We've been having some difficulties applying User GPOs consistently. I think this is related to the Microsoft summer update that forces User GPOs to run in the security context of the computer, but the solutions listed there aren't working.
We have, as an example, a basic user GPO that's applied to the root of our Users OU. It's not security filtered or WMI filtered in any way. Authenticated Users have read permissions (which should mean that it's unaffected by the update). The GPO however, does not apply. It doesn't show up in any way when looking at GPRESULT or looking through Event Logs.
The other solution to the update is to add Domain Computers to the GPO with read permissions. We tried that as well, and it didn't change anything.
Finally, on somewhat of a whim, I tried linking the GPO to both the root Users OU and root Computers OU. Now the GPO works without issue.
There are multiple GPOs affected by this. All contain only User settings, and there's no loopback settings enabled. This should be pretty basic stuff, but it's definitely not working as I would expect. Has anyone seen something like this or have any ideas about why it's working this way?
Best Answer
Well, maybe as expected, the answer was pretty simple. Someone had turned on Loopback processing in replace mode in a GPO for no reason without telling anyone. I went through each of our GPOs and found it, turned it off, and now everything works.