Troubleshooting Group Policy can be anything but straight-forward. You can double-check everything on the server side – settings, OU, security filtering – and come to the conclusion that things should work but still not get the desired results on the client. A previous article explains Resultant Set of Policies (RSoP) and GPResult to use in troubleshooting Group Policy but there may be an easier, more direct way to catch the problems in your GPO.
You are probably familiar with the standard Windows Logs under the Event Viewer. You can find these under Computer Management by right-clicking ‘This PC’ and choosing ‘Manage…’. The standard logs divide data into their relative categories such as Application, Security, and System. If you dig a little further in all versions of Windows since Vista, you can find a GroupPolicy Operational log. It is under Event Viewer, Applications and Services Logs, Microsoft, Windows, GroupPolicy, Operational, as indicated in the image below.
In this log, you can find information about Group Policy processes happening in the background. Processing individual GPOs and other activities can be logged. This can include any errors encountered while processing Group Policy. For example, I recently found a scheduled task being created through Group Policy Preferences that was not taking effect because it had an invalid parameter for that version client. The Group Policy Preference had to be configured on a newer operating system and fix an incorrect parameter. After that was addresses, performing a gpupdate on the client and refreshing the GroupPolicy Operational log revealed that the update was processed successfully and the error went away.