Advertisement
Good morning,<\/p>\n
A single Windows Server 2008 R2 serves a small domain with a dozen Windows 7 Pro workstations. All machines are fully patched. A GPO exists to give one specific workstation a non-default firewall port opening for RDP. That’s the only setting in the GPO.<\/p>\n
The GPO has existed for some time, and recently it failed to apply. The Group Policy Results Wizard showed it failed to apply due to it being “Inaccessible”, and instead of the name of the GPO, it showed the Unique ID of the GPO.<\/p>\n
After messing with it unsuccessfully for a bit, even Delegating Everyone Full Access to the GPO, I deleted the GPO and recreated it. The new GPO is shown to apply in Group Policy Modeling, but does not appear at all in Group Policy results, not even as Denied or as Inaccessible as it did before.<\/p>\n
This has me puzzled, and stumped. It’s a Computer Setting only GPO, the Computer is Delegated Read and Apply rights. I expected it to at least show up as either Allowed or Denied. Where do I go from here?<\/p>\n
Thanks!<\/p>","upvoteCount":4,"answerCount":7,"datePublished":"2016-09-12T12:06:07.000Z","author":{"@type":"Person","name":"anon_16007815","url":"https://community.spiceworks.com/u/anon_16007815"},"acceptedAnswer":{"@type":"Answer","text":"
Since it sounds like you scoped the GPO to only Computer accounts, try adding Authenticated Users with READ permissions in the delegation tab of your new GPO for troubleshooting (And then leave it there as it’s best practice)<\/p>\n
This may help with figuring out why it’s not applying. by running rsop or gpresult with a gpo without ‘read’ access to the GPO, you may not get the full reasons why it is not applying.<\/p>","upvoteCount":2,"datePublished":"2016-09-12T12:16:02.000Z","url":"https://community.spiceworks.com/t/gpo-not-applying/524845/2","author":{"@type":"Person","name":"overdrive","url":"https://community.spiceworks.com/u/overdrive"}},"suggestedAnswer":[{"@type":"Answer","text":"
Good morning,<\/p>\n
A single Windows Server 2008 R2 serves a small domain with a dozen Windows 7 Pro workstations. All machines are fully patched. A GPO exists to give one specific workstation a non-default firewall port opening for RDP. That’s the only setting in the GPO.<\/p>\n
The GPO has existed for some time, and recently it failed to apply. The Group Policy Results Wizard showed it failed to apply due to it being “Inaccessible”, and instead of the name of the GPO, it showed the Unique ID of the GPO.<\/p>\n
After messing with it unsuccessfully for a bit, even Delegating Everyone Full Access to the GPO, I deleted the GPO and recreated it. The new GPO is shown to apply in Group Policy Modeling, but does not appear at all in Group Policy results, not even as Denied or as Inaccessible as it did before.<\/p>\n
This has me puzzled, and stumped. It’s a Computer Setting only GPO, the Computer is Delegated Read and Apply rights. I expected it to at least show up as either Allowed or Denied. Where do I go from here?<\/p>\n
Thanks!<\/p>","upvoteCount":4,"datePublished":"2016-09-12T12:06:07.000Z","url":"https://community.spiceworks.com/t/gpo-not-applying/524845/1","author":{"@type":"Person","name":"anon_16007815","url":"https://community.spiceworks.com/u/anon_16007815"}},{"@type":"Answer","text":"
Hi,<\/p>\n
allow Read Access to \" Authenticated Users\" or “Domain Computers” and it will work once again.<\/p>\n
Microsoft changed the security settings regarding the application of group policies in June 2016, and you are witnessing the fallout in your network.<\/p>\n