Forcing Group Policy
-
-
@black3dynamite said in Forcing Group Policy:
Here's what I've done to make it work.
I have a group called HideDrivesFromUsers and then add the users who's not allowed to see the drive in the group.I linked the policy object to domain.local
Under Scope tab, removeauthenticated usersfrom Security Filtering.
Under Scope tab, addHideDrivesFromUsers
Under Delegation tab, addauthenticated userswith read permission.I tried this but still doesnt work!
-
@joel said in Forcing Group Policy:
@black3dynamite said in Forcing Group Policy:
Here's what I've done to make it work.
I have a group called HideDrivesFromUsers and then add the users who's not allowed to see the drive in the group.I linked the policy object to domain.local
Under Scope tab, removeauthenticated usersfrom Security Filtering.
Under Scope tab, addHideDrivesFromUsers
Under Delegation tab, addauthenticated userswith read permission.I tried this but still doesnt work!
Are you seeing the policy successfully apply when you look at the RSOP? Most of the issues I've encountered with GPOs are either due to container problems or with DC sync issues (typically DNS is the culprit).
-
Weird. Just last night i changed a gpo for drive maps. Used Replace because i moved a share to different server.
It isnt working either. -
So all is now working guys.....I realised I kept applying GPO's again and again, deleting them and re-applying the same things to get it to work. Where I should have taken a step back and instead of re-creating and re-applying I should have modified the GPO to remove the existing configuration - applied it so it was all clear and then re-applied if that makes sense.
Thanks for your help
-
@joel Yeah, that makes sense. Rebooting also works well.
-
In the future you can also use this command (run as admin) on the affected system to view which GPOs are being applied.
gpresult /h c:\gp.html /f
Once it creates the file, open it and show all content and do a ctrl + f for the GPO name or even the setting specific to the issue to see if it says it is being applied or blocked. You can use this to troubleshoot link order or permissions issues or even if it is showing at all (maybe you have a wmi filter or link disabled)
-
@wrx7m said in Forcing Group Policy:
In the future you can also use this command (run as admin) on the affected system to view which GPOs are being applied.
gpresult /h c:\gp.html /fYou need to be careful when testing things on a user without admin rights.
Because when you run as admin and enter the admin account password, you are no longer running in the user's context. So not all of the same GPO may show up.
-
@jaredbusch said in Forcing Group Policy:
@wrx7m said in Forcing Group Policy:
In the future you can also use this command (run as admin) on the affected system to view which GPOs are being applied.
gpresult /h c:\gp.html /fYou need to be careful when testing things on a user without admin rights.
Because when you run as admin and enter the admin account password, you are no longer running in the user's context. So not all of the same GPO may show up.
True. If you don't run as admin, though, the computer policy will be blank. So you would have to run it regular for the user and as admin for computer.
-
@wrx7m said in Forcing Group Policy:
In the future you can also use this command (run as admin) on the affected system to view which GPOs are being applied.
gpresult /h c:\gp.html /f
Once it creates the file, open it and show all content and do a ctrl + f for the GPO name or even the setting specific to the issue to see if it says it is being applied or blocked. You can use this to troubleshoot link order or permissions issues or even if it is showing at all (maybe you have a wmi filter or link disabled)
Group Policy Results in Group Policy Managment Console can provide the same results too.
