Applying Local GPO (Question)

Hi,
I have few images created for different setups.
If customsettings.ini file has this enabled "ApplyGPOPack=YES" along with "GPOPackPath" defined would the GPO apply even though in task sequences "Apply Local GPO Package" step is "Disabled".
My aim is to have a particular GPO apply to only one of the Image deployment.
Thank you for feedback.

No it will not. But instead it's better to remove the step in CS.ini and create an task sequence variable at the top of the task sequence you want to have the GPO applied to.
Just add a step: Task Sequence Variable, with the following variable: ApplyGPOPack value: YES
This way you set the setting for one particular task sequence, and you avoid conflicts for the case you ever are going to have a new deployment which has ApplyGPO pack enabled, and you or a co-worker has forgotten to disable it.
Thats it!
Cheers!
If this post is helpful please click "Mark for answer", thanks! Kind regards

Similar Messages

  • Help Applying preset GPOs to a local Windows 7 installation?

    Hello All. Thank you for taking the time to visit my thread.
    I am in need of serious assistance and would like to know how I could apply preset GPOs to a Windows 7 installation.
     My main objective is to have a bunch of GPOs including security policies and various other settings preset and preconfigured to be later configured settings on a fresh installation of Windows.
    I have been using Security Compliance Manager so far to do this and this is what it recommends,  and I've gotten this far, but I am not running a server.
    GPME never loads because I am not a "domain user" rather a local user. How do I make myself a domain user without a server?
    Please do help, I am slightly lost at this point. 
    Thank you again,
    Cryoshadow

    Hi,
    SCM includes the LocalGPO tool which allows you to manage the local group policy objects (LGPO) on non-domain joined computers. You can use LocalGPO to backup the LGPO from a stand-alone machine. You can also use it to apply the settings from a GPO backup
    to other computers, this includes GPO backups created by LocalGPO, SCM, or the Active Directory Domain Services GPO backups created with the Group Policy Management Console.
    LocalGPO.msi - Excellent MS Tool
    http://gallery.technet.microsoft.com/LocalGPOmsi-Excellent-MS-2593b2eb
    Alex Zhao
    TechNet Community Support

  • Client side firewall via GPO question

    I am in the process of testing a new client side firewall that will be enforced via GPO, domain, public and private. So here is my question, I would like to remove all firewall rules that have been added locally. I have set firewall merging to "No"
    to not allow local firewall config. So on my test machine, the firewall GPO is in effect, it is enforcing the rules i have configured so far, however, it does not remove the rules that were present prior to testing.
    Here is a piece of an article i found while researching;
    **Another question related to this is about how to prevent the local users from being able to create rules. While you can’t prevent the users from creating a rule you can prevent the rules created by users from being applied (BTW the rule will still be displayed
    in the GUI) by using the “Apply local Firewall Rules” setting. Again a user cannot create a rule to override a block rule from group policy.
    In the interest of full disclosure a user could potentially override the “Apply local Firewall Rules” setting as documented in the MSDN article.
    technet.microsoft.com/en-us/library/cc755191(WS.10).aspx
    The logging policy can be overridden by the local policy because the merger law is set to on.**
    Reading that, it appears as though even though the local user can create a rule, example: Skype, that rule wont actually work due to the firewall being enforced by GPO and merging not allowed? Is that correct?
    Also, is there a way to completely remove all firewall rules that are not pushed from the GPO?
    Hopefully im being clear on this, but will add info with any questions you may have
    Server 08 r2 , windows 7 clients
    Thanks in advance

    Hi -
    This forum is dedicated to Rights Management Services, which cannot help you with your current issue.  I suggest reposting your question in the Windows Server forum:
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?category=windowsserver
    Thanks!
    Micah LaNasa
    Synergy Advisors
    synergyadvisors.biz

  • Clearing local gpo to a blank slate...

