| Author | Messages | |
mck1012
Posts:40
 | | 04/24/2008 10:54 AM |
| How many DC's do you have? Are there any errors in the event log on either workstation or DC's. Are there other settings in the same GPO that are working? If not can you make a change in that GPO to see if it works for the computer.
----- Original Message ----
From: Carlton L. Whitmore <cwhitmore@Advocacyinc.org>
To: ActiveDir@mail.activedir.org
Sent: Thursday, April 24, 2008 10:44:11 AM
Subject: RE: AD: Re: [ActiveDir] GPO not updating?
<!--
_filtered {font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
_filtered {font-family:"Arial Unicode MS";
panose-1:2 11 6 4 2 2 2 2 2 4;}
_filtered {font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
_filtered {font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
_filtered {
panose-1:2 11 6 4 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman", "serif";}
a:link, span.MsoHyperlink
{
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{
color:purple;
text-decoration:underline;}
p.msochpdefault, li.msochpdefault, div.msochpdefault
{
margin-right:0in;
margin-left:0in;
font-size:10.0pt;
font-family:"Times New Roman", "serif";}
span.emailstyle17
{
font-family:"Calibri", "sans-serif";
color:#1F497D;}
span.emailstyle18
{
font-family:"Calibri", "sans-serif";
color:#1F497D;}
span.emailstyle19
{
font-family:"Calibri", "sans-serif";
color:#1F497D;}
span.EmailStyle21
{
font-family:"Calibri", "sans-serif";
color:#1F497D;}
.MsoChpDefault
{
font-size:10.0pt;}
_filtered {
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{}
-->
Yes, it’s a computer GPO. I turned off the firewall, but no help
there. I checked two other workstations, but they have the same problem.
Brian – I also logged into the XP box as myself. I have
Enterprise Admin and Domain admin rights, but that didn’t make a difference.
From: ActiveDir-owner@mail.activedir.org[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of mck1012
Sent: Thursday, April 24, 2008 9:29 AM
To: ActiveDir@mail.activedir.org
Subject: Re: AD: Re: [ActiveDir] GPO not updating?
I dont think this is a user
permission issue. This is a computer startup script correct? Is the firewall
enabled on the workstation? is this working on any other workstations? Can you
test another workstation that has this GPO applied?
----- Original Message ----
From: "Britt, Brian" <brian.britt@Vanderbilt.Edu>
To: ActiveDir@mail.activedir.org
Sent: Thursday, April 24, 2008 10:22:13 AM
Subject: RE: AD: Re: [ActiveDir] GPO not updating?
The user may be an Admin on that PC but do they have the ability
to traverse the directories where the GPO is stored on the DC? That is where
you need to allow the traverse. Essentailly this means that they may not have
explicit rights to parent directories but they go bypass them to go to a
subfolder where they do have rights. If they are not allowed, they may be
stopped at a level far above the folder where they need to read the GPO
settings if they are not allowed.
This worked in my case. It may not apply to yours but worth a
try.
Brian Britt
Vanderbilt University
Directory Services Specialist
615-322-4676
From:ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On
Behalf Of Carlton L. Whitmore
Sent: Thursday, April 24, 2008 9:19 AM
To: ActiveDir@mail.activedir.org
Subject: RE: AD: Re: [ActiveDir] GPO not updating?
Brian,
I checked and the user is an admin on that PC. I verified that
the user is part of the group in that GPO.
Any other ideas?
From: ActiveDir-owner@mail.activedir.org[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Britt, Brian
Sent: Thursday, April 24, 2008 8:53 AM
To: ActiveDir@mail.activedir.org
Subject: RE: AD: Re: [ActiveDir] GPO not updating?
I ran into a similar problem once before on a secured machine.
The problem was with the setting, “Bypass Traverse Checking.” If the user is
not allowed to bypass traverse checking, they may not be able to get to the
directory where the GPO resides on the server. It may seem like the GPO is
applied but the settings are not. Once I allowed the user to Bypass traverse
Checking, the policy applied successfully.
Brian Britt
Vanderbilt University
Directory Services Specialist
From:ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On
Behalf Of mck1012
Sent: Thursday, April 24, 2008 8:34 AM
To: ActiveDir@mail.activedir.org
Subject: Re: AD: Re: [ActiveDir] GPO not updating?
How about if you run rsop.msc,
do you see the script listed.
