Results 1 to 2 of 2

Thread: User/Computer blocked from Inheritance, no enforced GPO's but settings on GPResults?

  1. 12-23-2011, 05:59 AM #1
    dawsonweb Guest

    Default User/Computer blocked from Inheritance, no enforced GPO's but settings on GPResults?

    Hi. I'm pretty new to this stuff. I'm trying to setup a small test ou in my infrastructure to begin work tidying our mess. We have no enforced gpo's and i've created a new ou ad domain level with a block inheritance. This ou contains my computer and user object. Prior to moving the computer and user, I did log them in when they were part of their original ou's so they would have processed their original gpo's.
    Since moving them and updating the client i can see from gpresult that no gpo's are being applied.
    However...
    When I run the Group Policy Results wizard in gpmc for the user and computer in question I see that the summary confirms the gpresults noted earlier that no gpo's are applied but the settings tab shows that 2 settings are still in effect from 2 of the original ou's. The name of the gpo is not listed, but the guid is. I can track them back to gpo's that exist in our normal setup.
    Why would gpresults - settings be showing settings for gpo's that are not applying?

    Thanks.
    Reply With Quote Reply With Quote
  2. 03-28-2012, 10:21 AM #2
    brad Guest

    Default

    I believe what you are saying is that you made a GPO which applied a computer and user account, and then you moved these to an OU that has blocked inheritance. Now that you have moved them, the GPO's are no longer being applied but the settings are still there? Am I correct?

    This is because even though the GPOs are no longer being applied, the registry settings that they made are not erased. Those settings are still there until another GPO is created for these settings and applied to the OU that contains the accounts. What is different about this is that a user could now override the setting values that the GPO was applying and those user created values will not be overrided since the GPO is not being applied.

    Some GPOs have exceptions however. For instance, if you use Group Policy to automatically install applications, you can configure the application to uninstall itself once it falls out of scope of the GPO. There are ways of doing this too for asssigned printers as well. For the most part though, once a GPO changes a setting value, that setting value is retained once the GPO is disabled or blocked, until another GPO or a user reverses the settings.

    Brad Rudisail
    Tech Support for GPanswers and PolicyPak Software
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Search Engine Friendly URLs by vBSEO