question

Calvin-9773 avatar image
0 Votes"
Calvin-9773 asked FanFan-MSFT commented

Denied group policy for a specific user and computer from delegation, but not working

I have a group policy , and need to deny that for a specific user and computer. I already added a user and computer hostname under the delegation tab - advanced - and allowed read and denied apply group policy. But it's not working and the group policy is still applied to that specific user and computer.

My GPO settings: The GPO is applied to entire users and computers, "Only Authenticated users" to security filtering. GPO is applied in user configuration and computer configuration.

I have found that one specific computer client CANNOT ping to the domain. But we checked the internet and the intranet is working fine on another computer clients.
It CANNOT perform command prompt > gpupdate /force successfully on that one specific computer client, with error says "the processing of group policy failed because of lack of network connectivity". So that's why the policy is not applied.

I think this issue will be solved when I rejoined computer to the domain.
But I need advice or analysis from the experts here, why do you think this issue only occurs on one specific computer client? The computer uses Windows 10 Professional.

Thanks.

windows-serverwindows-group-policy
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.


Hi,
Welcome to share your current situation if there are any updates.
Please feel free to let us know if you need further assistance.
 
Best Regards,

0 Votes 0 ·

1 Answer

FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered FanFan-MSFT commented

Hi,

To understand you questions more clearly, please confirm the following information:
1, Denied group policy for a specific user and computer from delegation, but not working. What policy did you deploy? Was the policy a user policy or a computer policy?
If possible, please share a screenshot here for the permission delegation on the GPO.
2, One specific computer client CANNOT ping to the domain
Was the specific computer the same as the one in question 1?
What's the result if you run command following:
Ipconfig /all?
Ping domain name
Ping DC name
Ping DC IP address
3, Did you check if all the DSs are working correctly, and the replication is good?
Following command can be used to check the status:
Dcdiag /v >c:\dcdiag1.log
Repadmin /showrepl >C:\repl.txt
Repadmin /showreps * 

Best Regards,

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

If there are any updates, welcome to share here!

Best Regards,

0 Votes 0 ·