28,655 questions
Uninstalling the Remote Desktop Services role from this server allows the user based group policy installation to work just fine.
Software installation policy not working on domain controller
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 38%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJT%3C/text%3E%3C/svg%3E)
Joshua Thompson
226
Reputation points
We have a domain controller (server 2019) at an offsite that allow for users to connect to (over a VPN connection) it if our main office goes down.
There is a VPN connection between that offsite and the main site.
For a test we disconnected the VPN between the two sites and users are VPN'ing directly into the offsite. They then connect via Remote desktop.
The first time the users connects to this environment all their group policy software installs as expected. The next time they signed in all their software falls out of scope, I believe, and uninstalls. I am not sure what changed. ( I am thinking the VPN disconnect between the two sites has something to do with this). But I cannot make sense of it.
GPResult shows the software policies are still applied at the user level. But the software is not present. We can browse out to the local DFS and manually install the software with no issues.
There are no errors in the event logs showing that errors were present while trying to install the software.
Running rsop shows the software installation polices are not applied.
Any ideas?
Windows for business Windows Client for IT Pros User experience Other
Accepted answer
1 additional answer
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 28.999999999999996%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVW%3C/text%3E%3C/svg%3E)
Vicky Wang 2,736 Reputation points2021-01-05T09:28:01.98+00:00 As you said, "GPResult shows the software policies are still applied at the user level." We can run gpupdate /force and collect gpresult again later to confirm whether the user gets the software installation GPO.
If we confirm that the GPO has been obtained, software installation requires two restarts to complete. That is, even if the GPO settings are currently obtained, we still need to reboot to install this application. This is a by-design behavior.
Please refer to the following connection
“For CSEs such as Folder Redirection, Software Installation, and Drive Maps preference extension, the outcome of Group Policy processing might adversely affect the user’s experience, for example, a program being uninstalled while the user is working with it. To keep this from happening, the CSE is designed to require synchronous processing to apply the new settings. During asynchronous processing, the CSE signals the system to indicate that a synchronous application of Group Policy is required. A synchronous application of Group Policy occurs at the next startup (if it is signaled during the computer Group Policy refresh) or at the user’s next sign-in (if it is signaled during the user Group Policy refresh).”
Hope this information can help you
Best wishes
Vicky-
Joshua Thompson 226 Reputation points
2021-01-05T16:39:02.55+00:00 Not sure if you saw my late addition that running RSOP indeed shows the polices are not applied.
So while gpresult /R shows the policies are applicable to this server RSOP is showing the policies are not applied. I have no obvious errors in the Application or Setup event logs. I even checked Application and Services Logs > Microsoft > Windows > Group Policy and nothing stood out to indicate what the problem was.I ran a gpupdate /force and then a gpresult /R and the gpresult were the same as before. The results show the group policies are applicable to this user account, but yet they are still not applied.
The server that these users are signing on to are a domain controller so Im not sure if that comes into play at all.
I appreciate the help.
-
Joshua Thompson 226 Reputation points
2021-01-05T20:27:00.93+00:00 Software installation via computer based group policy to that server works fine.
Its just software installation via user level group policies that are not working on that server.
Sign in to comment -