Hi!<\/p>\n

Advertisement

Close

I am just getting started with Group Policies (because they are awesome) but I am having what I’m sure is a newbie issue. I have the feature installed (2012 R2 Server) and I can go in and make policies, but they aren’t actually doing anything. For example, I made a policy to lock computers after being idle for 10 minutes but it doesn’t actually take on the computers. I know it does take time for them to pickup the new policy, but this was last week and it is still not working. I did notice that under the default domain policy it has the actual domain listed where it says things that are linked to this GPO, but I can’t seem to get that to appear in any of the other ones I’ve made. Let me know if you need any more info. Thanks!<\/p>","upvoteCount":3,"answerCount":7,"datePublished":"2015-02-20T17:30:33.000Z","author":{"@type":"Person","name":"melissajaffray3467","url":"https://community.spiceworks.com/u/melissajaffray3467"},"acceptedAnswer":{"@type":"Answer","text":"

Advertisement

Close

The GPOs have to be linked to an OU for them to take affect. Might be good to start here: Group Policy for Beginners | Microsoft Learn<\/a><\/p>","upvoteCount":4,"datePublished":"2015-02-20T17:38:47.000Z","url":"https://community.spiceworks.com/t/gpo-issues/381587/2","author":{"@type":"Person","name":"jeremyclark","url":"https://community.spiceworks.com/u/jeremyclark"}},"suggestedAnswer":[{"@type":"Answer","text":"

Hi!<\/p>\n

I am just getting started with Group Policies (because they are awesome) but I am having what I’m sure is a newbie issue. I have the feature installed (2012 R2 Server) and I can go in and make policies, but they aren’t actually doing anything. For example, I made a policy to lock computers after being idle for 10 minutes but it doesn’t actually take on the computers. I know it does take time for them to pickup the new policy, but this was last week and it is still not working. I did notice that under the default domain policy it has the actual domain listed where it says things that are linked to this GPO, but I can’t seem to get that to appear in any of the other ones I’ve made. Let me know if you need any more info. Thanks!<\/p>","upvoteCount":3,"datePublished":"2015-02-20T17:30:34.000Z","url":"https://community.spiceworks.com/t/gpo-issues/381587/1","author":{"@type":"Person","name":"melissajaffray3467","url":"https://community.spiceworks.com/u/melissajaffray3467"}},{"@type":"Answer","text":"

You need to make sure that the policy is attached to an Organizational Unit (OU), and that the computers / users that it should apply to are all in that OU, preferably in sub-OUs. You should never apply a GPO to an entire domain, it causes extremely weird and unexpected things to happen.<\/p>\n

To force the policy to start taking effect on a workstation immediately, follow these steps on that workstation:<\/p>\n

\n
1. \n

   Open a command prompt<\/p>\n<\/li>\n

2. \n

   type GPUPDATE<\/p>\n<\/li>\n

3. \n

   Hit enter<\/p>\n<\/li>\n

4. \n

   Reboot<\/p>\n<\/li>\n<\/ol>\n

   That will force the new policy to go into effect.<\/p>","upvoteCount":3,"datePublished":"2015-02-20T17:41:10.000Z","url":"https://community.spiceworks.com/t/gpo-issues/381587/3","author":{"@type":"Person","name":"seanwolsey","url":"https://community.spiceworks.com/u/seanwolsey"}},{"@type":"Answer","text":"

   In Group Policy Management, you’ll need to link the GPO to the appropriate OUs. (Right click the OU and \"Link an existing group policy)<\/p>\n

   I also believe policies don’t apply If you have your computers in the ‘computers’ CN container and your users in the ‘users’ CN; you’ll need to have them in real OUs.<\/p>\n

   Also, be careful how you link; you don’t necessarily want to apply lock-down policies to your DCs.<\/p>\n

   This link might be helpful: Archived MSDN and TechNet Blogs | Microsoft Learn<\/a><\/p>","upvoteCount":2,"datePublished":"2015-02-20T17:41:28.000Z","url":"https://community.spiceworks.com/t/gpo-issues/381587/4","author":{"@type":"Person","name":"chip-roberts","url":"https://community.spiceworks.com/u/chip-roberts"}},{"@type":"Answer","text":"

   Also BEST PRACTICE is not to modify the default policy or domain controller policy. leave those as is and create new gpo’s for whatever else you need done to the network.<\/p>","upvoteCount":2,"datePublished":"2015-02-20T17:56:39.000Z","url":"https://community.spiceworks.com/t/gpo-issues/381587/5","author":{"@type":"Person","name":"ceez","url":"https://community.spiceworks.com/u/ceez"}},{"@type":"Answer","text":"

   Thanks for the links! I’m working on setting up the WSUS for my company and really need to get this down. If you have any suggestions on best practices for something like this that would be massively helpful as well. If I’m going to do it, I might as well do it right.<\/p>","upvoteCount":0,"datePublished":"2015-02-20T18:13:07.000Z","url":"https://community.spiceworks.com/t/gpo-issues/381587/6","author":{"@type":"Person","name":"melissajaffray3467","url":"https://community.spiceworks.com/u/melissajaffray3467"}},{"@type":"Answer","text":"