After updating the Group Policy Objects on a certain domain, it’s best to run the
gpupdate /force command to apply the changes, as they only apply automatically every 90 minutes. However, sometimes running this command gives the “The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object” error.
The main cause of the issue is the corruption of the file storing the Group Policy Registry settings on your local system or the domain controller. Such corruption can occur because of temporary issues such as server updates or being inactive for some time. However, it will also happen if there are some problems with your GPO or the replication system in your domain.
How to Fix Windows Could Not Apply the Registry-based Policy Settings for the Group Policy Object
The first thing you need to do after you encounter this issue is to check the event logs for more information. Doing so will help you narrow down the cause as well as tell you the GUID name or number in case you did not note it from the gpupdate error message.
- Open Run by pressing Win + R.
eventvwrand press Enter to open the Event Viewer.
- Go to Windows Logs > System and click on Filter Current Logs.
- Enter 1096 on the <All Event IDs> textbox and click OK.
- Double-click on the latest or the most relevant event and check both General and Details tabs.
If you could determine the exact reason for the issue, go to the corresponding solution. Also, make sure to copy down the GUID number of the GPO that failed to update.
Recreate Local Registry.pol File
The easiest possible fix for this error is to delete the local
Registry.pol file on the client side and allow the domain to recreate it.
Registry.pol stores all the registry-based policy settings for the GPO, and this error indicates that the file in your system is corrupted.
Registry.pol is only a copy of the source file on the Domain Controller, so you can safely delete it.
- Navigate to
- Delete the
- Delete the Registry.pol file inside
- Then, run
gpupdate /forceon your local machine to have the domain controllers apply all GPOs to your machine, thereby recreating the
If it doesn’t recreate the folder, contact your system admin to apply the group policy to your local machine or wait for 90 or so minutes for the policy to apply automatically.
Check Registry.pol File inside Sysvol
If recreating the Registry.pol file doesn’t resolve the issue, it’s likely that the source file on a Domain Controller (DC) is corrupt. If you have access to the DC, you can perform the following steps to troubleshoot the issue. If you don’t, you need to contact your system admin for this purpose.
- Open the File Explorer.
- Go to
C:\Windows\SYSVOL\sysvol\“Domain Name”\Policies\“GPO GUID”\Machine.
- Make sure that
Registry.polexists here along with
GPT.iniin the “GPO GUID” folder.
- Right-click on
GPR.iniand select Properties.
- Go to the Security tab and check who has permission for the file.
- Do the same for
Registry.poland see if they have the same permissions.
If they don’t, or the
Registry.pol file is missing, delete the SYSVOL folder and copy or replicate it from another domain controller. You also need to do the same if the dates or versions of the files in the SYSVOL folder don’t match that of other DCs.
If you can’t do so, you need to demote and then promote the DC again while making sure there are no issues with your replication policy.
Check and Troubleshoot Sysvol Replication
If replicating the SYSVOL folder from another domain controller doesn’t work, there may be some issues with your domain’s replication health. You can use the Repadmin tool to monitor the replication status and analyze the report for any issues.
- Open Run.
cmdand press Ctrl + Shift + Enter to open the Elevated Command Prompt.
- Enter the command
repadmin /showrepl * /csv >showrepl.csv
- Open the
showrepl.csvfile in Excel.
The exact process to analyze this file is slightly complex. And there are several possible ways to troubleshoot the replication issue depending on the nature of the error, which you can determine through the
repadmin /showrepl command. So we recommend visiting Microsoft’s comprehensive guide on this process to learn the full process if necessary.
Delete and Recreate GPO
If the above solutions don’t work, you need to delete the GPO showing the issue and recreate it again to resolve the issue.
- Note down the GUID of the GPO from the event log.
- Then, open Run.
powershelland press Ctrl + Shift + Enter to open Windows PowerShell
- Enter the cmdlet
Get-GPO -Guid “GUID”to get the name of the GPO.
- Now, open Run again.
gpmc.mscand press Enter to open the Group Policy Management Console.
- Expand “Domain name” > Domains > “Domain name” > Group Policy Objects.
- Right-click on the relevant GPO and click Delete.
- Click on delete GPO from archive and production.
- Then, Right-click on an empty area and select New.
- Follow the instructions to recreate the GPO according to your situation.
- Then, link it to the necessary users.
After that, run the
gpupdate /force command to update the policy.