Prompt for consent on secure desktop domain policy is failing to override local policy

Highlighted
New Contributor
A domain gpo is set to prompt for consent on the secure desktop. The 1809 security baseline is applied as a local gpo with the -domainjoined argument. The domain policy is not overriding the local policy. This is LTSC 1809.

https://blogs.technet.microsoft.com/secguide/2018/11/20/security-baseline-final-for-windows-10-v1809...
2 Replies
Highlighted

I don't understand the issue. It sounds as though both the domain and local policy apply the same setting. What's to override?

Open a PowerShell as admin on the machine in question and type:

 

gpresult /h c:\report.html

 

Open the report in your browser and scan through it. You will see each policy that gets applied (local and domain). You also see the order in which they got applied, how long it took, the reason of failure if one fails and each an every configured setting. Each setting shows you exactly from which policy it came.

 

You should be able to narrow down your problem this way.

@null null