I'm trying to deploy group policies for users and computers. In the computer OUs I have created computer policies for shortcut deployment and I have added the computers to the corresponding OUs. I have also created the policies for users. The problem is that the shortcuts are not loaded. The policies for computer shortcuts are filtered. I configured the loop back for merge on the computer policy, but did not work. The user policies are applying fine, it is just the computer policies. I hope anyone can help me.

Hi

 On GPMC ->OU where the computers in->expand see the GPO's and select ->on Details tab ->GPO status configure it "User configuration settings disable"

Or

Right-Click OU and select "Block Inheritance".

• Marked as answer by EMURRAY01 Wednesday, May 13, 2015 8:42 PM
• Unmarked as answer by EMURRAY01 5 hours 51 minutes ago

Hi

 On GPMC ->OU where the computers in->expand see the GPO's and select ->on Details tab ->GPO status configure it "User configuration settings disable"

Or

Right-Click OU and select "Block Inheritance".

• Marked as answer by EMURRAY01 Wednesday, May 13, 2015 8:42 PM
• Unmarked as answer by EMURRAY01 Monday, May 25, 2015 1:08 AM

Hi

 On GPMC ->OU where the computers in->expand see the GPO's and select ->on Details tab ->GPO status configure it "User configuration settings disable"

Or

Right-Click OU and select "Block Inheritance".

• Marked as answer by EMURRAY01 Wednesday, May 13, 2015 8:42 PM
• Unmarked as answer by EMURRAY01 Monday, May 25, 2015 1:08 AM

Hi

 On GPMC ->OU where the computers in->expand see the GPO's and select ->on Details tab ->GPO status configure it "User configuration settings disable"

Or

Right-Click OU and select "Block Inheritance".

This mean I don't need loopback configuration right?

right.

Hi

 On GPMC ->OU where the computers in->expand see the GPO's and select ->on Details tab ->GPO status configure it "User configuration settings disable"

Or

Right-Click OU and select "Block Inheritance".

Sorry for the late post, but this did not solve my problem.  It blocked the user policy from the user OU from loading, It did not blocked the user part of the computer policy in the computer OU. I need to be able to apply both policies, from different OU in the same computer. One been the computer OU where the computer resides and the other the user department OU where the user belongs. 

Hi

 OK,you should configure loopback processing.

Please check on these articles;

http://social.technet.microsoft.com/wiki/contents/articles/2548.windows-server-understand-user-group-policy-loopback-processing-mode.aspx

https://technet.microsoft.com/en-us/library/cc757470(v=ws.10).aspx?f=255&mspperror=-2147217396

Hi

Would you please help to run a gpresult / r to check which policies are applied and it would be much better to  provide us the RSOP report.

You can log in the computer open the Command Prompt and type  gpresult/ h rsop.html and then you can got the report under your system drive.

Go to the system drive-> Users folder-> find the currently logged user account folder-> rsop.html

With this report we may have a clear look about Gpo confiuration.

Best Regards,

Elaine

Hi

 OK,you should configure loopback processing.

Please check on these articles;

Regarding the first link example :

When a user belonging to OU-SUPPORT logs on a server that belongs to the OU-TSSERVER, what happens?

Applies:

• Computer Configuration -> The configuration created in GPO linked to OU-TSSERVER.
• User Configuration -> The configuration created in GPO linked to OU-SUPPORT.

This is the default setting. 

This is exactly what I want to happen, the normal settings that should apply. In my case I only see User Configuration linked to the UO-SUPPORT but don't see the Computer Configuration from the GPO create and linked to OU-TSSERVER. So I'm not sure loopback processing will help. 

