{"id":2744,"date":"2020-04-28T01:40:24","date_gmt":"2020-04-28T01:40:24","guid":{"rendered":"https:\/\/wiki.thomasandsofia.com\/?p=2744"},"modified":"2020-04-28T21:30:17","modified_gmt":"2020-04-28T21:30:17","slug":"5-group-policy-troubleshooting","status":"publish","type":"post","link":"https:\/\/wiki.thomasandsofia.com\/?p=2744","title":{"rendered":"5 Group Policy Troubleshooting"},"content":{"rendered":"<p><a href=\"\/4-introduction-to-group-policy-management\/\">&lt; 4 Introduction to Group Policy Management<\/a> | <a href=\"\/active-directory-and-group-policies\/\">Home<\/a> | <a href=\"\/6-manage-your-workstations\/\">6 Manage Your Workstation &gt;<\/a><\/p>\n<h1>22: Troubleshooting Group Policy with MMC<\/h1>\n<p>RSOP.msc &#8211; Resultant Set of Policy<\/p>\n<p><a href=\"https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/lecture\/8378272#content\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/lecture\/8378272#content<\/a><\/p>\n<ul>\n<li>Windows Icon &gt; &#8216;rsop.msc&#8217; (Microsoft Common Console Document)\n<ul>\n<li>Available on all modern Windows computers (server and desktop)<\/li>\n<li>Mouse over to see path if the link is broken (mine is)<\/li>\n<li>C:\\Windows\\System32\\rsop.msc<\/li>\n<\/ul>\n<\/li>\n<li>Will show the UserName and Computer you are logged into.<\/li>\n<li>Looks very much like editing a Group Policy Object.\n<ul>\n<li>Can expand tabs to see which Polices are enabled\/disabled\/not defined.<\/li>\n<\/ul>\n<\/li>\n<li>If a GPO is not working, you can use this to see what has been applied.<\/li>\n<\/ul>\n<h1>23: Troubleshooting Group Policy with Command Prompt<\/h1>\n<p>(GPResult \/r)<\/p>\n<p><a href=\"https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/lecture\/8378288#content\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/lecture\/8378288#content<\/a><\/p>\n<h2>Using CMD<\/h2>\n<p>Open a command terminal and run gpresult \/r<\/p>\n<ul>\n<li>\/r = report<\/li>\n<li>Provides both Computer and User related data.<\/li>\n<\/ul>\n<pre>C:\\Users\\Administrator&gt;gpresult \/r\r\n\r\nMicrosoft (R) Windows (R) Operating System Group Policy Result tool v2.0\r\n\u00a9 2018 Microsoft Corporation. All rights reserved.\r\n\r\nCreated on \u200e4\/\u200e28\/\u200e2020 at 4:38:21 AM\r\n\r\n\r\nRSOP data for TAS\\Administrator on WINAD01 : Logging Mode\r\n----------------------------------------------------------\r\n\r\nOS Configuration: Primary Domain Controller\r\nOS Version: 10.0.17763\r\nSite Name: Default-First-Site-Name\r\nRoaming Profile: N\/A\r\nLocal Profile: C:\\Users\\Administrator\r\nConnected over a slow link?: No\r\n\r\n\r\nCOMPUTER SETTINGS\r\n------------------\r\nCN=WINAD01,OU=Domain Controllers,DC=tas,DC=local\r\nLast time Group Policy was applied: 4\/28\/2020 at 4:35:15 AM\r\nGroup Policy was applied from: winad01.tas.local\r\nGroup Policy slow link threshold: 500 kbps\r\nDomain Name: TAS\r\nDomain Type: Windows 2008 or later\r\n\r\nApplied Group Policy Objects\r\n-----------------------------\r\nDefault Domain Controllers Policy\r\nDefault Domain Policy\r\n\r\nThe following GPOs were not applied because they were filtered out\r\n-------------------------------------------------------------------\r\nLocal Group Policy\r\nFiltering: Not Applied (Empty)\r\n\r\nThe computer is a part of the following security groups\r\n-------------------------------------------------------\r\nBUILTIN\\Administrators\r\nEveryone\r\nBUILTIN\\Pre-Windows 2000 Compatible Access\r\nBUILTIN\\Users\r\nWindows Authorization Access Group\r\nNT AUTHORITY\\NETWORK\r\nNT AUTHORITY\\Authenticated Users\r\nThis Organization\r\nWINAD01$\r\nDomain Controllers\r\nNT AUTHORITY\\ENTERPRISE DOMAIN CONTROLLERS\r\nAuthentication authority asserted identity\r\nDenied RODC Password Replication Group\r\nSystem Mandatory Level\r\n\r\n\r\nUSER SETTINGS\r\n--------------\r\nCN=Administrator,CN=Users,DC=tas,DC=local\r\nLast time Group Policy was applied: 4\/28\/2020 at 4:35:51 AM\r\nGroup Policy was applied from: winad01.tas.local\r\nGroup Policy slow link threshold: 500 kbps\r\nDomain Name: TAS\r\nDomain Type: Windows 2008 or later\r\n\r\nApplied Group Policy Objects\r\n-----------------------------\r\nN\/A\r\n\r\nThe following GPOs were not applied because they were filtered out\r\n-------------------------------------------------------------------\r\nLocal Group Policy\r\nFiltering: Not Applied (Empty)\r\n\r\nThe user is a part of the following security groups\r\n---------------------------------------------------\r\nDomain Users\r\nEveryone\r\nBUILTIN\\Administrators\r\nBUILTIN\\Users\r\nBUILTIN\\Pre-Windows 2000 Compatible Access\r\nNT AUTHORITY\\INTERACTIVE\r\nCONSOLE LOGON\r\nNT AUTHORITY\\Authenticated Users\r\nThis Organization\r\nLOCAL\r\nGroup Policy Creator Owners\r\nDomain Admins\r\nSchema Admins\r\nEnterprise Admins\r\nAuthentication authority asserted identity\r\nDenied RODC Password Replication Group\r\nHigh Mandatory Level<\/pre>\n<p>Points of Interest<\/p>\n<ul>\n<li>RSOP data for <strong>TAS\\Administrator<\/strong> on <strong>WINAD01<\/strong> : Logging Mode<\/li>\n<li>Group Policy settings\n<ul>\n<li>When applying a GPO, you should go to the target computer\/user and verify it is being applied<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<pre>Applied Group Policy Objects\r\n-----------------------------\r\nDefault Domain Controllers Policy\r\nDefault Domain Policy<\/pre>\n<h1>24: Creating Non-Inheriting Organizational Units for GPO Testing \/ Troubleshooting<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/lecture\/8378312#content\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/lecture\/8378312#content<\/a><\/p>\n<p>Non-inheriting OUs will not inherit any GPOs EXCEPT those that are Enforced.