How to make the Default Domain Policy apply to the domain?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












2















We have a domain, and it has a default domain policy that has existed for 16 years (since 2003):



enter image description here



I just realized today that this policy, with all its policies, are not being applied to any users or computers on the domain.



The simplest example of this is a Computer based QoS policy that exists in the Default Domain Policy:



enter image description here



But does not exist on any domain-joined machine:



enter image description here




Note: There are, of course, other policies:



enter image description here



Some set group policies, some create registry keys. None of them have any effect, or have an affect on the domain-joined machines or the domain users logged in to them.




The policy contains both per-machine, and per-user, policies, and neither are being applied.



The Default Domain Policy is Linked, and Enforced:



enter image description here



How do i make the Default Domain Policy apply to the domain?










share|improve this question













migrated from superuser.com Jan 4 at 16:43


This question came from our site for computer enthusiasts and power users.















  • You have to use GPRESULT or RSOP to show the GPOs and settings applied on your client. The LOCAL Policy Editor just shows yout LOCAL ("additional") changes, not the ones from the domains GPO.

    – bjoster
    Jan 4 at 17:01











  • Side note, don't "enforce" a policy unless you have a specific reason to do so, like to override an inheritance block, or a conflicting setting being applied later in processing. Enforcing without reason just further complicates troubleshooting.

    – Semicolon
    Jan 4 at 17:23











  • @Semicolon As far as i know nobody "enforced" anything. The policy is the way it is, and i don't even know what "enforce" means. (Well, i know what enforce means, but i don't know what it means for a group policy to be enforced, or for a group policy to not be enforced. It would seem to have a group policy not forced upon users - what's the point of a group policy if users can choose to ignore them)

    – Ian Boyd
    Jan 4 at 17:58











  • I mentioned it because according to your screenshot, the DDP link is enforced - as evidenced by the padlock icon on the link. This is not default, so somebody did it. Now, as there are essentially no other GPOs in place, collateral damage is non-existent. It was just something I noticed, and thought I would share. As for unexperienced administrators, "enforcing" a GPO link is usually a first step taken to get a GPO is working if it is not currently (which is kinda where you thought you were). As for the rest of your comment, I suggest research, as I am at my character limit.

    – Semicolon
    Jan 7 at 15:56















2















We have a domain, and it has a default domain policy that has existed for 16 years (since 2003):



enter image description here



I just realized today that this policy, with all its policies, are not being applied to any users or computers on the domain.



The simplest example of this is a Computer based QoS policy that exists in the Default Domain Policy:



enter image description here



But does not exist on any domain-joined machine:



enter image description here




Note: There are, of course, other policies:



enter image description here



Some set group policies, some create registry keys. None of them have any effect, or have an affect on the domain-joined machines or the domain users logged in to them.




The policy contains both per-machine, and per-user, policies, and neither are being applied.



The Default Domain Policy is Linked, and Enforced:



enter image description here



How do i make the Default Domain Policy apply to the domain?










share|improve this question













migrated from superuser.com Jan 4 at 16:43


This question came from our site for computer enthusiasts and power users.















  • You have to use GPRESULT or RSOP to show the GPOs and settings applied on your client. The LOCAL Policy Editor just shows yout LOCAL ("additional") changes, not the ones from the domains GPO.

    – bjoster
    Jan 4 at 17:01











  • Side note, don't "enforce" a policy unless you have a specific reason to do so, like to override an inheritance block, or a conflicting setting being applied later in processing. Enforcing without reason just further complicates troubleshooting.

    – Semicolon
    Jan 4 at 17:23











  • @Semicolon As far as i know nobody "enforced" anything. The policy is the way it is, and i don't even know what "enforce" means. (Well, i know what enforce means, but i don't know what it means for a group policy to be enforced, or for a group policy to not be enforced. It would seem to have a group policy not forced upon users - what's the point of a group policy if users can choose to ignore them)

    – Ian Boyd
    Jan 4 at 17:58











  • I mentioned it because according to your screenshot, the DDP link is enforced - as evidenced by the padlock icon on the link. This is not default, so somebody did it. Now, as there are essentially no other GPOs in place, collateral damage is non-existent. It was just something I noticed, and thought I would share. As for unexperienced administrators, "enforcing" a GPO link is usually a first step taken to get a GPO is working if it is not currently (which is kinda where you thought you were). As for the rest of your comment, I suggest research, as I am at my character limit.