Group Policy Results
Tes\user
Data collected on: 5/23/2015 11:58:41 AM

Summary Computer Configuration Summary No data available. User Configuration Summary General

User name	TEST\user
Domain	TEST.local
Last time Group Policy was processed	5/23/2015 11:55:56 AM

Group Policy Objects Applied GPOs

Name	Link Location	Revision
Billers	TEST.local/Clinica de Salud Familiar/Users/ Billers	AD (357), Sysvol (357)
User Folder Redirection	TEST.local/Clinica de Salud Familiar/Users/Billers	AD (20), Sysvol (20)

Denied GPOs

Name	Link Location	Reason Denied
Local Group Policy	Local	Empty
Default Domain Policy	TEST.local	Empty

Security Group Membership when Group Policy was applied TEST\Domain Users
Everyone
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
NT AUTHORITY\This Organization
LOCAL
TEST\Billers
Mandatory Label\Medium Mandatory Level WMI Filters

Name	Value	Reference GPO(s)
None

Component Status

Component Name	Status	Last Process Time
Group Policy Infrastructure	Success	5/23/2015 11:56:22 AM
Folder Redirection	Success	5/23/2015 11:22:34 AM
Registry	Success	5/23/2015 11:12:46 AM

Computer Configuration No data available. User Configuration Policies Windows Settings Security Settings Public Key Policies/Certificate Services Client - Auto-Enrollment Settings

Policy	Setting	Winning GPO
Automatic certificate management	Enabled	[Default setting]
Option Setting Enroll new certificates, renew expired certificates, process pending certificate requests and remove revoked certificates Disabled Update and manage certificates that use certificate templates from Active Directory Disabled
Show certificate expiry notifications	Disabled	[Default setting]

Folder Redirection Application Data

Winning GPO

User Folder Redirection

Setting: Basic (Redirect everyone's folder to the same location) Path: \\TestServer-1\Public\Profiles\Home\user\AppData\Roaming Options

Grant user exclusive rights to Application Data	Disabled
Move the contents of Application Data to the new location	Enabled
Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems	Disabled

Policy Removal Behavior

Restore contents

Contacts

Winning GPO

User Folder Redirection

Setting: Basic (Redirect everyone's folder to the same location) Path: \\TestServer-1\Public\Profiles\Home\user\Contacts Options

Grant user exclusive rights to Contacts	Disabled
Move the contents of Contacts to the new location	Enabled
Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems	Disabled

Policy Removal Behavior

Restore contents

Desktop

Winning GPO

User Folder Redirection

Setting: Basic (Redirect everyone's folder to the same location) Path: \\TestServer-1\Public\Profiles\Home\user\Desktop Options

Grant user exclusive rights to Desktop	Disabled
Move the contents of Desktop to the new location	Enabled
Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems	Disabled

Policy Removal Behavior

Restore contents

Downloads

Winning GPO

User Folder Redirection

Setting: Basic (Redirect everyone's folder to the same location) Path: \\TestServer-1\Public\Profiles\Home\user\Downloads Options

Grant user exclusive rights to Downloads	Disabled
Move the contents of Downloads to the new location	Enabled
Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems	Disabled

Policy Removal Behavior

Restore contents

Favorites

Winning GPO

User Folder Redirection

Setting: Basic (Redirect everyone's folder to the same location) Path: \\TestServer-1\Public\Profiles\Home\user\Favorites Options

Grant user exclusive rights to Favorites	Disabled
Move the contents of Favorites to the new location	Enabled
Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems	Disabled

Policy Removal Behavior

Restore contents

Links

Winning GPO

User Folder Redirection

Setting: Basic (Redirect everyone's folder to the same location) Path: \\TestServer-1\Public\Profiles\Home\user\Links Options

Grant user exclusive rights to Links	Disabled
Move the contents of Links to the new location	Enabled
Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems	Disabled

Policy Removal Behavior

Restore contents

Music

Winning GPO

User Folder Redirection

Setting: Basic (Redirect everyone's folder to the same location) Path: \\TestServer-1\Public\Profiles\Home\user\Music Options

Grant user exclusive rights to Music	Disabled
Move the contents of Music to the new location	Enabled
Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems	Disabled