<\/p>\n<h2>Overview<\/h2>\n<ul>\n<li>Create an OU<\/li>\n<li>Disable inheritance<\/li>\n<\/ul>\n<h2>Procedure<\/h2>\n<ul>\n<li>Server Manager &gt; Tools &gt; AD Users and Computers\n<ul>\n<li>AD Users and Computers &gt; domain.tld &gt; domain [RtClk] &gt; New OU\n<ul>\n<li>Test no inherit<\/li>\n<\/ul>\n<\/li>\n<li>Drag the &#8216;Administrator&#8217; user into the new OU<\/li>\n<\/ul>\n<\/li>\n<li>Server Manager &gt; Tools &gt; Group Policy Management\n<ul>\n<li>Create a GPO to test with\n<ul>\n<li>Group Policy Management &gt; Forest: domain.tld &gt; Domains &gt; domain.tld &gt; Default Domain Policy [RtClk] &gt; Edit&#8230;<\/li>\n<li>User Configuration &gt; Policies &gt; Admin templates &gt; Desktop &gt; Disable Active Desktop (Dbl Clk) Enable<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Open CMD\n<ul>\n<li>Update policy instantly\n<ul>\n<li>gpupdate<\/li>\n<\/ul>\n<\/li>\n<li>View update\n<ul>\n<li>gpresult \/r\n<ul>\n<li>&#8220;Default Domain Policy&#8221;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Create a <strong>GPO<\/strong> under (inside) &#8216;Test no inherit&#8217; called &#8216;Test GPO&#8217;\n<ul>\n<li>Test GPO [RtClk] &gt; Edit\n<ul>\n<li>User Configs &gt; Preferences &gt; Win Settings &gt; Folders [RtClk] &gt; New &gt; Folder\n<ul>\n<li>Path: C:\\TestFolder<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Verify the settings are there:\n<ul>\n<li>Return to Group Policy Management &gt; &#8230; &gt; Test GPO (DblClk) &gt; Setting tab<\/li>\n<\/ul>\n<\/li>\n<li>Demonstrate Both Policies enabled\n<ul>\n<li>CMD Run &#8216;gpupdate \/force&#8217; then &#8216;gpresult \/r&#8217;\n<ul>\n<li>Applied Group Policy Objects\n<ul>\n<li>Test GPO<\/li>\n<li>Default Domain Policy<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Now set the OU as non-inheriting\n<ul>\n<li>GPM &gt; &#8230; &gt; Test no inherit [RtClk] &gt; Block Inheritance\n<ul>\n<li>Icon will change to include &#8216;!&#8217;<\/li>\n<li>Note: Return to AD and you will NOT know it is non-inheriting.\u00a0 This is why it is a good idea to label these as such!<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Demonstrate Default is no longer active\n<ul>\n<li>CMD Run &#8216;gpupdate \/force&#8217; then &#8216;gpresult \/r&#8217;\n<ul>\n<li>Applied Group Policy Objects\n<ul>\n<li>Test GPO<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Enforce &#8216;Default Domain Policy&#8217;\n<ul>\n<li>GPM &gt; &#8230; &gt; Default Domain Policy [RtClk] &gt; Enforced\n<ul>\n<li>Icon changes with UpRight Arrow<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Demonstrate Default is again active.\n<ul>\n<li>CMD Run &#8216;gpupdate \/force&#8217; then &#8216;gpresult \/r&#8217;\n<ul>\n<li>Applied Group Policy Objects\n<ul>\n<li>Test GPO<\/li>\n<li>Default Domain Policy<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>The rest of the video is undoing everything we did.<\/p>\n<h1>Quiz 2: Group Policy Knowledge Test<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/quiz\/427388#content\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/quiz\/427388#content<\/a><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&lt; 4 Introduction to Group Policy Management | Home | 6 Manage Your Workstation &gt; 22: Troubleshooting Group Policy with MMC RSOP.msc &#8211; Resultant Set of Policy https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/lecture\/8378272#content Windows Icon &gt; &#8216;rsop.msc&#8217; (Microsoft Common Console Document) Available on all modern Windows computers (server and desktop) Mouse over to see path if the link is broken ..<\/p>\n<div class=\"clear-fix\"><\/div>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/?p=2744\" title=\"read more...\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[],"class_list":["post-2744","post","type-post","status-publish","format-standard","hentry","category-active-directory"],"_links":{"self":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/2744","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2744"}],"version-history":[{"count":5,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/2744\/revisions"}],"predecessor-version":[{"id":2753,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/2744\/revisions\/2753"}],"wp:attachment":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2744"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2744"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2744"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}