Group Policy Not Being Applied

tylerdzugan9590 · 2015-10-16T12:19:30.000Z

Good Morning,

I am having an issue with one of our GPOs that had been put in place. When I log in with my account which is an admin account. I run a gpresult /r and I see the GPO. When I log in as a domain user account and not an admin, I do not see the GPO. I have it set so that the GPO is being applied to both the Domain Users and Admins the exact same to test and have forced an update and rebooted the client multiple times. Is it possible that it is workign but hidden for the domain user?

cg72 · 2015-10-16T12:27:37.000Z

Did you run gpresult in cmd as an admin but within the user profile? What kind of GPO are you having this issue? Can you test with a GPO that maps a test share or something minor?

darren-sdm-software · 2015-10-16T12:27:40.000Z

Where is the GPO linked? At the domain level or within an OU? Note that a GPO must be linked at a spot in the AD hierarchy that allows to apply to the user objects you’re targeting. This means, if your users are in an OU, then it should be linked there. If they are in multiple OUs, you can either link the GPO to those multiple OUs or at the domain level, depending upon what the GPO is doing.

tylerdzugan9590 · 2015-10-16T12:29:06.000Z

I do have it linked, I am going to try to run the gpresult as admin, thats a good thought. I will also disable the link then reenable it.

rockylott · 2015-10-16T12:30:25.000Z

Darren is on the right track. you might also check to make sure that the GPO you put in place isn’t being overridden by a higher precedence GPO. Remember that GPO’s are processed in this order: Local GPO, Site, Domain then OU and the one processed last SHOULD have the highest precedence.

tylerdzugan9590 · 2015-10-16T12:31:42.000Z

The problem that I am having is this is a gpo related to our cloud set up. SO we have local, domain, cloud. The cloud is being applied to all admins in the building but it is not making it out to the domain users group.

jonahzona · 2015-10-16T12:56:48.000Z

I would run a gpresult /h to export it as an html file (gpresult /h nameoffile.html) and be sure to pay attention to the sections that show the Applied GPO’s and the Denied GPO’s section. If you don’t see the GPO you are wanting to see in the Applied section, you can start tracking back to why it wasn’t applied.

(EDIT) You may also have to lookup the GPO SID to find it in the Denied GPO section, as it will not have the actual name, but only the SID.

From there, if it is Applied, you can check which GPO “won” by looking for the Winning GPO.

Also, Event Viewer is a great friend when trying to track down non-applying Group Policy.

tylerdzugan9590 · 2015-10-16T13:11:51.000Z

Thank you, that helped, we have our integrators looking into it now as well.

jonahzona · 2015-10-16T13:15:30.000Z

TylerDzugan:

Thank you, that helped, we have our integrators looking into it now as well.

Also, Welcome to Spiceworks!

tylerdzugan9590 · 2015-10-16T13:30:06.000Z

Thanks!