How to make the Default Domain Policy apply to the domain?
Clash Royale CLAN TAG#URR8PPP
We have a domain, and it has a default domain policy that has existed for 16 years (since 2003):
I just realized today that this policy, with all its policies, are not being applied to any users or computers on the domain.
The simplest example of this is a Computer based QoS policy that exists in the Default Domain Policy:
But does not exist on any domain-joined machine:
Note: There are, of course, other policies:
Some set group policies, some create registry keys. None of them have any effect, or have an affect on the domain-joined machines or the domain users logged in to them.
The policy contains both per-machine, and per-user, policies, and neither are being applied.
The Default Domain Policy is Linked, and Enforced:
How do i make the Default Domain Policy apply to the domain?
active-directory group-policy windows-server-2012-r2
migrated from superuser.com Jan 4 at 16:43
This question came from our site for computer enthusiasts and power users.
add a comment |
We have a domain, and it has a default domain policy that has existed for 16 years (since 2003):
I just realized today that this policy, with all its policies, are not being applied to any users or computers on the domain.
The simplest example of this is a Computer based QoS policy that exists in the Default Domain Policy:
But does not exist on any domain-joined machine:
Note: There are, of course, other policies:
Some set group policies, some create registry keys. None of them have any effect, or have an affect on the domain-joined machines or the domain users logged in to them.
The policy contains both per-machine, and per-user, policies, and neither are being applied.
The Default Domain Policy is Linked, and Enforced:
How do i make the Default Domain Policy apply to the domain?
active-directory group-policy windows-server-2012-r2
migrated from superuser.com Jan 4 at 16:43
This question came from our site for computer enthusiasts and power users.
You have to use GPRESULT or RSOP to show the GPOs and settings applied on your client. The LOCAL Policy Editor just shows yout LOCAL ("additional") changes, not the ones from the domains GPO.
– bjoster
Jan 4 at 17:01
Side note, don't "enforce" a policy unless you have a specific reason to do so, like to override an inheritance block, or a conflicting setting being applied later in processing. Enforcing without reason just further complicates troubleshooting.
– Semicolon
Jan 4 at 17:23
@Semicolon As far as i know nobody "enforced" anything. The policy is the way it is, and i don't even know what "enforce" means. (Well, i know what enforce means, but i don't know what it means for a group policy to be enforced, or for a group policy to not be enforced. It would seem to have a group policy not forced upon users - what's the point of a group policy if users can choose to ignore them)
– Ian Boyd
Jan 4 at 17:58
I mentioned it because according to your screenshot, the DDP link is enforced - as evidenced by the padlock icon on the link. This is not default, so somebody did it. Now, as there are essentially no other GPOs in place, collateral damage is non-existent. It was just something I noticed, and thought I would share. As for unexperienced administrators, "enforcing" a GPO link is usually a first step taken to get a GPO is working if it is not currently (which is kinda where you thought you were). As for the rest of your comment, I suggest research, as I am at my character limit.
– Semicolon
Jan 7 at 15:56
add a comment |
We have a domain, and it has a default domain policy that has existed for 16 years (since 2003):
I just realized today that this policy, with all its policies, are not being applied to any users or computers on the domain.
The simplest example of this is a Computer based QoS policy that exists in the Default Domain Policy:
But does not exist on any domain-joined machine:
Note: There are, of course, other policies:
Some set group policies, some create registry keys. None of them have any effect, or have an affect on the domain-joined machines or the domain users logged in to them.
The policy contains both per-machine, and per-user, policies, and neither are being applied.
The Default Domain Policy is Linked, and Enforced:
How do i make the Default Domain Policy apply to the domain?
active-directory group-policy windows-server-2012-r2
We have a domain, and it has a default domain policy that has existed for 16 years (since 2003):
I just realized today that this policy, with all its policies, are not being applied to any users or computers on the domain.
The simplest example of this is a Computer based QoS policy that exists in the Default Domain Policy:
But does not exist on any domain-joined machine:
Note: There are, of course, other policies:
Some set group policies, some create registry keys. None of them have any effect, or have an affect on the domain-joined machines or the domain users logged in to them.
The policy contains both per-machine, and per-user, policies, and neither are being applied.
