Hello all,
Back in February, I posted this question here - Block Inheritance or Loopback Processing? .
I’ve attempted to alter my GPO structure to stop using loopback processing as I realize that is not the right way to do what I was trying to achieve.
I’ve attempted to use block inheritance on selected OUs and I’m instead enforcing GPOs at the domain level. Shouldn’t that still apply to the OUs with block inheritance?
I have a GPO which has user settings to remove access to the shutdown, sleep and hibernate commands. I’ve enforced it at the domain level but I’ve blocked inheritance at the OU level and it still appears to be allowing workstations to shutdown and etc. I’ve run a gpupdate /force as well.
6 Spice ups
dimforest
(ᴅɪᴍꜰᴏʀᴇsᴛ)
2
If you go to the source machine and run rsop.msc can you see the policy being applied? If so, it could be a problem with the policy itself and not AD.
My hunch is the policy is being applied but may need to be reconfigured to have the settings you’re looking for, work.
1 Spice up
Do you have computers or users in the prevent shutdown OU? I would think that preventing shutdown permission would need to apply to the computer, since that is part of the computer security settings. You may be able to remove from the Start menu as that is a user setting, but actually shutting down is a computer setting.
Yes, I’m thinking that too - user vs. computer. I had this as a user setting but I’m looking for a computer GPO setting that does the same thing.
I found the answer - Disable shutdown Windows 10 GPO on a computer level
You link the disable shutdown user GPO to the OU and then enable loopback processing.
