none
Win10 1809 VM -- no group policies will apply, why?? RRS feed

  • Question

  • I have a test VM of Win10 1809 within its own OU, 'Testing Computers.'

    The computer itself is joined to the domain but is logged in for now with the local administrator account.

    Some group policies are linked to only this OU and they don't apply.

    Some group policies are linked to this OU *and* to the 'Domain Workstations' OU, which includes all our other Windows 7 PCs, notebooks, etc.

    GPOs applied to the 'Domain Workstations' OU do apply as expected but not to the one computer in 'Testing Computers' OU.

    The security group 'Domain Computers' has been given 'Read' permissions on all our GPOs in Delegation.

    All our GPOs contain only 'Authenticated Users' in Security Filtering, the 'Testing Computers' OU is on the Scope tab.

    No WMI filters are used, the Win10 VM has been activated with a MAK key and rebooted after being changed back to DHCP.

    I've reviewed the '10 steps' for group policy troubleshooting and can't find that I've done anything wrong.

    The Win10 1809 adml/admx files have been installed into the Central Store.

    The domain controllers are Windows Server 2016.

    Why are GPOs not applying?? Running gpresult /h /f on the computer gives me a report that says no GPOs are applying.




    • Edited by tlyczko2 Monday, May 13, 2019 8:02 PM
    Monday, May 13, 2019 5:25 PM

All replies

  • I read about UNC hardening but it does not appear to be the problem or remedy, gpupdate /force does work, does not throw any errors.
    Monday, May 13, 2019 9:46 PM
  • Hi,

    Recommend you check the computer in your test OU, make sure that the computers have the read and apply group policy permission. And check the result again.

    If it cna't solve your problem,It would be helpful if you could help to collect the following information.

    Right click the gpo that didn’t not applied, save the report .

    Right click the cmd run as administrator ,and tyre : gpresult /v c:\gpreport.html

    Best Regards,

    Fan



    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, May 14, 2019 5:40 AM
  • Fan, please read this comment in my original post: "The security group 'Domain Computers' has been given 'Read' permissions on all our GPOs in Delegation." On the Delegation tab, that is.

    I tried the /v switch, it just says nothing was applied in the rsop section of the report.

    I also tried the URL hardening recommendations found on the Internet to no avail.

    Tuesday, May 14, 2019 12:32 PM
  • Hi,

    Based on my experience, computers or users will not apply the policy,if they don't have the read and apply group policy . I will do an test about this and update to you .

    What happened if you run gpupdate /force. Or you run as a domain user.

    Best Regards,

    Fan


    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, May 15, 2019 9:46 AM
  • Running gpresult as an administrator shows the policies DO apply.

    Running as a domain user or local user should make no difference because most if not all the policies involved are computer policies.

    Wednesday, May 15, 2019 12:57 PM
  • Hi,

    So now the situation is that the gpresult showed that the gpo applied ,but actually nothing changed on your computer, right?

    Are all the policy you configured through the Ou  the same situation?

    Best Regards,

    Fan


    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, May 17, 2019 2:43 AM
  • Hi,

    Thank you for the efforts you've done so far and your continuing patience.

    Please feel free to let us know if you need further assistance.

    Best Regards,

    Fan


    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, May 20, 2019 9:15 AM