| Author | Messages | |
cwhitmore
Posts:21
 | | 04/24/2008 10:44 AM |
| Yes, it’s a computer GPO. I turned off the firewall, but no help there. I checked two other workstations, but they have the same problem.
Brian – I also logged into the XP box as myself. I have Enterprise Admin and Domain admin rights, but that didn’t make a difference.
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of mck1012
Sent: Thursday, April 24, 2008 9:29 AM
To: ActiveDir@mail.activedir.org
Subject: Re: AD: Re: [ActiveDir] GPO not updating?
I dont think this is a user permission issue. This is a computer startup script correct? Is the firewall enabled on the workstation? is this working on any other workstations? Can you test another workstation that has this GPO applied?
----- Original Message ----
From: "Britt, Brian" <brian.britt@Vanderbilt.Edu>
To: ActiveDir@mail.activedir.org
Sent: Thursday, April 24, 2008 10:22:13 AM
Subject: RE: AD: Re: [ActiveDir] GPO not updating?
The user may be an Admin on that PC but do they have the ability to traverse the directories where the GPO is stored on the DC? That is where you need to allow the traverse. Essentailly this means that they may not have explicit rights to parent directories but they go bypass them to go to a subfolder where they do have rights. If they are not allowed, they may be stopped at a level far above the folder where they need to read the GPO settings if they are not allowed.
This worked in my case. It may not apply to yours but worth a try.
Brian Britt
Vanderbilt University
Directory Services Specialist
615-322-4676
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Carlton L. Whitmore
Sent: Thursday, April 24, 2008 9:19 AM
To: ActiveDir@mail.activedir.org
Subject: RE: AD: Re: [ActiveDir] GPO not updating?
Brian,
I checked and the user is an admin on that PC. I verified that the user is part of the group in that GPO.
Any other ideas?
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Britt, Brian
Sent: Thursday, April 24, 2008 8:53 AM
To: ActiveDir@mail.activedir.org
Subject: RE: AD: Re: [ActiveDir] GPO not updating?
I ran into a similar problem once before on a secured machine. The problem was with the setting, “Bypass Traverse Checking.” If the user is not allowed to bypass traverse checking, they may not be able to get to the directory where the GPO resides on the server. It may seem like the GPO is applied but the settings are not. Once I allowed the user to Bypass traverse Checking, the policy applied successfully.
Brian Britt
Vanderbilt University
Directory Services Specialist
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of mck1012
Sent: Thursday, April 24, 2008 8:34 AM
To: ActiveDir@mail.activedir.org
Subject: Re: AD: Re: [ActiveDir] GPO not updating?
How about if you run rsop.msc, do you see the script listed.
----- Original Message ----
From: Carlton L. Whitmore <cwhitmore@Advocacyinc.org>
To: ActiveDir@mail.activedir.org
Sent: Thursday, April 24, 2008 9:29:05 AM
Subject: RE: AD: Re: [ActiveDir] GPO not updating?
Okay, I ran gpresult on the XP box and it shows that the GP is being applied every time I reboot.
I even went to the server (trak), that was applying the GP and verified that the GPO was correct. I also tried to apply it from the domain level, but when I check the XP box the GPO hasn't changed.
Here are the results:
Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 4/24/2008 at 8:24:45 AM
RSOP results for ADVOCACYINC\scriptuser on GENERIC-FE41A1A : Logging Mode
--------------------------------------------------------------------------
OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: ADVOCACYINC
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
Roaming Profile:
Local Profile: C:\Documents and Settings\scriptuser
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=GENERIC-FE41A1A,OU=PCs,DC=Advocacyinc,DC=org
Last time Group Policy was applied: 4/24/2008 at 8:11:54 AM
Group Policy was applied from: trak.Advocacyinc.org
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
New Group Policy Object
Log on Locally
Default Domain Policy
Local Group Policy
The computer is a part of the following security groups:
--------------------------------------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
GENERIC-FE41A1A$
Domain Computers
CERTSVC_DCOM_ACCESS
USER SETTINGS
--------------
CN=ScriptUser,OU=Test,DC=Advocacyinc,DC=org
Last time Group Policy was applied: 4/24/2008 at 8:20:57 AM
Group Policy was applied from: intake.Advocacyinc.org
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
New Group Policy Object
Default Domain Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups:
----------------------------------------------------
Domain Users
Everyone
BUILTIN\Users
BUILTIN\Administrators
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
CompAdmin
Faxserve
CERTSVC_DCOM_ACCESS
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Mark Parris (L)
Sent: Thursday, April 24, 2008 1:52 AM
To: ActiveDir
Subject: Re: AD: Re: [ActiveDir] GPO not updating?
Do you have any other policies that could override your policy?
Run RSOP, see if yours is applied - and what else?
Regards,
Mark Parris
-----Original Message-----
From: "Rick Gomez" <febrero@dlpmx.com>
Date: Thu, 24 Apr 2008 00:59:11
To:<ActiveDir@mail.activedir.org>
Subject: AD: Re: [ActiveDir] GPO not updating?
run gpresult on the client to see if that GPO its being applied.
If its not then probably you are authenticating against a DC that has not replicated the new GPO.
Check FRS Event log to see if there are any errors.
Rick
----- Original Message -----
From: Carlton L. Whitmore <mailto:cwhitmore@Advocacyinc.org>
To: ActiveDir@mail.activedir.org <mailto:ActiveDir@mail.activedir.org>
Sent: Wednesday, April 23, 2008 5:05 PM
Subject: [ActiveDir] GPO not updating?
I ™m trying to push the follow registry using the GPO from Windows 2003 AD.
Local Computer Policy -> Administrative Templates -> System -> Logon -> Always wait for the network at computer startup and logon (enable)
I ™ve tried it in two different OU ™s, one for users and the other for computers. I ™ve also changed it at the domain level.
Even if I manually run gpupdate /force it doesn ™t update. I know it ™s not a rights issue because I can manually change the setting from the PC.
Any ideas why this isn ™t propagating from AD?
Carlton.
.+-Å wè Ûiÿü0Ã� §-Š÷ �Å º+ƒò⠲Ö ¬ §Ã¢ ²Ã‘@Bm §Ã¿Ã°ÃƒÅ“ ¶+Þv*è ®Ã‹Å ËE ¬ §Ã¢ ²Ã– «r ¯zm §Ã¿Ã°ÃƒÅ“ ¶+Þv*è ®Ã¦k÷^} « ¥ µ «)
.+-Šwè†Ûi ü0Á§-Š÷�Šº+ƒò ²Ö¬§ ²Ñ@Bm§ ðà ¶+Þv*è®ËŠËE¬§ ²Ö«r¯zm§ ðà ¶+Þv*è®æk÷^}«¥µ«)
________________________________
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. <http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ%20>
________________________________
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. <http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ%20>
| | | |
|
|