(englandyow) 1

Hi Spice team,

I am practicing with AD/DNS Server using WS 2008 r2 64bit. I’ve created GPO and set policy which is to remove shutdown on user account, after that i did GP force update and even restart the target PC, then nothing happen, can you help me find out the why?

Hope to hear from you soon.

Regards,

John

2 Spice ups
2

Is the GPO applied successfully to the user in question? Log in as the user and use gpresult /Scope User /v in an elevated command prompt.

1 Spice up
3

run RSOP.MSC on the machine to confirm the policy you want it applying

1 Spice up
4

Are your machines joined to your test domain?

5

Hi Mhache,

one more thing, how do i set policy for specific user, by that i can eliminate the possible cause.

GPO is applied to and test to one user only, I’ll try the option you give, will get back to you about the results.

6

At the bottom where it’s set for Authenticated users. If you’ve removed that and haven’t put anything in there it’ll apply to nothing.

7

@ Mchache : yes i did that, and nothings happen after the restart and force GP update

8

Does the GPO show up as applied when you run gpresult /Scope User /v?

9

@ Ccraddock , just to confirm, you mean i run RSOP.msc in AD Server or at Domain Users?

10

On the Domain User computer. It’s the GUI version of the command I gave you pretty much.

11

@ Mchache

here’s the result, please share the fix. …

Last time Group Policy was applied: 11/1/2013 at 11:46:02 PM
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps
Domain Name: CLIENT1
Domain Type:

Applied Group Policy Objects

N/A

The following GPOs were not applied because they were filtered out

Local Group Policy
Filtering: Not Applied (Empty)

The user is a part of the following security groups

None
Everyone
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
NTLM Authentication
High Mandatory Level

The user has the following security privileges

Bypass traverse checking
Manage auditing and security log
Back up files and directories
Restore files and directories
Change the system time
Shut down the system
Force shutdown from a remote system
Take ownership of files or other objects
Debug programs
Modify firmware environment values
Profile system performance
Profile single process
Increase scheduling priority
Load and unload device drivers
Create a pagefile
Adjust memory quotas for a process
Remove computer from docking station
Perform volume maintenance tasks
Impersonate a client after authentication
Create global objects
Change the time zone
Create symbolic links
Increase a process working set

RSOP_Results.txt (7.56 KB)

12

This may sound stupid but see about correcting the time on the computer and try a gpupdate /force again.

11/1/2013 at 11:46:02 PM

13

Are you logging on as a local user? Group policies don’t apply to local users.

2 Spice ups
14

@ Mchache …Ngeek…i forgot to mention that’s the correct time, client and server time are same

our timezone is +8

:smiley:

15

Ah, it was so close to my time in AM it threw me off.

Can you confirm that you are in fact logged in as a domain user?

16

Is the user in the same container or a sub container as the GPO? And you’re sure you set it up on the user side, and not computer configuration side? If so the computer would have to be in that container.

1 Spice up
17

@ beta :

server side : log in as Admin

Client side : log in as users created in domain

Note : machine is already a member of my test* domain

18

Your rsop results are from a local user. You need to run it for the domain user you are troubleshooting.

1 Spice up
19

Are you able to take a screenshot of your GPO management console with the GPO in question highlighted?

20

but it did not cause any injury? :smiley:

server side : log in as Admin

Client side : log in as users created in domain

Note : machine is already a member of my test* domain