    Hello,
    I've been wondering if it is possible to clear a local gpo to the windows defaults (like if the machine was freshly installed and never had gpo's applied)?
    Prior to using ZEN to push gpos, we had manually set gpo on each machine. Once using ZEN, these already in-place gpo settings got merged with new settings being pushed out from ZEN. At times when ZEN would fail to apply those ZEN gpo settings, it would revert to the previously in placed gpo settings.
    Example: Prior to using ZEN, we had set our WSUS environment settings via the local gpo. After using ZEN, we had moved our WSUS to a new server and had to change the settings on our clients. Using ZEN, we pushed a gpo with these new settings. That works until the machine doesn't apply these ZEN gpos properly or at all at times, thus reverting them to the old/previous local gpo settings that contained the now invalid WSUS settings. Machines stopped getting updates, etc...
    So would it be possible to completely wipe or reset to windows default the local gpo settings, so that we can push fresh, correct gpo from ZEN instead?
    I hope that makes sense.
    Thanks,
    LK

    On Logoff and Shutdown, ZCM will restore Original Settings that were on
    the device when the agent was installed.
    These are stored in %zenworks_home%\bin\cachefiles\something (Don't
    recall exactly w/o looking, but its obvious once you are down that far.)
    You can replace those with copies from a clean PC.
    On 3/8/2013 4:26 PM, leonkrown wrote:
    >
    > Hello,
    >
    > I've been wondering if it is possible to clear a local gpo to the
    > windows defaults (like if the machine was freshly installed and never
    > had gpo's applied)?
    >
    > Prior to using ZEN to push gpos, we had manually set gpo on each
    > machine. Once using ZEN, these already in-place gpo settings got merged
    > with new settings being pushed out from ZEN. At times when ZEN would
    > fail to apply those ZEN gpo settings, it would revert to the previously
    > in placed gpo settings.
    >
    > Example: Prior to using ZEN, we had set our WSUS environment settings
    > via the local gpo. After using ZEN, we had moved our WSUS to a new
    > server and had to change the settings on our clients. Using ZEN, we
    > pushed a gpo with these new settings. That works until the machine
    > doesn't apply these ZEN gpos properly or at all at times, thus reverting
    > them to the old/previous local gpo settings that contained the now
    > invalid WSUS settings. Machines stopped getting updates, etc...
    >
    > So would it be possible to completely wipe or reset to windows default
    > the local gpo settings, so that we can push fresh, correct gpo from ZEN
    > instead?
    >
    > I hope that makes sense.
    >
    > Thanks,
    > LK
    >
    >
    Craig Wilson - MCNE, MCSE, CCNA
    Novell Knowledge Partner
    Novell does not officially monitor these forums.
    Suggestions/Opinions/Statements made by me are solely my own.
    These thoughts may not be shared by either Novell or any rational human.

  • How to Export Non-Administrators Local GPO for import on a different PC

    How to export Non-Administrators Local Group Policy and import on another PC?
    All articles for exporting local GPO say to copy the C:\Windows\System32\GroupPolicy and C:\Windows\System32\GroupPolicyUsers folder to another PC however that only works for changes done to the "Local Computer" or "User" (if you
    alter the SIDs to match), respectively. It doesn't work to import Non-Admin Local GPO.
    There are several requests for this you can find when searching and no solutions provided.

    Hi,
    For manage local GPO, we could take use of the LocalGPO tool included in the SCM.
    LocalGPO allows you to manage the local group policy objects (LGPO) on non-domain joined computers. You can use LocalGPO to backup the LGPO from a stand-alone machine. You can also use it to apply the settings from a GPO backup to other computers, this includes
    GPO backups created by LocalGPO, SCM, or the Active Directory Domain Services GPO backups created with the Group Policy Management Console.
    Here is a good article talking about it:
    SCM v2 Beta: LocalGPO Rocks!
    And here is a thread for reference:
    Using LocalGPO.wsf for standalone PC's
    Best regards
    Michael Shao
    TechNet Community Support

  • Locale Formatting question

    Locale Formatting question
    In the preceding code the number 50 represent currency.
    The output of NumberFormat is 50 with the local symbol
    The output of DecimalFormat is 50.00 without the local symbol
    The question is how to show 50.00 with the local symbol ???
    import java.text.*;
    import java.math.BigDecimal;
    public class LocalFormating {
    public static void main(String[] args) {
    NumberFormat nf = NumberFormat.getCurrencyInstance();
    DecimalFormat decfs = new DecimalFormat("#,##0.00");
    BigDecimal anumb = new BigDecimal(50);
    String temp = nf.format(anumb);
    System.out.println("local anumb = " +temp);
    String temp2 = decfs.format(anumb);
    System.out.println("Decimal format anumb = " +temp2);

