Hi Support,
Please help me with resolving GPO not applying on Windows 10 pro computers from Windows server 2012 R2 DC.
Let me give you a bit history on what I did and gpo's results. I've recently setup GPO on Windows server 2012 R2 DC to restrict some sites and linked it to Test OU with users and windows 10 pro computer accounts, but unfortunately wasn't applied properly as I was still able to access the restricted sites.
I did the following to get it fixed:
- added new Windows 10 admx files to the Group Policy Central Store onWindows server 2012 R2 DC and then deployed them (note: I can successfully browse\\mydcname\SYSVOL\mydomainname\Policies\PolicyDefinitions where the new Windows 10 admx files were copied to from windows 10 pc. I can also browse \\mydcname\NETLOGON folder from the same win 10 pc).
- did UNC hardening for netlogon and sysvol Shares in the registry on affected win 10 pc (HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths
“\\*\SYSVOL” “RequireMutualAuthentication=0”
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths “\\*\NETLOGON” “RequireMutualAuthentication=0”)
I did some investigation and here are the results:
- GPO name was listed in Applied GPOs in user settings but not in computer settings, when I ran gpresult /v
- I can see all the restricted sites listed in IE's restricted sites zone
- checked win 10 pc event viewer and found that Event IDs 1500 & 1501 saying that the group policy settings for the computer and user were processed successfully.
Where else to look into to get this fixed?
Thank you in advance.
Regards