Related to How can I disable the 'Installing Apps' screen?
I recently set up a new domain, everything runs as it should but however certain Group Policy settings won't sync. One of these settings is Folder Redirection.
Other stuff for ADDC & Group Policy works, such as:
- Signing onto domain computers with domain users
- Domain network policies
- Security policies (such as requiring Ctrl + Alt + Del to sign in)
I definitely have done the Group Policy Object properly as most Group Policy settings are synced onto domain clients.
I have set the Folder Redirection by User Configuration > Policies > Windows Settings > Folder Redirection
Each folder is located on a shared network drive that backs up automatically to cloud services. I've verified that users are in the Domain Users
group.
Users are also able to fully access their allocated storage areas manually by browsing to the location on the network drive, so there's nothing wrong with the folder permissions. Forcing a Group Policy update via gpupdate.exe /force
will not get this to work either.
What am I doing wrong?
All clients are on Windows 8.1 Professional & the server's running Windows Server 2012 R2 Datacenter.
The OU the GPO only applies to domain computers (which at the moment, there's only two and the naming structure isn't well-formed, but that's going to change):
Answer
This is a common gotcha for new GP admins: Say you make a GPO and link it to an OU. When you make changes in the GPO's "User Configuration" section those changes will only apply to the users in the OU it's linked to. If you make changes to the "Computer Configuration" section, those changes will only be applied to computers in the OU it's linked to.
What you've shown us here are User Configuration settings, so the GPO needs to be applied to a container (OU or otherwise) that contains the USERS you want this to apply to.
Similarly, if you're going to use Security Filtering in this case, you need to target user accounts to allow/deny access to, not (just) computer accounts.
Hope that helps. :)
No comments:
Post a Comment