Group Policies not being obeyed by operating system

  • Document ID:3000660
  • Creation Date:21-Jun-2006
  • Modified Date:30-Apr-2012
    • Micro Focus Products:
      ZENworks Desktop Management

Environment

Novell ZENworks Desktop Management 6.5 - ZDM6.5 Desktop Management
Novell ZENworks Desktop Management 6.5 - ZDM6.5 Management Agent
Novell ZENworks Desktop Management 6.5 - ZDM6.5 Management Agent + Client
Novell ZENworks Desktop Management 7 - ZDM7 Desktop Management
Novell ZENworks Desktop Management 7 - ZDM7 Management Agent
Novell ZENworks Desktop Management 7 - ZDM7 Management Agent + Client

Situation

Group policies created in workstation or user packages not being obeyed when user logs in.

Resolution

Troubleshooting:
  • Browse to the system32 directory and look for:
    • 2 temporary directories (hidden) that are created by the ZENworks agent on user login
    • 1 group policy directory which contains the actual policy in effect
    • 1 hidden directory containing the original group policy that exists prior to user login
  • In the Group Policy directory you should see Machine and User directories.
    • User directory contains any policy settings for the user package
    • Machine directory contains any policy settings for the workstation package
    • To view the settings you have made and to verify that the registry keys are getting pushed, open the User or Machine directory and open the regpol file in notepad
When the user logs in, the agent reads the policies and applies the group policies.  The gpt.ini file kicks off the policy and the reg keys are modified accordingly (listed in the regpol file).  Run regedit to verify that the desired registry keys were modified.
If the registry keys were modified and the policy was copied properly, then it is likely that the policy was created on a machine that is exempt.  Open gpt.ini under the Group Policy directory, there will be a line that reads: option=1, which means the machine that the policy was created on was set to ignore group policies (either workstation or user).  To verify, go to the administrative machine where the policy was created, click the start menu, then run, and type gpedit.msc.  Right click the local group policy and select properties:
then check to see if the check boxes are set:
Those check boxes allow the operating system to ignore group policies on administrative machines where it is not desirable to have group policies applied.  When creating group policies, make sure that these two boxes are left blank.
Recreate the group policy using a machine where those options are not selected and reboot the workstation and the policy should apply correctly.