locked
GPO some policies not applied questions RRS feed

  • Question

  • Hi,

    I created a custom administrative template for gpo. This is the GPO configuration. Screenshot (the one on the right pane) is just one of the policies of this custom administrative template.

    When I ran gpresult on the server where I applied this is the output.

    As you see the MS Security Guide policy is not found on grsop of the server.

    Friday, July 17, 2020 9:59 AM

All replies

  • Hi,

    I created a custom administrative template for gpo. This is the GPO configuration. Screenshot (the one on the right pane) is just one of the policies of this custom administrative template.

    As you see the MS Security Guide policy is not found on rsop of the server.

    You must deploy/copy/place the custom ADMX/ADML files to the client machine, so that gpresult/RSoP can render the report correctly.

    In my experience, the Central Store, does not apply to gpresult/RSoP, the CS only applies to GPMC/GPME.

    If you scroll down in the gpresult output, is there a section titled: Extra Registry Settings ?


    Don [doesn't work for MSFT, and they're probably glad about that ;]



    • Edited by DonPick Sunday, July 19, 2020 10:03 AM
    Sunday, July 19, 2020 10:00 AM
  • Hi,

    Thanks for sharing here!

    Would you please tell more about the information about the policy,or please save the gpo report and share a screenshot of it.
    Then run gpresult /h report.html and share a screenshot of it.

    Tip: If private information is involved in the screenshot, it is recommended to blur sensitive information.

    This "Group Policy" Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.


    Best Regards,
    Fan

    "Group Policy" forum will be migrating to a new home on Microsoft Q&A!

    We invite you to post new questions in the "Group Policy"  forum's new home on Microsoft Q&A!

    For more information, please refer to the sticky post.


    Monday, July 20, 2020 2:15 AM
  • My screenshot, that essentially is it.

    The first screenshot is the policy from the domain controller. This policy is for the windows servers 2019. As you can see highlighted in yellow MS Security Guide.

    On the 3rd screenshot it is the gpresult output on my 2019 server. As you see MS Security guide is not there.

    Also, what does the exclamation mean? The GPOs have special alerts.

    Tuesday, July 21, 2020 5:00 AM
  • Hi,

    Thanks for your reply!
    The changes to this setting require a reboot to take effect,so before going further,reboot the computer, and then check if the registry was changed correctly as the policy.

    Disable driver (recommended)
    Registry Hive HKEY_LOCAL_MACHINE
    Registry Path SYSTEM\CurrentControlSet\Services\MrxSmb10
    Value Name Start
    Value Type REG_DWORD
    Value 4

    Manual start (default for Win7/2008/2008R2/2012)
    Registry Hive HKEY_LOCAL_MACHINE
    Registry Path SYSTEM\CurrentControlSet\Services\MrxSmb10
    Value Name Start
    Value Type REG_DWORD
    Value 3

    Automatic start (default for Win8.1/2012R2/newer)
    Registry Hive HKEY_LOCAL_MACHINE
    Registry Path SYSTEM\CurrentControlSet\Services\MrxSmb10
    Value Name Start
    Value Type REG_DWORD
    Value 2

    Best Regards,
    Fan

    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, July 21, 2020 7:12 AM
  • Already did a reboot several times.
    Wednesday, July 22, 2020 2:45 AM
  • I was just wondering why some policies of a GPO does not get applied or does not appear in target machine (like the secguide.admx which its policies are already defined in the domain controller)

    gpreslts show that the gpo was applied but not all the policies inside that gpo is detected on the target server

    Wednesday, July 22, 2020 5:12 AM
  • Did you check the following registry?

    Is it correct?

    Disable driver (recommended)
    Registry Hive HKEY_LOCAL_MACHINE
    Registry Path SYSTEM\CurrentControlSet\Services\MrxSmb10
    Value Name Start
    Value Type REG_DWORD
    Value 4

    Manual start (default for Win7/2008/2008R2/2012)
    Registry Hive HKEY_LOCAL_MACHINE
    Registry Path SYSTEM\CurrentControlSet\Services\MrxSmb10
    Value Name Start
    Value Type REG_DWORD
    Value 3

    Automatic start (default for Win8.1/2012R2/newer)
    Registry Hive HKEY_LOCAL_MACHINE
    Registry Path SYSTEM\CurrentControlSet\Services\MrxSmb10
    Value Name Start
    Value Type REG_DWORD
    Value 2

    Fan


    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, July 24, 2020 6:44 AM
  • This is what I see in the registry of the client machine.

    In the domain controller the policy is defined for the client:

    But in the client machine gpresult and rsop doesnt show the MS Security Guide:

    Saturday, July 25, 2020 8:36 AM
  • Hi,

    Based on my understanding , the policy was applied, since the registry had the right value for Disable driver:

    Registry Hive HKEY_LOCAL_MACHINE
    Registry Path SYSTEM\CurrentControlSet\Services\MrxSmb10
    Value Name Start
    Value Type REG_DWORD
    Value 4

    It is just not showing on the result of  gprsop ,how is the result of the command gpresult /h and gpresult /v

    Fan



    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Sunday, July 26, 2020 11:27 PM
  • Hi

    I am checking to see if the problem has been resolved.

    If there's anything you'd like to know, don't hesitate to ask.

    Best Regards,


    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, July 28, 2020 5:44 AM
  • Hi,

    I am just waiting for an answer why it was not showing up.

    Thanks.

    Tuesday, August 4, 2020 5:58 AM
  • Hi,

    Please run gpresult /h report.html(run the cmd as administrator)

    If the policy was applied , it will show in the result as following:

    Fan


    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, August 4, 2020 8:10 AM
  • Hi

    Haven't heard you for a long time!

    Since the technet forum will be read only Since 8/10/2020 created a post in the Q&A for this issue you posted. If there is still anything else we can do for you, please feel free to follow it here!

    And if you have any new questions in the future, you can create a new thread here Microsoft Q&A!

     

    Best Regards,


    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, August 7, 2020 8:03 AM