RSOP.msc shows a Red X for one of the setting which is part of two GPOs with the same value. But, ultimately the setting is applied.

Question

Initial state of the server:

• GPO1 has a setting named "abc".
• GPO2 does not contain the "abc" setting.
• GPO2 has precedence over GPO1.

Change:

• GPO2 is overwritten by importing new settings.
• The "abc" setting is also a part of GPO2 now, but has the same value as in GPO1.
• GPO2 still has precedence over GPO1.

Note: The "abc" setting is under, computer configuration->windows settings -> security settings ->local policies -> security options

Value in GPO1: Test
Value in GPO2: test

Observations:

• When i run rsop.msc, I can see the Red X for "abc" in the domain controller, value is taken from GPO2 but the Source GPO shown is GPO1.
  I can differentiate the value, as one of the values starts with an upper case.
• On the member servers, when i run rsop, the Red X does not appear for "abc", the value is as per GPO2 and the source GPO is also GPO2 as expected.

Questions:

• Firstly, is this is a problem ?
• Why does the Red X appear only on the domain controller ? Is it a bug ? Does it have a impact ?

Thanks in advance for the suggestions and replies.

Answer 1

Hi,

Would you please tell where did you link the GPO1 and GPO2?On the DOMAIN level ,right?

I would recommend you run the command :gpresult /h on the server and DC to see if any errors happened. If the GPO2 is winning, you can also see the result.

If the GPOs were applied correctly, i don't think it won't cause any serious impact.But from my side , i would remove the settings if i don't need it anymore.
Based on my experience, it is not recommended to set the same configuration on different GPOs, it will make the environment more complicated .And it will be difficult for troubleshooting if you have more and more GPOs.

Best Regards,