Group Policy seems to disappear completely

zacholt · 2016-09-30T12:39:57.000Z

Hi All,

After a business application upgrade, I found that a policy that was supposed to be applying to a “Laptops” OU, wasn’t actually applying.

The only way I could get the policy to apply was by applying it at the root of the domain.

The weird thing is when linked with the Laptops OU and a gpresult /r was issued, the policy wasn’t applying nor was it filtered out, it just wasn’t listed at all.

I have done GP Model and it should be applying.

There are no blocks to inheritance at all.

I’m puzzled

davidr4 · 2016-09-30T12:55:32.000Z

Are using security filtering?

Check this out

To resolve this issue, use the Group Policy Management Console (GPMC.MSC) and follow one of the following steps:

Add the Authenticated Users group with Read Permissions on the Group Policy Object (GPO).

If you are using security filtering, add the Domain Computers group with read permission.

Beware - Known Issues with update kb3159398 Windows

Has anyone had issues with this? It’s a GPO security update: But there are reports of it breaking GPOs. EDIT: MS has said this is BY DESIGN and thus will not be fixed. This link explains why this is happening and how to fix your GPOs so you can apply this update without issue. Don’t want to read the whole MS article? See this post, later in this thread: https://community.spiceworks.com/topic/post/5917169 EDIT 2: I strongly urge everyone to NOT decline this update. Don’t approve it, …

Here is a Technet blog post about it: https://blogs.technet.microsoft.com/askpfeplat/2016/07/05/who-broke-my-user-gpos/

bbigford · 2016-09-30T13:03:48.000Z

If the OU that that laptop is in has blocked inheritance (depicted by a blue icon over the OU), then you can do one of three things:

Move the laptop to another OU that doesn’t have blocked inheritance.
Right click and select Blocked Inheritance to remove it (by unchecking it). Do a gpupdate /force Run command and reboot.
Right click that GPO and select “Enforced”. Because Enforced overrides Blocked Inheritance.

davidr4 · 2016-09-30T13:07:16.000Z

Another thing to look at is if they are User configurations or Computer configurations. User needs linked to User OU’s and Computer needs linked to Computer OU’s

psophos · 2016-09-30T14:36:42.000Z

Check and make sure that the laptop is actually in that ‘Laptops’ OU. Or in a child OU. Just in case