Group policies aren't applied during startup and logon in Windows


When UNC hardening is enabled, group policies aren't propagated to Windows 8.1 or Windows Server 2012 R2 Distributed File System (DFS) clients when you log on with slow IP configuration or network authentication. This causes sysvol shares that use UNC hardening by default not resolving for DFS clients.

When this issue occurs, in Group Policy operational events or the GPSVC.LOG file, you can see Error 0x41 (decimal 65) or the "Network access is denied." error message. The error code mnemonic is ERROR_NETWORK_ACCESS_DENIED. The following is the example for GPSVC Log:

GetDCNameFromGPTPath: NetDfsGetClientInfo() failed with error=0xa66 for GPT Path=\\\sysvol\\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini

ProcessGPO(Machine): Couldn't find the group policy template file <\\\sysvol\\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>, error = 0x41. DC: <null>


This issue occurs because of a race condition of the policy service with the DFS UNC hardening. Sometimes DFS clients may be unable to resolve sysvol shares that results in group policies not getting applied during logon. 


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More information

For more information about how to enable Group Policy Service Logging, see How to enable GPO logging.

KB938449 describes similar problems.


Learn about the terminology that Microsoft uses to describe software updates.

Article ID: 3163191 - Last Review: 14 ఫిబ్ర, 2017 - Revision: 1

Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Standard, Windows Server 2012 R2 Essentials, Windows Server 2012 R2 Foundation, Windows 8.1 Enterprise, Windows 8.1 Pro, Windows 8.1