I'm stumped on a strange group policy issue. I know that Domain GPO should take authority over local group policy settings, but lately i've been having an issue and I can't think of anything else it could be.
I'm on a college campus, we have 2000 computers. before I was hired, the previous IT dept would set policies using Local GPOs when they imaged a PC, for example, setting the desktop background images and desktop themes (user config > admin templates > control panel > personalization > Load a specific theme - this then points to a theme and set of images on the C drive of each individual computer). I was tasked with changing the theme for all PCs, so I applied a domain level GPO which pulls the theme and background images from a shared folder on the network which has worked just fine for many computers that are running on a newer image, but it seems that a number of the old image PCs will not pick up the new theme. As mentioned, I know that Local Group Policy should be trumped by Domain policy, but it doesn't seem to be in all cases.
Is there a way to change the local group policy (to either change the value in the "Load a specific theme" field to either be disabled or to point to the theme in the network folder) in some sort of batch or maybe using psexec, a logon script or something like that? I don't want to have to hit each individual computer to change the local group policy settings if there is a way to script or automate it.
thanks!
edit: domain functional level is Server 2003, workstations all running Win 7. Definitely checked to make sure workstations are in the correct OUs, and are not marked to Block Inheritance
It is possible your domain function level needs to be raised to the 2008 level(Windows 7 and 2008 are the same windows version) for that functionality to work. I have personally seen settings not work until the domain functional level was raised.
You can type rsop.msc on the actual machine to see what the resultant group policy is after all the policies are applied.
One thing to try is to install RSAT on a Windows 7 machine or use Server 2008\2012. Log on the machine with your Domain Admin credentials and edit the group policy. It may give you additional functionality that will make the option work.
Another option would be to reset the local group policy settings to their default values with the following command:
You could potentially create a batch file to deploy that command using group policy.
Are any loop back processing group policy settings enabled? That will effect how things are applied
I don't have a magic bullet, but did you check whether these machines that aren't picking up your domain policy are in the correct OU?