客户端未“看到”组策略 GPO

tag-icon tag-icon active-directory windows-server-2008-r2 group-policy
客户端未“看到”组策略 GPO

我有一个新的 OU (natorg.local\NATO\Users),我正在尝试将 GP 应用于该 OU。我已在此 OU 中创建了一个新用户,并将 3 个 GPO 链接到此 OU:

DESKTOP - Folder Redirection (AppData)
DESKTOP - Folder Redirection (Desktop)
DESKTOP - Folder Redirection (Documents)

希望这些名称足以说明它们的具体功能。设置位于用户设置下,因此不需要环回处理(如果我的理解正确的话)。

用户和特定计算机的 GP 建模表明将/应该应用 GPO,但是在客户端上,gpresult 甚至似乎没有在“已应用”或“未应用”下看到 GPO:

USER SETTINGS
--------------
    CN=Amir,OU=Users,OU=NATO,DC=natorg,DC=local
    Last time Group Policy was applied: 25/06/2012 at 11:07:13 AM
    Group Policy was applied from:      svr-addc-01.natorg.local
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        LAPTOPS - Power Settings
        WSUS - Set Server Address
        OUTLOOK - Auto Archive
        SECURITY - Lock Screen After Idle
        Default Domain Policy
        DESKTOP - Regional Settings
        NETWORK - Proxy Configuration
        NETWORK - IE General Config
        OFFICE - Trusted Locations
        OFFICE - Increase Privacy
        OUTLOOK - Disable Junk Filter
        DESKTOP - Disable Windows Error Reporting
        DESKTOP - Hide Language Bar
        NETWORK - Disable Skype
        DESKTOP - Disable Thumbs.db Creation
        WSUS - Set Server Address

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

        NETWORK - Google Chrome Configuration
                Filtering:  Not Applied (Empty)

        SYSTEM - Event Log Configuration
            Filtering:  Not Applied (Empty)

        SECURITY - Local Administrator Password
            Filtering:  Not Applied (Empty)

        NETWORK - Disable Windows Messenger
            Filtering:  Not Applied (Empty)

        SECURITY - Audit Policy
            Filtering:  Not Applied (Empty)

        WSUS - Automatic Install
            Filtering:  Not Applied (Empty)

        NETWORK - Firewall Configuration
            Filtering:  Not Applied (Empty)

        DESKTOP - Enable Offline Files
            Filtering:  Not Applied (Empty)

我根本没有改变 GPO 的权限,也没有 WMI 过滤...正如我所说,GP Modelling 表示应该应用它们。客户端上的 GPResult 正确地将自己标识为正确的 OU (CN=Amir、OU=Users、OU=NATO、DC=natorg、DC=local)

有 2 x 2008R2 和一个 2003 DC,域是 2003 级别,客户端是 Windows XP SP3。

有人能解释一下为什么这些 GP 对象对于客户端来说是“不可见的”吗?

答案1

好的,我并不假装理解这一点,但问题是一个单独的 GPO,其用户设置(电源配置文件)链接到计算机的 OU,并且在“替换”模式下启用了环回。

禁用该特定 GPO 可使客户端“看到”新的 GPO。

答案2

检查以确保计算机不在阻止任何组策略的容器中。我甚至会删除计算机对象并将设备重新添加到域中。

相关内容