I created a new GPO to apply to a specific AD security group. This was created on a top-level OU "Org Users". There are 4 existing GPOs on this OU, so creating this was the 5th one. This new GPO "S_Pilot_GPO" was adjusted to be 1 in the link order.
This GPO sets: User Configuration->Administrative Templates->DP AD Client->Managed applications->PWM, "Managed logons" to Enabled.
(One of the existing GPOs, "DPKioskSettings", also applies the above User Configuration. Thus why I made the link order 1 for the new GPO)
The scope is applied to an AD security group "S_Pilot".
I have a user within "S_Pilot", but when they login to a device with said user this new GPO does not get applied. It is stuck getting applied with the original GPOs. rsop.msc indicates that "DPKioskSetting" is still being applied instead.
S_Pilot_GPO is linked to the OUs "Org Computers", and "Org Users". And "DPKioskSetting" is linked to "Org Computers", "Org Users", "Students", "Training Servers", and "View Desktops".
None of these GPOs are enforced.
What am I missing? Shouldn't the link order force this new GPO to override "DPKioskSetting"?
I attempted to make the new GPO Enforced, no difference.
Best Answer
Did you added the 'computer' read access to your GPO in the delegation tab ? As having a filter with a security group for the GPO without the everyone's user on it break the GPO from working, as the computer can't read that filtering before it's applied or not to the user.