Policy Removal Behavior

Restore contents

My Documents

Winning GPO

User Folder Redirection

Setting: Basic (Redirect everyone's folder to the same location) Path: \\TestServer-1\Public\Profiles\Home\user\Documents Options

Grant user exclusive rights to My Documents	Disabled
Move the contents of My Documents to the new location	Enabled
Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems	Disabled

Policy Removal Behavior

Restore contents

My Pictures

Winning GPO

User Folder Redirection

Setting: Basic (Redirect everyone's folder to the same location) Path: \\TestServer-1\Public\Profiles\Home\user\Pictures Options

Grant user exclusive rights to My Pictures	Disabled
Move the contents of My Pictures to the new location	Enabled
Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems	Disabled

Policy Removal Behavior

Restore contents

Saved Games

Winning GPO

User Folder Redirection

Setting: Basic (Redirect everyone's folder to the same location) Path: \\TestServer-1\Public\Profiles\Home\user\Saved Games Options

Grant user exclusive rights to Saved Games	Disabled
Move the contents of Saved Games to the new location	Enabled
Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems	Disabled

Policy Removal Behavior

Restore contents

Searches

Winning GPO

User Folder Redirection

Setting: Basic (Redirect everyone's folder to the same location) Path: \\TestServer-1\Public\Profiles\Home\user\Searches Options

Grant user exclusive rights to Searches	Disabled
Move the contents of Searches to the new location	Enabled
Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems	Disabled

Policy Removal Behavior

Restore contents

Start Menu

Winning GPO

User Folder Redirection

Setting: Basic (Redirect everyone's folder to the same location) Path: \\TestServer-1\Public\Profiles\Home\user\Start Menu Options

Grant user exclusive rights to Start Menu	Disabled
Move the contents of Start Menu to the new location	Enabled
Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems	Disabled

Policy Removal Behavior

Restore contents

Videos

Winning GPO

User Folder Redirection

Setting: Basic (Redirect everyone's folder to the same location) Path: \\TestServer-1\Public\Profiles\Home\user\Videos Options

Grant user exclusive rights to Videos	Disabled
Move the contents of Videos to the new location	Enabled
Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems	Disabled

Policy Removal Behavior

Restore contents

Administrative Templates Policy definitions (ADMX files) retrieved from the local machine. Control Panel

Policy	Setting	Winning GPO
Prohibit access to the Control Panel	Disabled	Billers

Control Panel/Add or Remove Programs

Policy	Setting	Winning GPO
Hide Add New Programs page	Enabled	Billers
Hide Add/Remove Windows Components page	Enabled	Billers
Hide the "Add a program from CD-ROM or floppy disk" option	Enabled	Billers
Hide the "Add programs from Microsoft" option	Enabled	Billers
Hide the "Add programs from your network" option	Enabled	Billers
Specify default category for Add New Programs	Disabled	Billers

Control Panel/Personalization

Policy	Setting	Winning GPO
Load a specific theme	Disabled	Billers
Password protect the screen saver	Enabled	Billers
Prevent changing mouse pointers	Enabled	Billers
Prevent changing sounds	Enabled	Billers

Control Panel/Printers

Policy	Setting	Winning GPO
Browse a common web site to find printers	Disabled	Billers
Browse the network to find printers	Disabled	Billers
Prevent addition of printers	Enabled	Billers
Prevent deletion of printers	Enabled	Billers

Control Panel/Programs

Policy	Setting	Winning GPO
Hide "Get Programs" page	Enabled	Billers
Hide "Installed Updates" page	Enabled	Billers
Hide "Programs and Features" page	Enabled	Billers
Hide "Set Program Access and Computer Defaults" page	Enabled	Billers
Hide "Windows Features"	Enabled	Billers
Hide "Windows Marketplace"	Enabled	Billers
Hide the Programs Control Panel	Enabled	Billers