    Locale Formatting question
    In the preceding code the number 50 represent currency.
    The output of NumberFormat is 50 with the local symbol
    The output of DecimalFormat is 50.00 without the local symbol
    The question is how to show 50.00 with the local symbol ???
    import java.text.*;
    import java.math.BigDecimal;
    public class LocalFormating {
    public static void main(String[] args) {
    NumberFormat nf = NumberFormat.getCurrencyInstance();
    DecimalFormat decfs = new DecimalFormat("#,##0.00");
    BigDecimal anumb = new BigDecimal(50);
    String temp = nf.format(anumb);
    System.out.println("local anumb = " +temp);
    String temp2 = decfs.format(anumb);
    System.out.println("Decimal format anumb = " +temp2);

  • Error msg clean local gpo

    hello ppl
    when  trying to clean my local gpo with the command:
    secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb
    /verbose
    i get this error msg:
    An extended error has occurred.
    The task has completed with an error.
    See log %windir%\security\logs\scesrv.log for detail info.
    error log details:
    ----Configure File Security...
    Configure c:\program files\common files\speechengines\microsoft\tts.
    Warning 2: The system cannot find the file specified.
    Error setting security on c:\program files\common files\speechengines\microsoft\tts.
    Configure c:\programdata\microsoft\windows\drm.
    Configure c:\programdata\microsoft\windows\drm\cache.
    Configure c:\windows\repair\default.
    Warning 3: The system cannot find the path specified.
    Error setting security on c:\windows\repair\default.
    Configure c:\windows\repair\ntuser.dat.
    Warning 3: The system cannot find the path specified.
    Error setting security on c:\windows\repair\ntuser.dat.
    Configure c:\windows\repair\sam.
    Warning 3: The system cannot find the path specified.
    Error setting security on c:\windows\repair\sam.
    Configure c:\windows\repair\security.
    Warning 3: The system cannot find the path specified.
    Error setting security on c:\windows\repair\security.
    Configure c:\windows\repair\software.
    Warning 3: The system cannot find the path specified.
    Error setting security on c:\windows\repair\software.
    Configure c:\windows\repair\system.
    Warning 3: The system cannot find the path specified.
    Error setting security on c:\windows\repair\system.
    Configure c:\windows\system32\windows media.
    Warning 2: The system cannot find the file specified.
    Error setting security on c:\windows\system32\windows media.
    File Security configuration was completed successfully.
    ----Configure General Service Settings...
    Configure sysmonlog.
    Error 1060: The specified service does not exist as an installed service.
    Error opening sysmonlog.
    Configure SamSs.
    Configure ntmssvc.
    Error 1060: The specified service does not exist as an installed service.
    Error opening ntmssvc.
    Configure netddedsdm.
    Error 1060: The specified service does not exist as an installed service.
    Error opening netddedsdm.
    Configure netdde.
    Error 1060: The specified service does not exist as an installed service.
    Error opening netdde.
    Configure dmserver.
    Error 1060: The specified service does not exist as an installed service.
    Error opening dmserver.
    Configure clipsrv.
    Error 1060: The specified service does not exist as an installed service.
    Error opening clipsrv.
    Configure Browser.
    appriciate answer.

    Hey Navachu
    Thanks for posting ,
    As you mentioned the error msg occurred to the secedit.sdb file,
    Please follow the actions below:
    1. Delete file: secedit.sdb from c:\Windows\security\database
    2. Reboot machine.
    3. Run the command again: secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb
    /verbose
    4. Reboot machine.
    5. Run Gpupdate /force
    6. Check your new GPO Settings.
    Notice for any changes.
    I'd be glad to answer any question

  • Applying different GPOs based on extensionattribute1

    Hello,
    I would like to make use of the extensionattribute fields for computer accounts in AD.  What I would like to do is apply a differnt GPO based on the contents of a particular field, for example, I would like to create three different GPOs with different
    patch settings:
    PROD
    DEV
    PILOT
    I would then enter the corresponding value for each server in extensionattribute1.  I would then like to have the correct patching GPO applied to each server based on the value in extensionattribute1.
    I know this might be easier to do using OU's, but our OU structure is already very strict and I can't move the machines around for this purpose. 
    Is this even possible?  If not, can anyone make a different suggestion that will allow me to use extentionattribute1 in a similar way?

