Group Policy Not Applying Server 2012 R2



  • Hey guys. I've been trying to implement Group Policy on our computer labs, and I'm running into a lot of resistance. I've been reading and trying things for days, and have made some progress, but haven't yet gotten it to work. If I refer to anything incorrectly, please correct me.

    I'm running Server 2012 R2 and trying to get it to apply on Windows 7 Professional workstations.

    The workstations in this lab will be using a domain login "Student1", so I've put it and all workstation computers in an OU named "Lab1".
    0_1501781683062_Lab1 AD.PNG
    0_1501781591750_Lab1 Snap.PNG

    Pretty straightforward so far, but nothing was working so I started reading and reading and apparently you have to set Firewall permissions for WMI and RPC? So I found some walk-through's explaining both and completed them on the "Default Domain Policy" GPO, they look like this:

    0_1501782458149_RPC Inbound Rule.PNG
    0_1501782565772_FML004.PNG

    And resulted in this:
    0_1501782334742_FML002.PNG

    but am now getting this when I run "Group Policy Update" via right-clicking on "Lab1" OU:
    0_1501782003713_FML001.PNG

    This is an improvement as when I did this prior to setting those inbound rules, all stations failed. Also, although there are a few computers listed that appear to have taken the update, none of those workstations reflected any of the GPO's I've configured.

    I've been working on this for 4 days, and am reaching out for any suggestions.



  • Ive never had to do that to get GPOs applying correctly.
    What is the Scope of your GPO?
    0_1501783766792_c9a36f16-7ccf-4a21-b277-1c7d081e2a9d-image.png
    Are you sure youve got Computer Configurations and User Configurations in the correct place? This is the most common problem i see.



  • @g-i-jones said in Group Policy Not Applying Server 2012 R2:

    Hey guys. I've been trying to implement Group Policy on our computer labs, and I'm running into a lot of resistance. I've been reading and trying things for days, and have made some progress, but haven't yet gotten it to work. If I refer to anything incorrectly, please correct me.

    I'm running Server 2012 R2 and trying to get it to apply on Windows 7 Professional workstations.

    The workstations in this lab will be using a domain login "Student1", so I've put it and all workstation computers in an OU named "Lab1".
    0_1501781683062_Lab1 AD.PNG
    0_1501781591750_Lab1 Snap.PNG

    Pretty straightforward so far, but nothing was working so I started reading and reading and apparently you have to set Firewall permissions for WMI and RPC? So I found some walk-through's explaining both and completed them on the "Default Domain Policy" GPO, they look like this:

    0_1501782458149_RPC Inbound Rule.PNG
    0_1501782565772_FML004.PNG

    And resulted in this:
    0_1501782334742_FML002.PNG

    but am now getting this when I run "Group Policy Update" via right-clicking on "Lab1" OU:
    0_1501782003713_FML001.PNG

    This is an improvement as when I did this prior to setting those inbound rules, all stations failed. Also, although there are a few computers listed that appear to have taken the update, none of those workstations reflected any of the GPO's I've configured.

    I've been working on this for 4 days, and am reaching out for any suggestions.

    If you want to use Group Policy Update...
    In Group Policy Management, under starter GPOs there is a policy called "Group Policy Remote Update Firewall Ports"

    Create a new policy, name it "GP Remote Update" and select Source Starter GPO: Group Policy Remote Update Firewall Ports



  • @black3dynamite I did read that before, but Group Policy Remote Update Firewall Ports is not listed as a starter GPO on my server. I'm not certain why.



  • @g-i-jones said in Group Policy Not Applying Server 2012 R2:

    @black3dynamite I did read that before, but Group Policy Remote Update Firewall Ports is not listed as a starter GPO on my server. I'm not certain why.

    Are you using RSAT? Try logging onto your domain controller. Open Group Policy Management and browse Starter GPO and then see if any starter policy shows up.



  • @momurda Mine looks exactly as yours does, with the exception that I didn't add security filtering, so my security filtering section is blank.



  • @black3dynamite Here is what I have listed.0_1501787052652_FML006.PNG



  • @g-i-jones - Maybe try adding Authenticated Users to your Security Filtering just to test. I am not 100% sure but I don't think Security Filtering can be left blank??? Also, if you end up entering a security group other than Authenticated Users for Security Filtering, you need to add Authenticated Users to Delegation with Read rights.



  • @syko24 Thanks, I'm giving that a try now.



  • @black3dynamite Also, I tried adding RSAT in case it wasn't already installed and it's not even listed as an add-able feature. Learning as I go, so I'm going to see if it's already installed and that's why I can't add it.



  • @g-i-jones said in Group Policy Not Applying Server 2012 R2:

    @black3dynamite Also, I tried adding RSAT in case it wasn't already installed and it's not even listed as an add-able feature. Learning as I go, so I'm going to see if it's already installed and that's why I can't add it.

    RSAT is needed when managing from a remote computer such as a Windows 10 computer. Its not needed on a domain controller and member servers.



  • @syko24 Man, I wanna kiss you. Adding Authenticated Users did the trick. Thank you so much.



  • @g-i-jones Wont work without it
    edit: oh you got it now
    @g-i-jones said in Group Policy Not Applying Server 2012 R2:

    @momurda Mine looks exactly as yours does, with the exception that I didn't add security filtering, so my security filtering section is blank



  • This post is deleted!

Log in to reply
 

Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.