    – Semicolon
    Jan 7 at 15:56













2












2








2








We have a domain, and it has a default domain policy that has existed for 16 years (since 2003):



enter image description here



I just realized today that this policy, with all its policies, are not being applied to any users or computers on the domain.



The simplest example of this is a Computer based QoS policy that exists in the Default Domain Policy:



enter image description here



But does not exist on any domain-joined machine:



enter image description here




Note: There are, of course, other policies:



enter image description here



Some set group policies, some create registry keys. None of them have any effect, or have an affect on the domain-joined machines or the domain users logged in to them.




The policy contains both per-machine, and per-user, policies, and neither are being applied.



The Default Domain Policy is Linked, and Enforced:



enter image description here



How do i make the Default Domain Policy apply to the domain?










share|improve this question














We have a domain, and it has a default domain policy that has existed for 16 years (since 2003):



enter image description here



I just realized today that this policy, with all its policies, are not being applied to any users or computers on the domain.



The simplest example of this is a Computer based QoS policy that exists in the Default Domain Policy:



enter image description here



But does not exist on any domain-joined machine:



enter image description here




Note: There are, of course, other policies:



enter image description here



Some set group policies, some create registry keys. None of them have any effect, or have an affect on the domain-joined machines or the domain users logged in to them.




The policy contains both per-machine, and per-user, policies, and neither are being applied.



The Default Domain Policy is Linked, and Enforced:



enter image description here



How do i make the Default Domain Policy apply to the domain?







active-directory group-policy windows-server-2012-r2






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jan 4 at 16:41









Ian BoydIan Boyd

3,071114667




3,071114667




migrated from superuser.com Jan 4 at 16:43


This question came from our site for computer enthusiasts and power users.






migrated from superuser.com Jan 4 at 16:43


This question came from our site for computer enthusiasts and power users.














  • You have to use GPRESULT or RSOP to show the GPOs and settings applied on your client. The LOCAL Policy Editor just shows yout LOCAL ("additional") changes, not the ones from the domains GPO.

    – bjoster
    Jan 4 at 17:01











  • Side note, don't "enforce" a policy unless you have a specific reason to do so, like to override an inheritance block, or a conflicting setting being applied later in processing. Enforcing without reason just further complicates troubleshooting.

    – Semicolon
    Jan 4 at 17:23











  • @Semicolon As far as i know nobody "enforced" anything. The policy is the way it is, and i don't even know what "enforce" means. (Well, i know what enforce means, but i don't know what it means for a group policy to be enforced, or for a group policy to not be enforced. It would seem to have a group policy not forced upon users - what's the point of a group policy if users can choose to ignore them)

    – Ian Boyd
    Jan 4 at 17:58











  • I mentioned it because according to your screenshot, the DDP link is enforced - as evidenced by the padlock icon on the link. This is not default, so somebody did it. Now, as there are essentially no other GPOs in place, collateral damage is non-existent. It was just something I noticed, and thought I would share. As for unexperienced administrators, "enforcing" a GPO link is usually a first step taken to get a GPO is working if it is not currently (which is kinda where you thought you were). As for the rest of your comment, I suggest research, as I am at my character limit.

    – Semicolon
    Jan 7 at 15:56

















  • You have to use GPRESULT or RSOP to show the GPOs and settings applied on your client. The LOCAL Policy Editor just shows yout LOCAL ("additional") changes, not the ones from the domains GPO.

    – bjoster
    Jan 4 at 17:01











  • Side note, don't "enforce" a policy unless you have a specific reason to do so, like to override an inheritance block, or a conflicting setting being applied later in processing. Enforcing without reason just further complicates troubleshooting.

    – Semicolon
    Jan 4 at 17:23











  • @Semicolon As far as i know nobody "enforced" anything. The policy is the way it is, and i don't even know what "enforce" means. (Well, i know what enforce means, but i don't know what it means for a group policy to be enforced, or for a group policy to not be enforced. It would seem to have a group policy not forced upon users - what's the point of a group policy if users can choose to ignore them)

    – Ian Boyd
    Jan 4 at 17:58











  • I mentioned it because according to your screenshot, the DDP link is enforced - as evidenced by the padlock icon on the link. This is not default, so somebody did it. Now, as there are essentially no other GPOs in place, collateral damage is non-existent. It was just something I noticed, and thought I would share. As for unexperienced administrators, "enforcing" a GPO link is usually a first step taken to get a GPO is working if it is not currently (which is kinda where you thought you were). As for the rest of your comment, I suggest research, as I am at my character limit.

