question

JensAndersen-9081 avatar image
0 Votes"
JensAndersen-9081 asked JensAndersen-9081 answered

Group Policy not applying, when the user is member of local "Administrators" group.

So i have a weird one.
I have a GPO that creates a shortcut. When the user is a plain non admin user, it works perfectly.
When the user is added to the local computers group "Administrators" it stops working.

Using a "Domain" or "Enterprise" admin role, it works perfectly.
For obvious reasons, i dont want the user to be a global admin, only a admin on the specific local computer.

Any hints for this issue?


More info:
ADMX files for Windows 10 is installed on all DC's.
DC is running Windows Server 2012 R2 (Fully updated).
The Windows 10 computer is Version 21H1 (Fully updated).

The policy applied is "User Configuration", "Preferences", "Windows Settings", "Shortcuts".
It the shortcut on the desktop "Path: %DesktopDir%\name".

windows-group-policy
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JensAndersen-9081 avatar image
0 Votes"
JensAndersen-9081 answered

I tested a other group policy, with the same user.
This policy sets the default printer.

This policy works both with the user as admin, and as a normal user.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered JensAndersen-9081 commented

Hello @JensAndersen-9081

I would suggest kindly check if there is any Local Computer GPO is there

Additionally, Please also check GPO results using following cmd and you will be able see which GPO is winner and applicable to this computer and user.

C:\> gpresult /h c:\temp\gpresult.html

If the reply was helpful, please don’t forget to upvote or accept as answer.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

So i tried running the command "RD /S /Q "%WinDir%\System32\GroupPolicyUsers" && RD /S /Q "%WinDir%\System32\GroupPolicy""
To make sure all local policies are 100% gone.
Again it is a new installation, i just set up, but just to be sure.

In the gpresults file, it says Error 0x80070002, for the shortcuts, so i'm googling that now.

0 Votes 0 ·
JensAndersen-9081 avatar image
0 Votes"
JensAndersen-9081 answered

I deployed a brand new VM for testing.
I renamed it to .txt

127982-gpresult.txt



gpresult.txt (197.3 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JensAndersen-9081 avatar image
0 Votes"
JensAndersen-9081 answered

No input for this? I'm out of ideas.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JensAndersen-9081 avatar image
0 Votes"
JensAndersen-9081 answered

I did some more testing, using a Windows Server 2012 R2 installation (The AD servers are 2012 R2), but it is the same error.
Users that have local admn rights doesent work, global admin works, local non admin works.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JensAndersen-9081 avatar image
0 Votes"
JensAndersen-9081 answered

I have gone thru more logs, still no closer to an answer.
No ideas at all?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JensAndersen-9081 avatar image
0 Votes"
JensAndersen-9081 answered

So, changing the policy from "File System Object" to "Shell Object" and the GPO seems to be working!

I'm testing with the client now.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JensAndersen-9081 avatar image
0 Votes"
JensAndersen-9081 answered

So i tested with the client, and when changing to shell object, the shourtcuts looke 100% alike, but they dont work.
I have no idea why. The application opens, but the ODBC connection doesent work.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.