The Default Domain Policy is Linked, and Enforced:
How do i make the Default Domain Policy apply to the domain?
active-directory group-policy windows-server-2012-r2
active-directory group-policy windows-server-2012-r2
asked Jan 4 at 16:41
Ian BoydIan Boyd
3,071114667
3,071114667
migrated from superuser.com Jan 4 at 16:43
This question came from our site for computer enthusiasts and power users.
migrated from superuser.com Jan 4 at 16:43
This question came from our site for computer enthusiasts and power users.
You have to use GPRESULT or RSOP to show the GPOs and settings applied on your client. The LOCAL Policy Editor just shows yout LOCAL ("additional") changes, not the ones from the domains GPO.
– bjoster
Jan 4 at 17:01
Side note, don't "enforce" a policy unless you have a specific reason to do so, like to override an inheritance block, or a conflicting setting being applied later in processing. Enforcing without reason just further complicates troubleshooting.
– Semicolon
Jan 4 at 17:23
@Semicolon As far as i know nobody "enforced" anything. The policy is the way it is, and i don't even know what "enforce" means. (Well, i know what enforce means, but i don't know what it means for a group policy to be enforced, or for a group policy to not be enforced. It would seem to have a group policy not forced upon users - what's the point of a group policy if users can choose to ignore them)
– Ian Boyd
Jan 4 at 17:58
I mentioned it because according to your screenshot, the DDP link is enforced - as evidenced by the padlock icon on the link. This is not default, so somebody did it. Now, as there are essentially no other GPOs in place, collateral damage is non-existent. It was just something I noticed, and thought I would share. As for unexperienced administrators, "enforcing" a GPO link is usually a first step taken to get a GPO is working if it is not currently (which is kinda where you thought you were). As for the rest of your comment, I suggest research, as I am at my character limit.
– Semicolon
Jan 7 at 15:56
add a comment |
You have to use GPRESULT or RSOP to show the GPOs and settings applied on your client. The LOCAL Policy Editor just shows yout LOCAL ("additional") changes, not the ones from the domains GPO.
– bjoster
Jan 4 at 17:01
Side note, don't "enforce" a policy unless you have a specific reason to do so, like to override an inheritance block, or a conflicting setting being applied later in processing. Enforcing without reason just further complicates troubleshooting.
– Semicolon
Jan 4 at 17:23
@Semicolon As far as i know nobody "enforced" anything. The policy is the way it is, and i don't even know what "enforce" means. (Well, i know what enforce means, but i don't know what it means for a group policy to be enforced, or for a group policy to not be enforced. It would seem to have a group policy not forced upon users - what's the point of a group policy if users can choose to ignore them)
– Ian Boyd
Jan 4 at 17:58
I mentioned it because according to your screenshot, the DDP link is enforced - as evidenced by the padlock icon on the link. This is not default, so somebody did it. Now, as there are essentially no other GPOs in place, collateral damage is non-existent. It was just something I noticed, and thought I would share. As for unexperienced administrators, "enforcing" a GPO link is usually a first step taken to get a GPO is working if it is not currently (which is kinda where you thought you were). As for the rest of your comment, I suggest research, as I am at my character limit.
– Semicolon
Jan 7 at 15:56
You have to use GPRESULT or RSOP to show the GPOs and settings applied on your client. The LOCAL Policy Editor just shows yout LOCAL ("additional") changes, not the ones from the domains GPO.
– bjoster
Jan 4 at 17:01
You have to use GPRESULT or RSOP to show the GPOs and settings applied on your client. The LOCAL Policy Editor just shows yout LOCAL ("additional") changes, not the ones from the domains GPO.
– bjoster
Jan 4 at 17:01
Side note, don't "enforce" a policy unless you have a specific reason to do so, like to override an inheritance block, or a conflicting setting being applied later in processing. Enforcing without reason just further complicates troubleshooting.
– Semicolon
Jan 4 at 17:23
Side note, don't "enforce" a policy unless you have a specific reason to do so, like to override an inheritance block, or a conflicting setting being applied later in processing. Enforcing without reason just further complicates troubleshooting.
