No, no progress on our end. We still need 2 reboots to get all the GPOs applied.
Unfortunately, we’ve been buried and unable to open a case with Microsoft on the problem. I can confirm that the problem exists in Win10 CB at least up through 1511. I have not tried 1607 yet in our environment. Mike From: <listsad...@lists.myitforum.com> on behalf of Steve Whitcher <st...@whitcher.org> Reply-To: "mssms@lists.myitforum.com" <mssms@lists.myitforum.com> Date: Thursday, August 11, 2016 at 8:28 AM To: "mssms@lists.myitforum.com" <mssms@lists.myitforum.com> Subject: Re: [mssms] RE: Problems applying GPOs with Windows 10? Did anyone ever make any progress on this, or are you all still just working around the issue and rebooting an extra time to apply GPO's? On Mon, Sep 14, 2015 at 2:37 PM, Russ Rimmerman <russ.rimmer...@microsoft.com<mailto:russ.rimmer...@microsoft.com>> wrote: Yes, I think a support case is likely appropriate, was just sharing the answer to Todd’s question about a UserVoice for Windows OS. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of Daniel Ratliff Sent: Thursday, September 10, 2015 8:55 AM To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: [mssms] RE: Problems applying GPOs with Windows 10? How is this a feature suggestion and not a bug? GPO taking two reboots to apply is a pretty big issue for us. Would a support case be more appropriate? Daniel Ratliff From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Russ Rimmerman Sent: Thursday, September 10, 2015 12:43 AM To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: [mssms] RE: Problems applying GPOs with Windows 10? https://windows.uservoice.com/forums/265757-windows-feature-suggestions I believe just http://windows.uservoice.com will also take you there as well From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Mote, Todd Sent: Wednesday, September 9, 2015 8:14 PM To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: [mssms] RE: Problems applying GPOs with Windows 10? What can we do about it? Where is appropriate to file this? How can we get this some visibility? I don’t think there’s a Connect site for Windows is there? Uservoice? Todd From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Johns, Damon (DoJ) Sent: Wednesday, September 9, 2015 5:51 PM To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: [mssms] RE: Problems applying GPOs with Windows 10? Yes can confirm that same behaviour in my domain – workstations require at least 2 restarts before all the Group Policy objects are applied to my Windows 10 instances – it was quite noticeable as the branding GPO hadn’t applied after my OSD Task Sequence completed even with the SMSTSPostAction set to do a restart. Cheers Damon From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Marable, Mike Sent: Wednesday, 9 September 2015 9:42 PM To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: [mssms] Problems applying GPOs with Windows 10? Has anyone else had problems with GPO processing on Windows 10? I’m currently working on the Windows 10 replacement for one of our Windows 7 products and consistently I’m seeing GPOs not applying in a timely fashion (in particular the AppLocker policies). Once the machine is built I have to reboot it a second time to get all the policies in place. The Windows 7 equivalent never had this problem. Here is what I’m dealing with. I have a single task sequence that will build using either Windows 10 or Windows 7 depending on a task sequence variable. So the builds run through the same exact steps. They are placed in OUs with identical GPOs applied. I originally was setting the SMSTSPostAction variable to do a “shutdown –r –t 0” to reboot the machine at the end of the build. On a Windows 7 build the machine comes up with all GPOs processed. It has the proper wallpaper and all the restrictions are in place. On a Windows 10 build the machine comes up and it has the wrong wallpaper and none of the restrictions are in place. I have to reboot it a second time and only then does it come up properly. Trying to resolve this I’ve set up a clunky hack at the end of my task sequence. SMSTSPostAction calls a batch file. This batch file calls a PowerShell script. The PoSh script sleeps for 30 seconds to allow the batch file to exit, return control back to the TS and so the TS can close out. The PoSh script then continues with resetting the Provisioning keys in the Registry, sleeping another 30 seconds, does a GPUpdate, sleeps, does another GPUpdate, sleeps and then restarts the computer. With this in place the system comes up with most of the GPOs in place (i.e. the wallpaper is proper) but what concerns me is that the AppLocker policies that should have hidden “Search”, “Contact Support” and “Windows Feedback” did not apply. They are all still present on the Start Menu. Now “Contact Support” and “Windows Feedback” report that they are blocked by the administrator, so although not perfect at least they are blocked. But the Search feature is still fully functional which allows the user (the general public in this scenario) to search and find things like PowerShell. Once I reboot the machine a second time the AppLocker policy fully kicks in and Search is disabled. Once this second reboot has happened all new users who log in receive the full GPO settings so AppLocker prevents the Universal apps from appearing on the Start Menu, Search is disabled, etc. but only after the second reboot. I don’t want to further hack this and I’m hoping I’m just too deep in the woods and am missing something simple, but my next step will be to script in an immediate second reboot. Again, I have none of these troubles building a Windows 7 machine. Windows 7 is 100% ready immediately post build. Mike Marable Microsoft Systems Engineer Lead Enterprise Device Engineering and Management MCPS, MCITP, MCTS, MCSA, MCSE, MS [Profile<http://www.mycertprofile.com/Profile/5319166625>] [Blog<http://thesystemsmonkey.wordpress.com/>] ---------------------------------------------------- "The difficult we do at once. The impossible takes a little longer." -US Army Corps of Engineers "It is better to have less thunder in the mouth and more lightning in the hand." -Apache Proverb I will rise when I have fallen. "Unless you try to do something beyond what you have already mastered, you will never grow." -Ralph Waldo Emerson ********************************************************** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues ________________________________ CONFIDENTIALITY NOTICE AND DISCLAIMER The information in this transmission may be confidential and/or protected by legal professional privilege, and is intended only for the person or persons to whom it is addressed. If you are not such a person, you are warned that any disclosure, copying or dissemination of the information is unauthorised. If you have received the transmission in error, please immediately contact this office by telephone, fax or email, to inform us of the error and to enable arrangements to be made for the destruction of the transmission, or its return at our cost. No liability is accepted for any unauthorised use of the information contained in this transmission. The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information. ********************************************************** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues