GPO on Windows Server 2012R2 is not working with Windows 10 computers, one of my friend has setup-ed a new environment with domain controller and Windows 10 workstations, users have no access to the desktops, they cannot even delete the icons on their PC, even local admin access has not fixed the issue and they have faced password policy issues, when user tried to change their password with all complex as per current policy, getting an error message that it’s not complex enough and doesn’t have enough characters.
Also Read: Group policy is not applying/working after patching (GPO Permission issues)
No issues are reported on the normal check out, default domain policy has all the necessary settings which are not reaching the Windows 10 machines, while troubleshooting the issue found they haven’t imported the Windows 10 Group Policy Templates to there Windows Server 2012 R2 Domain Controllers, so the Local logon DC can’t even communicate with Windows 10 Machines via GPO
How to check the Windows 10 System is the GPO’s are applied from DC?
you can use gpresult /v to get the detailed report of all applied policies
RSOP.MSC tool to check the same in GUI, rsop is very easy tool which shows all applied settings and from which policy its getting applied
If the policy not even applied then needs to find why, in the above issue Windows 10 GPO Templates are not available on the Domain controllers which is causing the issue
Also Read: Understanding SYSVOL/GPO replication
To Resolve the issue
Need to add new Windows 10 admx files to the Group Policy Central Store and then deploy them to fix the issue
Also Read: PowerShell command to extract Group policy result for a list of Servers
You should have a Windows 10 template to edit the Windows 10 related settings/policies on GPMC, and all you Domain Controllers should be updated with Windows 10 admx files with there Group Policy Central Store to avoid issues like this
Following steps need to be followed
- Download the Windows 10 new templates
- Extract the admx and adml files
- Copy them to the Group Policy Central Store
- New GPO’s can be crated with new settings
- Check the settings which we have implemented
I have discussed How to Import ADMX files for Windows 10 in my previous article which explain step by step procedure How to Import ADMX files to Managing Windows 10 with Administrative templates
Also Read: Windows Group Policy Interview Questions and Answers
Check UNC hardening for netlogon and sysvol Shares in the registry
By default UNC hardening is enabled in Windows 10 which might causing the issue and you will get event ID 1058 with Error code 53 (The network path was not found), use below registry settings to disable UNC hardening in Windows 10
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths
“\\*\SYSVOL”
“RequireMutualAuthentication=0”
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths “\\*\NETLOGON”
“RequireMutualAuthentication=0”
Microsoft fixed this issue with patch
More about Windows Server 2016, Windows Server 2012 and Windows 10