for reason "Inaccessible, Empty, Disabled":

    I don't believe the GPO would be working for Windows 7 if the GPO were Inaccessible, Empty, or Disabled. The Windows 7 and Windows 10 laptops reside in the same OU. The users reside in the same OU. I presume Windows 10 doesn't want to apply the settings for some reason? One of the Windows 10 laptops is confirmed as having Build 10240 installed (I presume the others are the same). I've been told that Windows 10 ADMX files were placed in the Central Store last year, and the GPO was created this year. I don't believe that makes much odds?

    Any ideas?

    Thanks

    Mark

    Tuesday, June 21, 2016 4:05 PM

Answers

  • > These settings work fine for Windows 7 and Citrix sessions, but for
    > Windows 10 the GPO is not applied for reason "Inaccessible, Empty,
    > Disabled":
     
    MS16-072, which in Win10 is part of a cumulative update...
     
    Wednesday, June 22, 2016 9:35 AM

All replies

  • Hi Mark,

    Thanks for your post.

    1. Disabled: The link exist in OU or domain but the GPO itself is disabled.

    2. Inaccessible: These are main reasons for an Inaccessible GPO:

    a. Insufficent permissions to the GPO. Check if they have Read and Apply permissions.

    b. Phantom GPO: The GPO is deleted but the link is remaind.

    3. Empty: Means there is nothing actually configured in the GPO. It is just a GPO with no setting.

    So I suggest you if the user have permission of read and apply the GPO.

    And you should check if the Windows 10 enable loopback mode.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Wednesday, June 22, 2016 3:04 AM
    Moderator
  • > These settings work fine for Windows 7 and Citrix sessions, but for
    > Windows 10 the GPO is not applied for reason "Inaccessible, Empty,
    > Disabled":
     
    MS16-072, which in Win10 is part of a cumulative update...
     
    Wednesday, June 22, 2016 9:35 AM
  • Ah I think this may well be the answer - as I was requested to test this GPO with setting specific users in the Security Filtering.

    Thanks

    Wednesday, June 22, 2016 3:10 PM
  • Hi Mark,

    Are there any updates?

    Has your problem been resolved?

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, June 27, 2016 5:37 AM
    Moderator
  • Sorry, yes, setting the Advanced Security to allow either Authenticated Users or Domain Computers to have Read rights to the GPO.

    The main problem was testing - I didn't want to affect everyone in an OU, so removed Authenticated Users from the Security Filtering, which also deleted it from Delegation tab, so Authenticated Users no longer had any permissions to read the GPO.

    Thursday, October 27, 2016 3:56 PM