    How about using Security Filtering instead of AD attributes.
    Group A: Prod
    Group B: DEV
    Group C: PILOT
    Put the servers in the respective group and apply the GPO to that group.
    Will continue to think on using an AD attribute

  • How to verify lockout treshold and duration set bij local GPO using script

    Hi all,
    I want to succeed in veryfying the account lockout treshold and duration by checking registry.
    However this is impossible in server 2012 r2. previously these settings where visible in the registry but now it seems that they are hide in the SAM section which is not accessible.
    WMI RSOP does not contain information as it is no group policy.
    Any alternatives?
    Kind rergards,
    AL

    Hi AL,
    >>how to verify lockout treshold and duration set bij local GPO using script
    What does this mean? Does this mean that we are using a standalone server and want to check the account lockout policy set via local GPO?  
    >>Just found that using net accounts the local gpo settings are shown not i have to find a way to strip that using powershell to be able to veriy the correct line and content
    What do we want to achieve here? As you stated, we can run net accounts
    command to check password policy and account lockout policy.  Besides, we can also run command
    gpreult/h report.html with admin privileges to collect group policy result report to check this.
    Best regards,
    Frank Shen
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • I do not know the security questions and when do I apply for the questions do not come to on Emile rescue!! What is the solution..?

    I do not know the security questions and when do I apply for the questions do not come to on Emile rescue!! What is the solution..?

    If the email hasn't arrived after a few hours and isn't in a spam filter, click here, phone Apple, and ask for the Account Security team.
    (87129)

  • Configure Service via local GPO?

    I have a single device in the entire Enterprise that needs BrancheCache disabled to run an application. I would typically just go into the local group policy, configure what I need (in this case it's a service) and have local GPO override the domain GPO.
    There doesn't seem to be an option using the local group policy template to configure services.
    Does anyone have any idea on how I can configure this single device, using something locally. (meaning not a new GPO in the domain which technically is an option)
    Any assistance is appreciated...
    Thank you
    Lavelle

    As Brano pointed out, there is a hierarchy of GPO's so if you want to target the specific user I would create a OU within the OU for the specific user you want to target. Otherwise, target the entire OU :)
    For Example:
    Domain Name (Domain)
    ****Corporate Users (OU)
    ********Specific User (OU)
    You could target the entire Corporate Users group, or the Specific User OU. Your choice
    Don't forget to mark the post that solved your issue as "Answered." By marking the Answer you are enabling users with similar issues to find what helped you. Lewis Renwick - IT Professional

  • Applying a GPO to users of 2 different OU's

    Re: Authenticated Users - I would create a new named security group, add your sales people to it as well.
    Yep - like you said, if you remove authenticated users, only the users that are members of the group will get the policy applied.
    Good luck!

    I am been tasked with creating a system\process that applies specific files and entries to hosts files to various various users.
    Short of the long, I have users in 1 OU e.g Sales, and users that exist in other OU's, I need specific users in other OU to get the same GPO as the users in the Sales OU?
    Can this be done? I've been looking at security filtering but I cannot get it to actually apply the GPO despite doing a gpupdate /force etc.
    Any ideas? Or tips for me to try?
    This topic first appeared in the Spiceworks Community

