I have checked all the usual things, computers are in the right admin group that has the policies applied to it, that sort of thing. I've got some group policies that for some reason or other are not applying correctly. Here is an example. Policy named "Windows Firewall" is applied to the entire domain. It contains settings including a rule to enable Remote Desktop. Whenever I build a new machine and join it to the domain, I cannot connect with Remote Desktop. I logon locally, open Windows Firewall and look at the rules. There is Remote Desktop, with a gray (unremovable) checked box and a note at the top saying "some settings are managed by your system administrator." Right below that is another Remote Desktop which is not checked. Unless this one is checked, and I have to do it by hand every time, Remote Desktop doesn't work. The firewall obviously knows about the group policy and shows it as enabled, so why is it showing it again?