Control Panel/Regional and Language Options

Policy	Setting	Winning GPO
Hide Regional and Language Options administrative options	Enabled	Billers
Hide the geographic location option	Enabled	Billers
Hide the select language group options	Enabled	Billers
Hide user locale selection and customization options	Enabled	Billers
Restrict selection of Windows menus and dialogs language	Enabled	Billers
Restrict users to the following language: English
Policy	Setting	Winning GPO
Restricts the UI languages Windows should use for the selected user	Enabled	Billers
Restrict users to the following language: English

Desktop

Policy	Setting	Winning GPO
Prohibit User from manually redirecting Profile Folders	Enabled	Billers
Remove Properties from the Computer icon context menu	Enabled	Billers
Remove Properties from the Documents icon context menu	Enabled	Billers
Remove Properties from the Recycle Bin context menu	Enabled	Billers
Remove Recycle Bin icon from desktop	Enabled	Billers
Remove the Desktop Cleanup Wizard	Enabled	Billers

Desktop/Desktop

Policy	Setting	Winning GPO
Desktop Wallpaper	Enabled	Billers
Wallpaper Name: \\TestServer-1\Public\Backround\bkrnd11.JPG Example: Using a local path: C:\windows\web\wallpaper\home.jpg Example: Using a UNC path: \\Server\Share\Corp.jpg Wallpaper Style: Stretch

Network/Network Connections

Policy	Setting	Winning GPO
Ability to change properties of an all user remote access connection	Disabled	Billers
Ability to delete all user remote access connections	Disabled	Billers
Ability to Enable/Disable a LAN connection	Disabled	Billers
Ability to rename all user remote access connections	Disabled	Billers
Ability to rename LAN connections	Disabled	Billers
Ability to rename LAN connections or remote access connections available to all users	Disabled	Billers
Enable Windows 2000 Network Connections settings for Administrators	Disabled	Billers
Prohibit access to properties of a LAN connection	Enabled	Billers
Prohibit access to properties of components of a LAN connection	Enabled	Billers
Prohibit access to properties of components of a remote access connection	Enabled	Billers
Prohibit access to the Advanced Settings item on the Advanced menu	Enabled	Billers
Prohibit access to the New Connection Wizard	Enabled	Billers
Prohibit access to the Remote Access Preferences item on the Advanced menu	Enabled	Billers
Prohibit adding and removing components for a LAN or remote access connection	Enabled	Billers
Prohibit changing properties of a private remote access connection	Enabled	Billers
Prohibit deletion of remote access connections	Enabled	Billers
Prohibit Enabling/Disabling components of a LAN connection	Enabled	Billers
Prohibit renaming private remote access connections	Enabled	Billers
Prohibit TCP/IP advanced configuration	Enabled	Billers

Network/Offline Files

Policy	Setting	Winning GPO
Synchronize all offline files before logging off	Enabled	Billers
Synchronize all offline files when logging on	Enabled	Billers
Synchronize offline files before suspend	Enabled	Billers
Type of synchronization to perform when suspending: Action: Full

Network/Windows Connect Now

Policy	Setting	Winning GPO
Prohibit Access of the Windows Connect Now wizards	Enabled	Billers

