locked
GPO not applying RRS feed

  • Question

  • Hi,
    I have gone through the handbook and I am a little stumped. PLease advise if my process is correct:
    1. Import ADM into GPO Editor
    2. Made changes to both user and machine settings
    3.Created OU and moved machine into OU.
    4. Linked policy to OU

    But when I log onto the machine none of the policies I set are applied.
    Steady State. 2.5
    Machine is domain joined.

    Regards
    Friday, November 13, 2009 12:03 PM

Answers

  • Hi Carlo D, it seems that the process is correct. Please also pay attention to the following points:

    Sctsetting.adm is a group policy template. When you link it to the OU, related registry keys which hold the restrictions will be copied to the clients automatically.

    Please also understand that as the settings included in SCTSettings.adm are user configuration settings, the restrictions will be applied to the users in the OU. The result is wherever user logs on, the restrictions will be applied. If you would like to enable these restrictions only when user logs to the specific computers. We can add  these computers to an OU and then use the loopback feature of group policy to deploy the user configurations to the computers in the OU.

    The configuration can be found under:

    [Computer Configuration\Administrative Templates\System\Group Policy\User Group Policy loopback processing mode]

    Here is a related article:

    231287 Loopback Processing of Group Policy
    http://support.microsoft.com/?id=231287

    As the group policy will apply to all the users who log to the computers in the OU, the following article will be helpful if you would like to bypass administrator accounts.

    How To Keep Domain Group Policies from Applying to Administrator
    http://support.microsoft.com/?id=315675

    You can also check the following articles:

    Using Software Restriction Policies to Protect Against Unauthorized Software
    http://technet.microsoft.com/en-us/library/bb457006.aspx

    Core Group Policy Tools and Settings
    http://technet.microsoft.com/en-us/library/cc784165(WS.10).aspx


    Sean Zhu - MSFT
    • Marked as answer by Carlo D Tuesday, November 17, 2009 12:58 PM
    Monday, November 16, 2009 8:47 AM

All replies

  • Hi Carlo D, it seems that the process is correct. Please also pay attention to the following points:

    Sctsetting.adm is a group policy template. When you link it to the OU, related registry keys which hold the restrictions will be copied to the clients automatically.

    Please also understand that as the settings included in SCTSettings.adm are user configuration settings, the restrictions will be applied to the users in the OU. The result is wherever user logs on, the restrictions will be applied. If you would like to enable these restrictions only when user logs to the specific computers. We can add  these computers to an OU and then use the loopback feature of group policy to deploy the user configurations to the computers in the OU.

    The configuration can be found under:

    [Computer Configuration\Administrative Templates\System\Group Policy\User Group Policy loopback processing mode]

    Here is a related article:

    231287 Loopback Processing of Group Policy
    http://support.microsoft.com/?id=231287

    As the group policy will apply to all the users who log to the computers in the OU, the following article will be helpful if you would like to bypass administrator accounts.

    How To Keep Domain Group Policies from Applying to Administrator
    http://support.microsoft.com/?id=315675

    You can also check the following articles:

    Using Software Restriction Policies to Protect Against Unauthorized Software
    http://technet.microsoft.com/en-us/library/bb457006.aspx

    Core Group Policy Tools and Settings
    http://technet.microsoft.com/en-us/library/cc784165(WS.10).aspx


    Sean Zhu - MSFT
    • Marked as answer by Carlo D Tuesday, November 17, 2009 12:58 PM
    Monday, November 16, 2009 8:47 AM
  • Hi Sean,

    Looks like its a little Group Policy RTFM for me.
    Loopback processing was the answer.

    Thanks
    Carlo
    Tuesday, November 17, 2009 1:00 PM