Logo
CAR REVIEW
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
PREGNANCY
 
 
Windows Server

Windows Server 2012 : Managing Users with Local Security and Group Policies (part 3) - Troubleshooting Group Policy Applications

2/5/2014 2:41:19 AM

4. Troubleshooting Group Policy Applications

When policies are used throughout an organization, sometimes the policy settings do not apply to a user or computer as originally intended. To begin basic troubleshooting of Group Policy application issues, you need to understand the policy application hierarchy. First, any local server or workstation policies are applied to the user or computer, followed by site group policies, domain group policies, and, finally, the organizational unit group policies. If nested OUs have group policies, the parent OU policies are processed first, followed by the child OUs, and, finally, the OU containing the Active Directory object (user or computer). You might find it easier to remember LSD-OU—the acronym for local, site, domain, and then OU.

Now that you know the order in which policies are applied, you can proceed to use the Group Policy testing and troubleshooting tools provided with Windows Server 2012, namely the Group Policy Modeling tool in the Group Policy Management Console and the command-line utility GPResult.exe, which is the command-line version of the Resultant Set of Policy (RSoP) snap-in.

The Group Policy Modeling Tool

The Group Policy Modeling snap-in can be used to simulate the policy settings for a user who logs on to a server or workstation after all the respective policies have been applied. This tool is good for identifying which policies are being applied and what the effective setting is based on the defined simulation.

To simulate the policies for a user, use the Group Policy Modeling snap-in as follows:

1. Launch Server Manager on a machine that has the GPMC feature installed.

2. Expand the Tools menu and run Group Policy Management Console.

3. Expand the Forest folder.

4. Select the Group Policy Modeling folder.

5. Select Action, Group Policy Modeling Wizard to launch the wizard.

6. Click Next.

7. Leave the default domain controller selection, which chooses any available domain controller. Click Next.

8. Select the User option button in the User Information box, and click Browse.

9. Enter the name of a user to check, and click OK. Click Next to accept the user and computer selection.


Note

In the Group Policy Modeling Wizard, the net effect of the group policies can be modeled for specific users, computers, or entire containers for either object. This enables an administrator to see the effects for individual objects or for objects placed within the containers, making the tool very flexible.


10. Click Next on the Advanced Simulation Options page. The advanced simulation options enable you to model slow network connections, loopback processing mode, or specific sites.

11. Click Next to skip the Alternate AD Paths.

12. The User Security Groups page shows the groups that the user is a member of. You can add additional groups to see the effects of changes. Leave as is and click Next.

13. Click Next to skip the WMI Filters for Users page.

14. Click Next to run the simulation.

15. Click Finish to view the results.

16. Select the Details tab and if needed use Show link next to Group Policy Objects and next to Denied GPOs.

Within the console, you can review each particular setting to see whether a setting was applied or the desired setting was overwritten by a higher-level policy. The report shows why specific GPOs were denied. Figure 3 shows that two GPOs were denied to the user object tsmith. The Default Domain Policy GPO was denied because it is empty (of user settings) and the Remote Control Executives GPO was denied because of security filtering. The user tsmith is not a member of this group and, hence, does not have the GPO applied.

Image

Figure 3. The Group Policy Modeling report.

Other -----------------
- Windows Server 2012 Administration : Creating Groups (part 2) - Populating Groups, Group Management
- Windows Server 2012 Administration : Creating Groups (part 1) - Domain Functional Level and Groups , Creating AD Groups
- Windows Server 2012 Administration : Windows Server 2012 Active Directory Groups
- Microsoft Exchange Server 2010 : Managing Connectivity with Hub Transport Servers - Messages in Flight
- Microsoft Exchange Server 2010 : Managing Connectivity with Hub Transport Servers - Send and Receive Connectors (part 3)
- Microsoft Exchange Server 2010 : Managing Connectivity with Hub Transport Servers - Send and Receive Connectors (part 2)
- Microsoft Exchange Server 2010 : Managing Connectivity with Hub Transport Servers - Send and Receive Connectors (part 1)
- Microsoft Exchange Server 2010 : Managing Connectivity with Hub Transport Servers - Message Routing in the Organization
- Microsoft Exchange Server 2010 : Managing Connectivity with Hub Transport Servers - Transport Improvements in Exchange Server 2010
- Windows Server 2012 Administration : Configuring Sites (part 3) - Establishing Site Links, Delegating Control at the Site Level
- Windows Server 2012 Administration : Configuring Sites (part 2) - Creating a Site - Adding Domain Controllers to Sites
- Windows Server 2012 Administration : Configuring Sites (part 1) - Creating a Site - Creating Site Subnets
- Windows Server 2012 Administration : Examining Active Directory Site Administration
- Windows Server 2012 Administration : Defining the Administrative Model
- Sharepoint 2013 : Backup and Restore (part 6) - Farm Backup and Restore - Performing a Restore, Using PowerShell
- Sharepoint 2013 : Backup and Restore (part 5) - Farm Backup and Restore - Performing a Backup
- Sharepoint 2013 : Backup and Restore (part 4) - Farm Backup and Restore - Farm Backup Settings
- Sharepoint 2013 : Backup and Restore (part 3) - Unattached Content Database Data Recovery
- Sharepoint 2013 : Backup and Restore (part 2) - Export and Import - Using PowerShell, STSADM, Central Administration
- Sharepoint 2013 : Backup and Restore (part 1) - Site Collection Backups
 
 
Most view of day
- Windows Phone 8 : Configuring Basic Device Settings - Find My Phone
- Installing and Configuring the Basics of Exchange Server 2013 for a Brand-New Environment (part 7)
- Managing Windows Licensing and Activation : Managing Volume License Activation (part 1) - Centralizing activation with KMS
- Configuring Startup and Troubleshooting Startup Issues : Important Startup Files
- Using Voice and Sounds : Associating a Sound with an Event, Using Alternatives to Sound
- How to Troubleshoot Disk Problems (part 1) - How to Prepare for Disk Failures, How to Use Chkdsk
- Windows Server 2012 : Administering Active Directory using Windows PowerShell (part 1) - Managing user accounts with Windows PowerShell
- System Center Configuration Manager 2007 : Desired Configuration Management - Troubleshooting
- Working in the Background : PROVIDING POWER MANAGEMENT (part 1) - Getting the Power Management State
- SQL Server 2008 R2 : Creating and Managing Stored Procedures - Startup Procedures
Top 10
- Windows Phone 8 : Scheduled Tasks - Scheduled Task API Limitations
- Windows Phone 8 : Scheduled Tasks - Updating Tiles Using a Scheduled Task Agent
- Windows Phone 8 : Scheduled Tasks - To-Do List Scheduled Task Sample (part 5) - Editing an Existing To-Do Item
- Windows Phone 8 : Scheduled Tasks - To-Do List Scheduled Task Sample (part 4) - Creating the To-Do Item Shell Tile, Saving a To-Do Item
- Windows Phone 8 : Scheduled Tasks - To-Do List Scheduled Task Sample (part 3) - Debugging Scheduled Tasks
- Windows Phone 8 : Scheduled Tasks - To-Do List Scheduled Task Sample (part 2) - TodoService, TodoItemViewModel
- Windows Phone 8 : Scheduled Tasks - To-Do List Scheduled Task Sample (part 1) - TodoItem,TodoDataContext
- Windows Phone 8 : Scheduled Tasks - Using Scheduled Tasks
- Windows Phone 8 : Scheduled Tasks - Background Agent Types
- Windows Phone 8 : Windows Phone Toolkit Animated Page Transitions - Reusing the Transition Attached Properties
 
 
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro