Home » 
Applicable For Endpoint Central MSP 
 
 
Troubleshooting GPO Configurations
This document outlines common causes and resolutions for GPO Configuration failures.
1. Execution Status: Not Applicable
When the Execution Status for a device is marked as Not Applicable, it indicates that the configured Administrative Template (ADMX) policies are not present or cannot be applied on that agent machine.
Possible Reasons
  1. Policy Not Applicable for the OS
    • The policy is designed for a specific version or edition of Windows and is not supported on the device’s operating system.
  2. Policy Deprecated or Newly Added
    • The policy may have been deprecated in the OS version running on the device.
    • Alternatively, a new policy was added in a later OS feature update, but the device has not yet received the update required for that policy.
2. Effect of Setting a Policy to “Not Configured”
When a user modifies a policy and selects Not Configured, the following occurs:
  1. Policy Removal from Configuration
    • The respective policy is removed from the current configuration in Endpoint Central.
  2. Registry Reversion on Agent
    • If the policy is not present in any other configuration, the corresponding registry entries on the agent machine are reverted to their default state.
  3. Precedence Across Configurations
    • If the same policy exists in another configuration, that configuration’s value will be applied.
    • If the same policy exists in multiple configurations, the last modified configuration’s value will take precedence.
  4. Managed by External Tools
    • If the policy is handled by an external tool or another management system, that system’s configuration will be applied.
Note: Selecting Not Configured does not delete the policy from the system entirely; it simply stops Endpoint Central from enforcing it in this configuration.
3. Effect of ADMX Policy Updates on Windows Registry
  1. When an ADMX-based policy is deployed through Endpoint Central, the corresponding values are updated in the Windows Registry. These changes ensure that the configured settings are enforced on the endpoint.
  2. However, users with sufficient privileges can still modify these registry entries manually. If such manual changes are made, they may override or conflict with the deployed configuration until the next policy refresh cycle from Endpoint Central reapplies the settings.
Note: To maintain compliance and prevent configuration drift, it is recommended to restrict registry modification permissions for non-administrative users.
4. Policy Applied Successfully but Not Reflected on Agent
In some cases, a policy may show as successfully applied in Endpoint Central but not appear as expected on the agent machine. A common reason for this is that Active Directory Group Policy Objects (AD GPOs) override the configuration deployed by Endpoint Central.
  1. Since both AD GPO and Endpoint Central can manage the same settings, the value that takes effect depends on policy precedence. By default, AD GPOs have higher priority and can overwrite the policies pushed through Endpoint Central.
Recommendation:
To avoid conflicts, review the applied AD GPOs on the affected endpoint using the Group Policy Management Console (GPMC). Adjust or remove conflicting GPOs as needed to ensure Endpoint Central policies take effect.