2

So I've created a new GPO for my Citrix servers by right-clicking my Citrix Server OU & created a new policy. This policy is linked to the OU & security filtering is set to "Authenticated Users."

No matter what I do, I cannot seem to get this policy to apply to the Citrix servers--the policy doesn't even show up in RSOP.msc!!

I've checked all my DC's to ensure replication was in fact occurring but I can still see no obvious reason this is happening..

Any thoughts would be greatly appreciated!

Thanks,

slashp

cjones26
  • 276
  • 1
  • 6
  • 18
  • Um, what are you trying to do? Filtering a GPO against Authenticated Users when you want to apply it to computer accounts... is not a recipe for success. – HopelessN00b Aug 09 '12 at 15:23
  • I've created a security group for my production XenApp servers & added it to the security filtering and I have the same issue. All I'm trying to do is create a small policy for locking down the servers--for instance, a registry key under user config for hiding administrative tools from the start menu. – cjones26 Aug 09 '12 at 15:32
  • Are you trying to set user policies or computer policies? – Rex Aug 09 '12 at 15:34
  • User policies on my XenApp servers. – cjones26 Aug 09 '12 at 15:35
  • Have you set the policy (or one above it in precedence) to use loopback processing? This is required if you are setting user policies to a computer object – Rex Aug 09 '12 at 15:37
  • I sure did, though it makes no difference, it still will not apply or show in RSOP with loopback processing enabled & security filtering set to the security group with my XenApp servers as well as authenticated users. – cjones26 Aug 09 '12 at 15:42
  • Is it set for replace or merge on the loopback mode? and are there other policy settings in the same OU with the loopback mode set to replace? – Rex Aug 09 '12 at 15:46
  • let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/4440/discussion-between-slashp-and-rex) – cjones26 Aug 09 '12 at 15:48

1 Answers1

2

Per Microsoft:

Group Policy applies to the user or computer in a manner that depends on where both the user and the computer objects are located in Active Directory. However, in some cases, users may need policy applied to them based on the location of the computer object alone. You can use the Group Policy loopback feature to apply Group Policy Objects (GPOs) that depend only on which computer the user logs on to.

Policy setting itself can be found in Computer Config/Admin Templates/System/Group Policy/Loopback Policy

Rex
  • 7,815
  • 3
  • 28
  • 44
  • It was set to replace but setting it to merge worked :). Thanks! – cjones26 Aug 09 '12 at 15:50
  • Be careful with loopback as it applies to all GPOs once enabled. Also, if you don't assign your GPO to the correct OU, you may find them being applied twice. Run RSOP.msc afterwards to verify this isn't happening. – John Homer Aug 10 '12 at 19:31