At the same time, other policies like "Logon Scripts" and "Encrypting File System" apply fine.This is from a Windows Server 2008R2 Enterprise server, to Windows 7, SP1 Enterprise clients.
A version of Group Policy called Local Group Policy ("LGPO" or "Local GPO") also allows Group Policy Object management on standalone and non-domain computers.
Group Policy, in part, controls what users can and cannot do on a computer system: for example, to enforce a password complexity policy that prevents users from choosing an overly simple password, to allow or prevent unidentified users from remote computers to connect to a network share, to block access to the Windows Task Manager or to restrict access to certain folders.
If a Group Policy Object should be applied to an end user this user must have two specific allow permissions: READ and APPLY GROUP POLICY.
By default a new GPO has a number of permissions with different access levels, but only one entry has both “read” and “apply group policy”: the special group “Authenticated Users“.
Microsoft has provided great guidelines and tools in order to troubleshoot.
Let’s look at the top ten issues that can stop Group Policy from being applied.Despite the name “Authenticated Users” actually includes both logged on users but also computer objects from either the same domain or a trusted domain.This means that a default GPO will be applied to all users and computers located in some OU to which the GPO are linked somewhere above.From deploying software to setting the default printer, it works.But when Group Policy is not being applied, we can fix it!A GPO that resides on a single machine only applies to that computer.