  • Need help with a script applied by GPO

    Hello,
    I need to automate WebFeed insertion for Remote App Users at user logon.
    RDS 2012 R2 in place. Remote Apps are provided to W7 clients.
    Currently, WebFeed link must be inserted manually in each user's Control Panel\RemoteApp and Desktop Connections. There
    is no straight forward way from Microsoft.
    But there is a script and instruction I found on web...
    I followed the instruction... Created GPO. GPO applies to user but nothing happens.
    Can somebody check the script and the instruction that I could wrongly applied.
    In instruction there is no word about changing something in the script but only wcx file that the script should
    use.
    The script is below and here is my .wcx file:
    <?xml version="1.0? encoding="utf-8? standalone="yes"?>
    <workspace name="Enterprise Remote Access" xmlns="http://schemas.microsoft.com/ts/2008/09/tswcx" xmlns:xs="http://www.w3.org/2001/XMLSchema">
    <defaultFeed url="https://my_webserver_real_FQDN/rdweb/Feed/webfeed.aspx" />
    </workspace>
    I changed the quotes to vertical (") from (”) that
    were in my wcx when copied the lines from web.
    Still not works.
    I
    checked Application log, PowerShell and RemoteApp in eventviewer under user session
    Everything is clean.
    Were I can check the script execution log?
    When the user with applied script logs in, the icon of Remote
    connection appears for 10 seconds on the task bar and disappears.
    Looks like it's trying...
    Check please if the script really should not be touched and provide some troubleshooting
    steps.
    Thanks!
    INSTRUCTIONS from
    the link:
    http://www.concurrency.com/infrastru...rver-2012-rds/
    "Unfortunately
    Windows 7 clients are out of luck here. If you really want to use GPO to deploy
    RemoteApps to Windows 7 clients, then you have to jump through a few
    hoops.
    Create a new GPO and under User ConfigurationPoliciesWindows
    SettingsScripts, double click Logon and click the
    Show Files
    button. This will open an explorer window where you can copy files that will be
    saved within this GPO. Download the
    Install-RADCConnection.ps1 script from the TechNet gallery and
    save it there. Also create a new Text file named something like feed.wcx,
    open it in Notepad and paste in the following three lines of text:
    <?xml
    version=”1.0″ encoding=”utf-8″ standalone=”yes”?>
    <workspace
    name=”Enterprise Remote Access” xmlns=”http://schemas.microsoft.com/ts/2008/09/tswcx”xmlnss=”http://www.w3.org/2001/XMLSchema”>
    <defaultFeed
    url=”https://rds.domain.com/RDWeb/Feed/webfeed.aspx”
    />
    </workspace>
    Now select the PowerShell Scripts tab and
    click the Add button.
    Click Browse and select the .ps1 file and
    for the parameters enter the name of the wcx file. Click OK twice and you are
    ready to scope that policy to a set of users.   
    <#
    .SYNOPSIS
    Installs a connection in RemoteApp and Desktop Connections.
    .DESCRIPTION
    This script uses a RemoteApp and Desktop Connections bootstrap file(a .wcx file) to set up a connection in Windows 7 workstation. No user interaction is required.It sets up a connection only for the current user. Always run the script in the user's session.
    The necessary credentials must be available either as domain credentials or as cached credentials on the local machine. (You can use Cmdkey.exe to cache the credentials.)
    Error status information is saved in event log: (Applications and Services\Microsoft\Windows\RemoteApp and Desktop Connections).
    .Parameter WCXPath
    Specifies the path to the .wcx file
    .Example
    PS C:\> Install-RADCConnection.ps1 c:\test1\work_apps.wcx
    Installs the connection in RemoteApp and Desktop Connections using information
    in the specified .wcx file.
    #>
    Param(
    [parameter(Mandatory=$true,Position=0)]
    [string]
    $WCXPath
    function CheckForConnection
    Param (
    [parameter(Mandatory=$true,Position=0)]
    [string]
    $URL
    [string] $connectionKey = ""
    [bool] $found = $false
    foreach ($connectionKey in get-item 'HKCU:\Software\Microsoft\Workspaces\Feeds\*' 2> $null)
    if ( ($connectionKey | Get-ItemProperty -Name URL).URL -eq $URL)
    $found = $true
    break
    return $found
    # Process the bootstrap file
    [string] $wcxExpanded = [System.Environment]::ExpandEnvironmentVariables($WCXPath)
    [object[]] $wcxPathResults = @(Get-Item $wcxExpanded 2> $null)
    if ($wcxPathResults.Count -eq 0)
    Write-Host @"
    The .wcx file could not be found.
    exit(1)
    if ($wcxPathResults.Count -gt 1)
    Write-Host @"
    Please specify a single .wcx file.
    exit(1)
    [string] $wcxFile = $wcxPathResults[0].FullName
    [xml] $wcxXml = [string]::Join("", (Get-Content -LiteralPath $wcxFile))
    [string] $connectionUrl = $wcxXml.workspace.defaultFeed.url
    if (-not $connectionUrl)
    Write-Host @"
    The .wcx file is not valid.
    exit(1)
    if ((CheckForConnection $connectionUrl))
    Write-Host @"
    The connection in RemoteApp and Desktop Connections already exists.
    exit(1)
    Start-Process -FilePath rundll32.exe -ArgumentList 'tsworkspace,WorkspaceSilentSetup',$wcxFile -NoNewWindow -Wait
    # check for the Connection in the registry
    if ((CheckForConnection $connectionUrl))
    Write-Host @"
    Connection setup succeeded.
    else
    Write-Host @"
    Connection setup failed.
    Consult the event log for failure information:
    (Applications and Services\Microsoft\Windows\RemoteApp and Desktop Connections).
    exit(1)
    --- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis

    Use GPP for this. Do not use a script.  Post your issues in the GP forum.
    You should also visit the RDS forum to get information on how to distribute remote app links.
    ¯\_(ツ)_/¯