Start Menu and Taskbar

Policy	Setting	Winning GPO
Add Logoff to the Start Menu	Enabled	Billers
Add the Run command to the Start Menu	Disabled	Billers
Clear the recent programs list for new users	Enabled	Billers
Do not allow pinning items in Jump Lists	Disabled	Billers
Do not allow pinning programs to the Taskbar	Disabled	Billers
Do not display any custom toolbars in the taskbar	Enabled	Billers
Do not display or track items in Jump Lists from remote locations	Disabled	Billers
Gray unavailable Windows Installer programs Start Menu shortcuts	Enabled	Billers
Lock all taskbar settings	Enabled	Billers
Lock the Taskbar	Enabled	Billers
Prevent changes to Taskbar and Start Menu Settings	Enabled	Billers
Prevent users from adding or removing toolbars	Enabled	Billers
Prevent users from moving taskbar to another screen dock location	Enabled	Billers
Prevent users from rearranging toolbars	Enabled	Billers
Prevent users from resizing the taskbar	Enabled	Billers
Remove access to the context menus for the taskbar	Enabled	Billers
Remove common program groups from Start Menu	Enabled	Billers
Remove Default Programs link from the Start menu.	Enabled	Billers
Remove Downloads link from Start Menu	Disabled	Billers
Remove drag-and-drop and context menus on the Start Menu	Enabled	Billers
Remove Favorites menu from Start Menu	Enabled	Billers
Remove frequent programs list from the Start Menu	Enabled	Billers
Remove Games link from Start Menu	Enabled	Billers
Remove Homegroup link from Start Menu	Enabled	Billers
Remove links and access to Windows Update	Enabled	Billers
Remove Music icon from Start Menu	Enabled	Billers
Remove Network Connections from Start Menu	Enabled	Billers
Remove Network icon from Start Menu	Enabled	Billers
Remove Pictures icon from Start Menu	Enabled	Billers
Remove pinned programs from the Taskbar	Disabled	Billers
Remove programs on Settings menu	Enabled	Billers
Remove Recorded TV link from Start Menu	Enabled	Billers
Remove Run menu from Start Menu	Enabled	Billers
Remove the Action Center icon	Disabled	Billers
Remove the battery meter	Disabled	Billers
Turn off automatic promotion of notification icons to the taskbar	Enabled	Billers
Turn off feature advertisement balloon notifications	Enabled	Billers
Turn off notification area cleanup	Enabled	Billers

System

Policy	Setting	Winning GPO
Windows Automatic Updates	Enabled	Billers

System/Driver Installation

Policy	Setting	Winning GPO
Turn off Windows Update device driver search prompt	Enabled	Billers

System/Internet Communication Management/Internet Communication settings

Policy	Setting	Winning GPO
Turn off handwriting personalization data sharing	Enabled	Billers

System/Power Management

Policy	Setting	Winning GPO
Prompt for password on resume from hibernate / suspend	Enabled	Billers

System/Removable Storage Access

Policy	Setting	Winning GPO
All Removable Storage classes: Deny all access	Enabled	Billers
CD and DVD: Deny read access	Enabled	Billers
CD and DVD: Deny write access	Enabled	Billers
Floppy Drives: Deny read access	Enabled	Billers
Floppy Drives: Deny write access	Enabled	Billers
Removable Disks: Deny read access	Enabled	Billers
Removable Disks: Deny write access	Enabled	Billers
Tape Drives: Deny read access	Enabled	Billers
Tape Drives: Deny write access	Enabled	Billers
WPD Devices: Deny read access	Enabled	Billers
WPD Devices: Deny write access	Enabled	Billers

Windows Components/Attachment Manager

Policy	Setting	Winning GPO
Notify antivirus programs when opening attachments	Enabled	Billers

Windows Components/Backup/Client

Policy	Setting	Winning GPO
Prevent backing up to local disks	Enabled	Billers
Prevent backing up to network location	Enabled	Billers
Prevent backing up to optical media (CD/DVD)	Enabled	Billers
Prevent the user from running the Backup Status and Configuration program	Enabled	Billers
Turn off restore functionality	Enabled	Billers
Turn off the ability to back up data files	Enabled	Billers
Turn off the ability to create a system image	Enabled	Billers

Windows Components/Microsoft Management Console

Policy	Setting	Winning GPO
Restrict the user from entering author mode	Enabled	Billers
Restrict users to the explicitly permitted list of snap-ins	Enabled	Billers

