No announcement yet.

Group Policy Not Being Applied

  • Filter
  • Time
  • Show
Clear All
new posts

  • Group Policy Not Being Applied

    Hi All,

    I was wondering if someone could advise me on a frustrating group policy problem that I am having. Specifically the policy is not getting applied because it is being "filtered out. (gpresult)" Under the group policy results section in group management console the reason for it being denied is that the policy is "empty."

    The policy is being used on a test OU in my AD. The purpose of the policy is to change the local admin password for domain users via Startup script.

    It is being applied to a fresh 2003 machine service pack 2 no firewall.

    Forcing the group policy i.e gpupdate /force or gpupdate on client.. doesnt do the trick. i have also tried enforcing the policy in the Group Policy managment console and also blocking inheritance. There are no conflicting rules plus no errors in the Client Event log. All there is is a listing saying Group Policy has been applied successfully. I have also tried re-creating the policy.

    I'd appreciate any tips on what I can do to make the policy work


  • #2
    Re: Group Policy Not Being Applied

    Hi Again,


    I'd also like to add that the policy only contains data in the computer settings -- not user settings. I also verified that the computer is in the correct OU



    • #3
      Re: Group Policy Not Being Applied


      I was having this same issue earlier. When you run gpresult does under Computer Settings, does it say that the Policy is applied or filtered out? When it RSOP's the User Settings it will be filtered out because it's empty as far as User Settings go. Have you verified that the local admin password has or hasn't been changed?

      Also, if it hasn't and the policy shows that it is applied to the computer, you may want to check your script.

      Additionally, in reading the link you posted, it appears that this batch file does not need to run on the local pc, but can be run remotely via command prompt as it calls the destination pc via UNC path (ie. \\pc1) instead of using the local host address. Since each pc is called individually, i'm going to assume this can also be run from the command prompt on any machine with the ResKit installed using the cusrmgr.exe program.

      Hope this helps...


      • #4
        Re: Group Policy Not Being Applied

        Hi emjtech,

        Thanks very much for replying...
        You are right...It does show that policy was applied under computer settings but not user settings. I overlooked it in gpresult -- perhaps because I wasnt working with a clear head.

        Admin password didnt change though.
        I am running the script from sysvol. I guess I need to work on the script a little more.

        thanks again -A


        • #5
          Re: Group Policy Not Being Applied

          "local admin password for domain users"

          This confuses me. Can you elaborate on this statement? If you have a logon script under the computer node in your gpo, and it's applied to a computer, then it needs to be restarted for the policy to take affect. Then, you will see the policy in gpresult for the computer node not the user node (will be filtered, due to no settings defined).

          Am I correct in assuming that you want to change the local admin password on your client machines? If this is the case, you must be a local admin to do so or user the "runas" switch in a cmd. there are other genius ways to do it using vbs, but that's a topic you may ask me about if you wish.