我有一个新的 OU (natorg.local\NATO\Users),我正在尝试将 GP 应用于该 OU。我已在此 OU 中创建了一个新用户,并将 3 个 GPO 链接到此 OU:
DESKTOP - Folder Redirection (AppData)
DESKTOP - Folder Redirection (Desktop)
DESKTOP - Folder Redirection (Documents)
希望这些名称足以说明它们的具体功能。设置位于用户设置下,因此不需要环回处理(如果我的理解正确的话)。
用户和特定计算机的 GP 建模表明将/应该应用 GPO,但是在客户端上,gpresult 甚至似乎没有在“已应用”或“未应用”下看到 GPO:
USER SETTINGS
--------------
CN=Amir,OU=Users,OU=NATO,DC=natorg,DC=local
Last time Group Policy was applied: 25/06/2012 at 11:07:13 AM
Group Policy was applied from: svr-addc-01.natorg.local
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
LAPTOPS - Power Settings
WSUS - Set Server Address
OUTLOOK - Auto Archive
SECURITY - Lock Screen After Idle
Default Domain Policy
DESKTOP - Regional Settings
NETWORK - Proxy Configuration
NETWORK - IE General Config
OFFICE - Trusted Locations
OFFICE - Increase Privacy
OUTLOOK - Disable Junk Filter
DESKTOP - Disable Windows Error Reporting
DESKTOP - Hide Language Bar
NETWORK - Disable Skype
DESKTOP - Disable Thumbs.db Creation
WSUS - Set Server Address
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
NETWORK - Google Chrome Configuration
Filtering: Not Applied (Empty)
SYSTEM - Event Log Configuration
Filtering: Not Applied (Empty)
SECURITY - Local Administrator Password
Filtering: Not Applied (Empty)
NETWORK - Disable Windows Messenger
Filtering: Not Applied (Empty)
SECURITY - Audit Policy
Filtering: Not Applied (Empty)
WSUS - Automatic Install
Filtering: Not Applied (Empty)
NETWORK - Firewall Configuration
Filtering: Not Applied (Empty)
DESKTOP - Enable Offline Files
Filtering: Not Applied (Empty)
我根本没有改变 GPO 的权限,也没有 WMI 过滤...正如我所说,GP Modelling 表示应该应用它们。客户端上的 GPResult 正确地将自己标识为正确的 OU (CN=Amir、OU=Users、OU=NATO、DC=natorg、DC=local)
有 2 x 2008R2 和一个 2003 DC,域是 2003 级别,客户端是 Windows XP SP3。
有人能解释一下为什么这些 GP 对象对于客户端来说是“不可见的”吗?
答案1
好的,我并不假装理解这一点,但问题是一个单独的 GPO,其用户设置(电源配置文件)链接到计算机的 OU,并且在“替换”模式下启用了环回。
禁用该特定 GPO 可使客户端“看到”新的 GPO。
答案2
检查以确保计算机不在阻止任何组策略的容器中。我甚至会删除计算机对象并将设备重新添加到域中。