Group Policy Troubles

M

Mabrito

Supreme [H]ardness
Joined
Dec 24, 2004
Messages
7,004
These things are really annoying me again. It seems like its a hit or miss with Group Policies. I have this server running Server 2003 and a XP workstation. Im trying to deploy a group policy to the XP station. I make the policy and assign it to the OU I want it work in. Then I drop the assigned users into that OU. When the user logs on, the group policy does not take affect. They get there roaming profile and everything else they should from the server, just not the GP.

I tried the GPUDATE command and even the GPUPDATE /FORCE command. Still doesnt work. When I do a GPRESULT, it doesnt even show the GP in the filtered out objects parts. In the security restrictions of the GPO, its just set to Authenticated Users, so it should work anyone in that OU.

Any ideas on what could be causing this not to work?
 
What is your policy trying to do?

Also, when you do the gpupdate /force does it promot you for logoff?

Are you logging in locally or on the domain?
 
What policy are you trying to apply?

Edit: k1pp3r beat me to it :p

Another dumb question but you link Enabled the GPO right?
 
Yeah I should of mentioned some of those facts. Its a user GPO. Right now Ill be happy if I get Task Manger taken away from the CTRL ALT DEL screen. I am logging onto the domain, like I said, they get there roaming profiles just fine, just not the GP's.

Also, when you do the gpupdate /force does it promot you for logoff?
No, it just says its completed. I do log off though then re-log back on.

I am almost positive its link enabled. Just in case it isn't, what does it do? But I am 99% positive it is. I do not have it enforced though? I did try enforcing it and still nothing. What does enforce do as well?
 
Here's what each means. http://technet.microsoft.com/en-us/library/cc739343.aspx

Roaming profiles are managed via GPO BTW, so they are processing GPO's.

You link enable by right clicking on the policy and selecting that option. I believe it's typically on by default but check anyway.

I've never seen gpupdate /force ask me to logoff ever. Normally after I do that command I just restart anyway.

Also, is there a way you can show me your GPMC.MSC console screen? That might help narrow a few things down. You can blackout the domain names if you like, it's no biggie. I'm looking specifically for the policies you have on the domain and the Linked GPO screen and the GP Inheritance screens if possible.

These few things should help narrow down the problem if you can provide further info. :)
 
Do you have any folders located on your sysvol? They will be in the Policys folder. can you access this folder from your xp machine?
 
QHalo said:
Here's what each means. http://technet.microsoft.com/en-us/library/cc739343.aspx

Roaming profiles are managed via GPO BTW, so they are processing GPO's.

You link enable by right clicking on the policy and selecting that option. I believe it's typically on by default but check anyway.

I've never seen gpupdate /force ask me to logoff ever. Normally after I do that command I just restart anyway.

Also, is there a way you can show me your GPMC.MSC console screen? That might help narrow a few things down. You can blackout the domain names if you like, it's no biggie. I'm looking specifically for the policies you have on the domain and the Linked GPO screen and the GP Inheritance screens if possible.

These few things should help narrow down the problem if you can provide further info. :)
Click to expand...


Yeah I can do that, just give me like an hour or so, I can have shots up.
 
In the meantime I'll fire up my VM domain and take a look around my GP's as well.
 
Ok Lazy. I setup a Folder Redirection Policy and this is exactly what I did to make it work. I know it's not exactly what you're trying to do but it should suffice to show you my steps.

I created a user - Test.
I created an OU on my domain - Test OU.
I created sub-OU's - User and Computer.
I added the Test account to the User OU under Test OU.
I created a new GPO through GPMC.MSC under the Group Policy Objects - Folder Redirection.
I configured the shared directory on the DC to host the My Documents folder from the client PC.
I dragged the GPO through GPMC.MSC - Folder Redirection to the Users OU under the Test OU.
I right-clicked to ensure that Link Enabled was checked on the Folder Redirection GPO.
I ran GPUPDATE /FORCE from the client. I was prompted to logoff :)p)
After logging off and then back in I ran GPRESULT. I can now see that the Folder Redirector GPO is being enforced under User Policies.
I verified that the My Documents Folder was being redirected to the location on the server.

I'm including SS' of my setup so you can take a look.

Domain Setup with OUs

aduserscomps.jpg


GPMC.MSC Setup for GPO

domain.jpg


GPRESULT after applied

gpresult.jpg


Verified My Documents

folderredirworking.jpg
 
Haha it wasnt the GP fault. It was a DNS problem...... I had my workstation pointing to another DNS that was not Domain controllers DNS. Yep stupid error.
 
You must log in or register to reply here.
Back
Top