This issue exists on a Windows 7 Pro x64 machine (Dell Inspiron E6420). I am trying to adjust a setting using gpedit.msc, but the change never seems to take effect. By that, I mean the setting that is changed never shows up in rsop or gpresult.

The exact setting is called Prevent installation of devices not described by other policy settings which is currently reported as Enabled in RSOP/gpresult.

Even if I set this to not configured or disabled using gpedit.msc, the change never shows in a gpresult query. Not even after a gpupdate or reboot.

However it will show the updated setting in gpedit (not that it makes a difference at that point if it can't apply).

Error messages

A few points of concern:

1. This error happens when running gpupdate:

   Updating Policy... User Policy update has completed successfully. Computer Policy update has completed successfully.
   The following warnings were encountered during computer policy processing:
   Windows failed to apply the Scripts settings. Scripts settings might have its own log file. Please click on the "More information" link.
   For more detailed information, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.

2. When running an RSOP or GPresult, there is a yellow exclamation point on the Computer Configuration section.

3. Under Component Status, these two errors are showing, but I haven't been able to figure out a way to clear them:

   Component Status Component Name Status Last Process Time Group Policy Infrastructure Success 6/14/2013 3:46:11 PM Internet Explorer Zonemapping Success (no data) 2/6/2013 10:29:33 AM Registry Failed 6/14/2013 3:46:11 PM Registry failed due to the error listed below.

   Unspecified error

   Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 6/14/2013 3:46:10 PM and 6/14/2013 3:46:11 PM.

   ---

   Scripts Failed 6/14/2013 3:46:11 PM Scripts failed due to the error listed below.

   Access is denied.

   Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 6/14/2013 3:46:11 PM and 6/14/2013 3:46:11 PM.

   Security Success 6/14/2013 3:46:11 PM

Things that didn't work

So far I've tried:

1. Resetting local group policy:
   secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose

2. Another method I found to try and reset local group policy:
   Deleted c:\Windows\System32\GroupPolicy and forced a gpupdate

3. Copying group policy settings from a known working computer with similar config:
   Copied C:\Windows\System32\GroupPolicy

4. Deleting Registry key, but after reboot it just comes right back:
   HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyUnspecified

Anyone have any other ideas on how to fix this?

Test file share connectivity and permissions

Test command at workstation:

nslookup %USERDNSDOMAIN%

net view %USERDNSDOMAIN%

cd \\%USERDNSDOMAIN%\SYSVOL\%USERDNSDOMAIN%\

and check file permissions in folders: Policies and scripts

Check other ports' connectivity

open and check port at domain infrastructure

Instructions here: Active Directory Firewall Ports - Let's Try To Make This Simple

Nuke local registry key

delete registry key:

reg delete HKLM\SOFTWARE\Policies /f
reg delete HKCU\Software\Policies /f

Nuke local folder

delete folder:

RD /S /Q %windir%\System32\GroupPolicy