Windows Components/Windows Explorer

Policy	Setting	Winning GPO
Display the menu bar in Windows Explorer	Disabled	Billers
Hide these specified drives in My Computer	Enabled	Billers
Pick one of the following combinations Restrict all drives
Policy	Setting	Winning GPO
Hides the Manage item on the Windows Explorer context menu	Enabled	Billers
Prevent access to drives from My Computer	Enabled	Billers
Pick one of the following combinations Restrict all drives
Policy	Setting	Winning GPO
Remove "Map Network Drive" and "Disconnect Network Drive"	Enabled	Billers
Remove CD Burning features	Enabled	Billers
Remove File menu from Windows Explorer	Enabled	Billers
Remove Hardware tab	Enabled	Billers
Remove Security tab	Enabled	Billers
Removes the Folder Options menu item from the Tools menu	Enabled	Billers
Request credentials for network installations	Enabled	Billers

Windows Components/Windows Explorer/Previous Versions

Policy	Setting	Winning GPO
Hide previous versions list for local files	Enabled	Billers
Hide previous versions list for remote files	Enabled	Billers
Hide previous versions of files on backup location	Enabled	Billers
Prevent restoring local previous versions	Enabled	Billers
Prevent restoring previous versions from backups	Enabled	Billers
Prevent restoring remote previous versions	Enabled	Billers

Windows Components/Windows Installer

Policy	Setting	Winning GPO
Always install with elevated privileges	Enabled	Billers
This setting must be set for the machine and the user to be enforced.
Policy	Setting	Winning GPO
Prevent removable media source for any install	Enabled	Billers
Prohibit rollback	Enabled	Billers
This setting may be set for the machine or for the user.

Extra Registry Settings Display names for some settings cannot be found. You might be able to resolve this issue by updating the .ADM files used by Group Policy Management.

Setting	State	Winning GPO
Software\Policies\Microsoft\Windows\Explorer\NoUninstallFromStart	1	Billers
Software\Policies\Microsoft\Windows\Explorer\NoUseStoreOpenWith	1	Billers
Software\Policies\Microsoft\Windows\Explorer\ShowRunAsDifferentUserInStart	1	Billers
Software\Policies\Microsoft\Windows\System\Fdeploy\FolderRedirectionEnableCacheRename	1	Billers

Hi

 Yes,on your post there is no computers policy applied,test this right-click on computer policy (which you configure) and select enforced.

ALso check on Group Policy Inheritance console any other computer policy crushing your computer policy??

>   Yes,on your post there is no computers policy applied,test this > right-click on computer policy (which you configure) and select enforced.   No. This is simply the result of the command being run in a commandline that was not elevated ("run as administrator")...   Loopback "merge" is correct for the scenario, and (as already mentioned) loopback in no way has any influence on computer GPO processing.   PLease re-run the gpresult in an elevated commandline to see the "reason denied" - if it is "filtered (security)", double check security filtering and make sure you rebooted the computer if you changed its security group memberships.  

Since the user does not have admin privilege I try to run as administrator and got this message  "Too many other files are currently in use buy 16-bit programs. Exit one or more 16-bit programs or increase the value of the FILES command in your Config.sys". I did a clean boot with no services besides Microsoft services and still got the problem. So I can't run cmd.exe as administrator. Any ideas on that?

I un-linked the user policy and created a new user policy only to disable the access to control panel and it applied well with the computer policy so clearly there is something there that is bothering. 

> in use buy 16-bit programs. Exit one or more 16-bit programs or increase   Are you trying to run command.com?  

cmd.exe as administrator

Hi

According the error message you got while you open the cmd.exe as administrator, maybe you can try the follow method: Create a new notepad file.  On the first line put Files=130 and on the second line put Buffers=1000.  Then save under file type "All files" and under the name config.sys, and then place configs directly onto C:\. Then you can restart the computer and have a try again.

Please have a test and then let us know the update.

Best Regards,

Elaine

Sorry for the late replay. I have tried what you suggest but it did not work. Still get the message after I enter administrator credentials. 

Since this is a different problem than the original GPO problem I will put the question for the cmd as administrator in a separate threat so we can focus on the GPO problem.