----- Original Message ----
From: Carlton L. Whitmore <cwhitmore@Advocacyinc.org>
To: ActiveDir@mail.activedir.org
Sent: Thursday, April 24, 2008 9:29:05 AM
Subject: RE: AD: Re: [ActiveDir] GPO not updating?
Okay, I ran gpresult on the XP box and it shows that the GP is being appliedevery time I reboot.
I even went to the server (trak), that was applying the GP and verified thatthe GPO was correct. I also tried to apply it from the domain level, but when Icheck the XP box the GPO hasn't changed.
Here are the results:
Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 4/24/2008 at 8:24:45 AM
RSOP results for ADVOCACYINC\scriptuser on GENERIC-FE41A1A : Logging Mode
--------------------------------------------------------------------------
OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: ADVOCACYINC
Domain Type: Windows2000
Site Name: Default-First-Site-Name
Roaming Profile:
Local Profile: C:\Documents andSettings\scriptuser
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=GENERIC-FE41A1A,OU=PCs,DC=Advocacyinc,DC=org
Last time Group Policy was applied: 4/24/2008 at 8:11:54 AM
Group Policy was applied from: trak.Advocacyinc.org
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
New Group Policy Object
Log on Locally
Default Domain Policy
Local Group Policy
The computer is a part of the following security groups:
--------------------------------------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
GENERIC-FE41A1A$
Domain Computers
CERTSVC_DCOM_ACCESS
USER SETTINGS
--------------
CN=ScriptUser,OU=Test,DC=Advocacyinc,DC=org
Last time Group Policy was applied: 4/24/2008 at 8:20:57 AM
Group Policy was applied from: intake.Advocacyinc.org
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
New Group Policy Object
Default Domain Policy
The following GPOs were not applied because they were filteredout
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups:
----------------------------------------------------
Domain Users
Everyone
BUILTIN\Users
BUILTIN\Administrators
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
CompAdmin
Faxserve
CERTSVC_DCOM_ACCESS
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org[mailto:ActiveDir-owner@mail.activedir.org]On Behalf Of Mark Parris (L)
Sent: Thursday, April 24, 2008 1:52 AM
To: ActiveDir
Subject: Re: AD: Re: [ActiveDir] GPO not updating?
Do you have any other policies that could override your policy?
Run RSOP, see if yours is applied - and what else?
Regards,
Mark Parris
-----Original Message-----
From: "Rick Gomez" <febrero@dlpmx.com>
Date: Thu, 24 Apr 2008 00:59:11
To:<ActiveDir@mail.activedir.org>
Subject: AD: Re: [ActiveDir] GPO not updating?
run gpresult on the client to see if that GPO its being applied.
If its not then probably you are authenticating against a DC that has not replicatedthe new GPO.
Check FRS Event log to see if there are any errors.
Rick
----- Original Message -----
From: Carlton L. Whitmore <mailto:cwhitmore@Advocacyinc.org>
To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>
Sent: Wednesday, April 23, 2008 5:05 PM
Subject: [ActiveDir] GPO not updating?
I ™m trying to push the follow registry using the GPO from Windows 2003 AD.
Local Computer Policy -> Administrative Templates -> System -> Logon-> Always wait for the network at computer startup and logon (enable)
I ™ve tried it in two different OU ™s, one for users and the other forcomputers. I ™ve also changed it at the domain level.
Even if I manually run gpupdate /force it doesn ™t update. I know it ™s not arights issue because I can manually change the setting from the PC.
Any ideas why this isn ™t propagating from AD?
Carlton.
.+-Å wè Ûiÿü0Ã� §-Š÷ �Å º+ƒò⠲Ö ¬ §Ã¢ ²Ã‘@Bm §Ã¿Ã°ÃƒÅ“ ¶+Þv*è ®Ã‹Å ËE ¬ §Ã¢ ²Ã– «r ¯zm §Ã¿Ã°ÃƒÅ“ ¶+Þv*è ®Ã¦k÷^} « ¥ µ «)
.+-Šwè†Ûi ü0Á§-Š÷�Šº+ƒò ²Ö¬§ ²Ñ@Bm§ ðà ¶+Þv*è®ËŠËE¬§ ²Ö«r¯zm§ ðà ¶+Þv*è®æk÷^}«¥µ«)
Be a better friend, newshound, and know-it-all with Yahoo!Mobile. Try it now.
Be a better friend, newshound, and know-it-all with Yahoo!Mobile. Try
it now.
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
| | | |
|
|