I'm having issues with getting my GPO to be pushed out.
Here are the steps that I took.
I created an OU (Workstation OU), in that Workstation OU, I put a Security group (SG-Workstation), and in that security group is a list of all the computers that need to have the GPO applied to.
I configured the GPO (The GPO only has computer configurations, no user configuration) and attached the GPO to the Workstation OU, link enabled and enforced. And changed the security filtering to have the Workstation OU only.
I ran gpupdate /force on both client and server. And checked gpresult to see if I was getting the group policy, and nothing. I rebooted, to see if would get the policy then, and still nothing.
Does anybody have any ideas?
Best Answer
You need to link the GPO to the OU that contains the workstations. Based on your question, it sounds like the actual computer objects may be in a different OU.
As an aside, it is generally advised to not use the "Enforced" option except in advanced use cases. The GPO will be applied as long as "Enabled" is...enabled.