  • Basic GPO question

    Goodmorning all,
    I recently implemented a windows server 2008 R2 with windows 7 clients.
    However I noticed that I bummed into a problem.
    You see, I am creating policies just like always and then I realized that I was adding computer policy settings to a gpo that I was assigning to a user OU.... Obviously this won't work.
    However, my question is: Is it best practice to have 1 gpo with both user policies and computer policies and assign it to the user OU and computer OU OR is it best practice to create seperate GPO's  for both OU's?
    If you have an article about this kind of best practices that would be great.
    Andre

    Here is what I have learned over years of GP management. Put a department name under your domain name (corp.contoso.com). For example "HR" for human resources. 
    After the department name, place an OU for workstations and one for users (see below). I apply one main policy for each department that has workstation and user settings. Since the users and workstations are under the main department, they get the policy
    as long as it is defined in the proper section (user configuration vs. computer configuration). 
    If you have a policy that needs to be specific for a workstation, it can be placed in the workstation OU (same for users). 
    Charlie Newman

  • Windows 8 / IE11 forget proxy settings applied by GPO on reboot

    I've just about run out of ideas here on what may be causing this. I've toyed with policies quite often, but never ran into this problem before.
    Windows 8 with IE11. While there are GPO's active on the system, the settings are kept free to alter by the user if need be. We use a proxy, so I'm required to provide the proxy and the exceptions in a policy to the PC's to make sure they work under normal
    conditions. I added a couple of settings in the GPP (Group Policy Preferences) with the correct settings, enabled these settings (green lines) and tested these on a test system. They work fine, I get my proxy settings pushed through.
    Then we get to the rollout on the systems that are affected (not that many, just 10 accounts total, all in nearby rooms). I can run a gpupdate /force to reload the settings, and can confirm the proxy settings are applied properly. So the policy itself seems
    sound also on the workplaces it needs to be active on. Users still have the option to change the proxy settings on their own discretion, but that's exactly what we want to happen.
    Now we run into the problem that when part of these PC's are rebooted, the PC somehow seems to decide the proxy isn't worth its time anymore, and kills all settings for the proxy back to default. Either that, or it just switches the proxy off. Running a
    gpupdate /force reapplies the policy and everything starts working again, but WHY is Windows 8 / IE11 adament about forgetting these settings?
    The really maddening thing is that on a couple of PC's with Windows 8 and IE11 (and the same policies applied) it isn't a problem and the proxy remains filled in, as I would expect from GPO's. These include my test system, which makes me unable to replicate
    the problem and test locally.
    I've tried enhancing the policy with using a forced wait for the network to become available) aswell as a forced logonscript run on boot instead the standard 'after 5 minutes'. Find these under 'Computer Configuration - Policy - Administrative Templates
    - System - Logon' and 'Computer Configuration - Policy - Administrative Templates - System - Group Policy'. Neither setting seems to work tho. I've also tried going with a Computer Configuration Startup script in which I just request to run 'gpupdate' with
    the '/force' as the switches. But this also seems not to do anything.
    In short: Does anyone know why Windows 8 / IE11 falls back to something outside the scope of policies, while it accepts the forced policy update with the correct settings when 'gpupdate /force' is issued manually afterwards? And has anyone any idea what
    I can do to make sure the policy is applied regardless of what Windows 8 / IE11 thinks it should be?

    Just had a go with that... Found out that when I login and refresh the polciy using gpupdate /force, the proxy settings are filled in properly.
    Once I reboot tho, the proxy switches itself off (the entries regarding the proxyname and such remain, as does the 'bypass for local addresses, but it's all grayed out). Once I switch the proxy back on, and check under 'Advanced', I find everything in order,
    except for the exclusion list which is emptied.
    So I forced the gpupdate, verified that the proxy was switched on, and the exclusion list was populated. I then restarted the PC, only to find that above situation (proxy switched off, and exclusionlist empty) had reasserted itself.
    Waited a bit and did a forced policy update again. Then verified the logged files (which was just User.txt).
    After anonymizing the output a bit, I copied the contents to
    http://pastebin.com/YyWswW83 for your review. It looks like it contains 3 batches of GP updates.
    The one at 13:20 is likely the primary one in which I forced the GPUpdate. The one at 13:22 is the one issued on the restart of the computer, while the one at 13:24 is the (once again) forced gpupdate.
    From my understanding it seems as if the no-change of GPO detection works, but also causes it to skip the policy. Tho I admit that's speculation on my part. Any and all light you (or anyone else) may be able to shine on this, will be greatly appreciated.

Maybe you are looking for