– Semicolon
Jan 4 at 17:23
@Semicolon As far as i know nobody "enforced" anything. The policy is the way it is, and i don't even know what "enforce" means. (Well, i know what enforce means, but i don't know what it means for a group policy to be enforced, or for a group policy to not be enforced. It would seem to have a group policy not forced upon users - what's the point of a group policy if users can choose to ignore them)
– Ian Boyd
Jan 4 at 17:58
@Semicolon As far as i know nobody "enforced" anything. The policy is the way it is, and i don't even know what "enforce" means. (Well, i know what enforce means, but i don't know what it means for a group policy to be enforced, or for a group policy to not be enforced. It would seem to have a group policy not forced upon users - what's the point of a group policy if users can choose to ignore them)
– Ian Boyd
Jan 4 at 17:58
I mentioned it because according to your screenshot, the DDP link is enforced - as evidenced by the padlock icon on the link. This is not default, so somebody did it. Now, as there are essentially no other GPOs in place, collateral damage is non-existent. It was just something I noticed, and thought I would share. As for unexperienced administrators, "enforcing" a GPO link is usually a first step taken to get a GPO is working if it is not currently (which is kinda where you thought you were). As for the rest of your comment, I suggest research, as I am at my character limit.
– Semicolon
Jan 7 at 15:56
I mentioned it because according to your screenshot, the DDP link is enforced - as evidenced by the padlock icon on the link. This is not default, so somebody did it. Now, as there are essentially no other GPOs in place, collateral damage is non-existent. It was just something I noticed, and thought I would share. As for unexperienced administrators, "enforcing" a GPO link is usually a first step taken to get a GPO is working if it is not currently (which is kinda where you thought you were). As for the rest of your comment, I suggest research, as I am at my character limit.
– Semicolon
Jan 7 at 15:56
add a comment |
1 Answer
1
active
oldest
votes
The local Group Policy editor doesn't show you domain Group Policy settings, it shows you local Group Policy settings. If you want to see what domain Group Policy settings are applied to the machine/user then run RSOP or GPRESULT on the machine in question.
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f947624%2fhow-to-make-the-default-domain-policy-apply-to-the-domain%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The local Group Policy editor doesn't show you domain Group Policy settings, it shows you local Group Policy settings. If you want to see what domain Group Policy settings are applied to the machine/user then run RSOP or GPRESULT on the machine in question.
add a comment |
The local Group Policy editor doesn't show you domain Group Policy settings, it shows you local Group Policy settings. If you want to see what domain Group Policy settings are applied to the machine/user then run RSOP or GPRESULT on the machine in question.
add a comment |
The local Group Policy editor doesn't show you domain Group Policy settings, it shows you local Group Policy settings. If you want to see what domain Group Policy settings are applied to the machine/user then run RSOP or GPRESULT on the machine in question.
The local Group Policy editor doesn't show you domain Group Policy settings, it shows you local Group Policy settings. If you want to see what domain Group Policy settings are applied to the machine/user then run RSOP or GPRESULT on the machine in question.
answered Jan 4 at 16:53
joeqwertyjoeqwerty
95.6k463149
95.6k463149
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f947624%2fhow-to-make-the-default-domain-policy-apply-to-the-domain%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
You have to use GPRESULT or RSOP to show the GPOs and settings applied on your client. The LOCAL Policy Editor just shows yout LOCAL ("additional") changes, not the ones from the domains GPO.
– bjoster
Jan 4 at 17:01
Side note, don't "enforce" a policy unless you have a specific reason to do so, like to override an inheritance block, or a conflicting setting being applied later in processing. Enforcing without reason just further complicates troubleshooting.
– Semicolon
Jan 4 at 17:23
@Semicolon As far as i know nobody "enforced" anything. The policy is the way it is, and i don't even know what "enforce" means. (Well, i know what enforce means, but i don't know what it means for a group policy to be enforced, or for a group policy to not be enforced. It would seem to have a group policy not forced upon users - what's the point of a group policy if users can choose to ignore them)
– Ian Boyd
Jan 4 at 17:58
I mentioned it because according to your screenshot, the DDP link is enforced - as evidenced by the padlock icon on the link. This is not default, so somebody did it. Now, as there are essentially no other GPOs in place, collateral damage is non-existent. It was just something I noticed, and thought I would share. As for unexperienced administrators, "enforcing" a GPO link is usually a first step taken to get a GPO is working if it is not currently (which is kinda where you thought you were). As for the rest of your comment, I suggest research, as I am at my character limit.
– Semicolon
Jan 7 at 15:56