    – Semicolon
    Jan 7 at 15:56
















You have to use GPRESULT or RSOP to show the GPOs and settings applied on your client. The LOCAL Policy Editor just shows yout LOCAL ("additional") changes, not the ones from the domains GPO.

– bjoster
Jan 4 at 17:01





You have to use GPRESULT or RSOP to show the GPOs and settings applied on your client. The LOCAL Policy Editor just shows yout LOCAL ("additional") changes, not the ones from the domains GPO.

– bjoster
Jan 4 at 17:01













Side note, don't "enforce" a policy unless you have a specific reason to do so, like to override an inheritance block, or a conflicting setting being applied later in processing. Enforcing without reason just further complicates troubleshooting.

– Semicolon
Jan 4 at 17:23





Side note, don't "enforce" a policy unless you have a specific reason to do so, like to override an inheritance block, or a conflicting setting being applied later in processing. Enforcing without reason just further complicates troubleshooting.

– Semicolon
Jan 4 at 17:23













@Semicolon As far as i know nobody "enforced" anything. The policy is the way it is, and i don't even know what "enforce" means. (Well, i know what enforce means, but i don't know what it means for a group policy to be enforced, or for a group policy to not be enforced. It would seem to have a group policy not forced upon users - what's the point of a group policy if users can choose to ignore them)

– Ian Boyd
Jan 4 at 17:58





@Semicolon As far as i know nobody "enforced" anything. The policy is the way it is, and i don't even know what "enforce" means. (Well, i know what enforce means, but i don't know what it means for a group policy to be enforced, or for a group policy to not be enforced. It would seem to have a group policy not forced upon users - what's the point of a group policy if users can choose to ignore them)

– Ian Boyd
Jan 4 at 17:58













I mentioned it because according to your screenshot, the DDP link is enforced - as evidenced by the padlock icon on the link. This is not default, so somebody did it. Now, as there are essentially no other GPOs in place, collateral damage is non-existent. It was just something I noticed, and thought I would share. As for unexperienced administrators, "enforcing" a GPO link is usually a first step taken to get a GPO is working if it is not currently (which is kinda where you thought you were). As for the rest of your comment, I suggest research, as I am at my character limit.

– Semicolon
Jan 7 at 15:56





I mentioned it because according to your screenshot, the DDP link is enforced - as evidenced by the padlock icon on the link. This is not default, so somebody did it. Now, as there are essentially no other GPOs in place, collateral damage is non-existent. It was just something I noticed, and thought I would share. As for unexperienced administrators, "enforcing" a GPO link is usually a first step taken to get a GPO is working if it is not currently (which is kinda where you thought you were). As for the rest of your comment, I suggest research, as I am at my character limit.

– Semicolon
Jan 7 at 15:56










1 Answer
1






active

oldest

votes


















10














The local Group Policy editor doesn't show you domain Group Policy settings, it shows you local Group Policy settings. If you want to see what domain Group Policy settings are applied to the machine/user then run RSOP or GPRESULT on the machine in question.






share|improve this answer






















    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "2"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f947624%2fhow-to-make-the-default-domain-policy-apply-to-the-domain%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    10














    The local Group Policy editor doesn't show you domain Group Policy settings, it shows you local Group Policy settings. If you want to see what domain Group Policy settings are applied to the machine/user then run RSOP or GPRESULT on the machine in question.






    share|improve this answer



























      10














      The local Group Policy editor doesn't show you domain Group Policy settings, it shows you local Group Policy settings. If you want to see what domain Group Policy settings are applied to the machine/user then run RSOP or GPRESULT on the machine in question.






      share|improve this answer

























        10












        10








        10







        The local Group Policy editor doesn't show you domain Group Policy settings, it shows you local Group Policy settings. If you want to see what domain Group Policy settings are applied to the machine/user then run RSOP or GPRESULT on the machine in question.






        share|improve this answer













        The local Group Policy editor doesn't show you domain Group Policy settings, it shows you local Group Policy settings. If you want to see what domain Group Policy settings are applied to the machine/user then run RSOP or GPRESULT on the machine in question.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Jan 4 at 16:53









        joeqwertyjoeqwerty

        95.6k463149




        95.6k463149



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Server Fault!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f947624%2fhow-to-make-the-default-domain-policy-apply-to-the-domain%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown






            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?