Share via

Policy setting is being applied that is not defined in group policy

Anonymous
2024-02-23T15:58:54+00:00

I'm making changes to the policy I have configured for Software Restriction Policy in our group policy. At one point, SRP was defined under the User Configuration of that policy, but I have since removed that, and left it only configured under Computer Configuration. However, when I login to a machine, and run RSoP, SRP is still being set under User Configuration with the Unrestricted security level set as default. Nowhere does it reference what group policy is responsible for that setting. I've checked every one of our 30+ other group policies, and none of them have SRP configured under User Configuration. When I run the Group Policy Modeling Wizard for the computer and user I'm testing on the actual machine, it shows SRP should in fact not be configured under User Configuration, so I'm really perplexed as to why it is. Any insight would be much appreciated!

Windows Server Identity and access Deploy group policy objects

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-02-26T07:32:07+00:00

    Hello Chris Roberson,

    Thank you for posting on the Microsoft Community Forum.

    After my checking, I can see SRP only under Computer Configuration, there is no SRP under User Configuration.

    Image

    Software Restriction Policies | Microsoft Learn

    Based on the description "However, when I login to a machine, and run RSoP, SRP is still being set under User Configuration with the Unrestricted security level set as default.", you can check the group policy via gpresult instead of RSOP. Export gpresult and check the SRP with the Unrestricted security level set as default under "Computer Details" or "User Details".

    For checking Computer Configuration within gpresult, we can follow steps below.

    Logon this machine using administrator account.

    Open CMD (run as Administrator).

    Type gpresult /h C:\gpo.html and click Enter.

    Open gpo.html and check gpo setting under "Computer Details".

    For checking User Configurations within gpresult, we can follow steps below.

    Logon the machine using normal domain user account (that applies this gpo).

    Create a folder named F1 in C drive.

    Open CMD (do not run as Administrator).

    Type gpresult /h C:\F1\gpo.html and click Enter.

    Open gpo.html and check if there are these gpo settings under "User Details".

    I hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    0 comments
  2. Anonymous
    2024-02-26T14:05:40+00:00

    Hi Daisy, thanks for your reply. The SRP folder resides under the Security Settings group in both Computers and Users. (see below) However, I believe that if SRP is not configured within group policy, the default security level of unrestricted is applied, and thus will show in RSoP.

    0 comments
  3. Anonymous
    2024-03-06T09:00:49+00:00

    Hello

    The SRP folder resides under the Security Settings group in both Computers and Users.
    A: Yes, you are right. I am sorry for my mistake.

    For the security setting, you can read information below.

    Security policy settings - Windows Security | Microsoft Learn

    Best Regards,
    Daisy Zhou

    0 comments