| Author | Messages | |
cwhitmore
Posts:21
 | | 04/23/2008 6:07 PM |
| I'm trying to push the follow registry using the GPO from Windows 2003
AD.
Local Computer Policy -> Administrative Templates -> System -> Logon ->
Always wait for the network at computer startup and logon (enable)
I've tried it in two different OU's, one for users and the other for
computers. I've also changed it at the domain level.
Even if I manually run gpupdate /force it doesn't update. I know it's
not a rights issue because I can manually change the setting from the
PC.
Any ideas why this isn't propagating from AD?
Carlton.
| | | |
| bsonposh
Posts:171
| | 04/23/2008 7:23 PM |
| 1) This needs to be applied somewhere in the OU hierarchy where the Computer
Account Resides... the User is irrelevant.
2) GPOs are stored in the Filesystem of a DC in a what we call Sysvol. This
replicates separately then AD.
3) Did you reboot the client? Just curious.
Questions
- do you have multiple sites?
- how long did you wait?
On Wed, Apr 23, 2008 at 6:05 PM, Carlton L. Whitmore <
cwhitmore@advocacyinc.org> wrote:
> I'm trying to push the follow registry using the GPO from Windows 2003
> AD.
>
> Local Computer Policy -> Administrative Templates -> System -> Logon ->
> Always wait for the network at computer startup and logon (enable)
>
>
>
> I've tried it in two different OU's, one for users and the other for
> computers. I've also changed it at the domain level.
>
> Even if I manually run gpupdate /force it doesn't update. I know it's not
> a rights issue because I can manually change the setting from the PC.
>
>
>
> Any ideas why this isn't propagating from AD?
>
> Carlton.
>
>
>
| | | |
| mck1012
Posts:40
| | 04/23/2008 8:24 PM |
| Have you rebooted the computer. If you run gpresults is the GPO you created applied to that computer.
----- Original Message ----
From: Carlton L. Whitmore <cwhitmore@Advocacyinc.org>
To: ActiveDir@mail.activedir.org
Sent: Wednesday, April 23, 2008 6:05:54 PM
Subject: [ActiveDir] GPO not updating?
<!--
_filtered {font-family:"Cambria Math";panose-1:2 4 5 3 5 4 6 3 2 4;}
_filtered {font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;margin-bottom:.0001pt;font-size:11.0pt;font-family:"Calibri", "sans-serif";}
a:link, span.MsoHyperlink
{color:blue;text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;text-decoration:underline;}
span.EmailStyle17
{font-family:"Calibri", "sans-serif";color:windowtext;}
.MsoChpDefault
{}
_filtered {margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{}
-->
Iʼm trying to push the follow registry using the GPO from
Windows 2003 AD.
Local Computer Policy -> Administrative Templates -> System
-> Logon -> Always wait for the network at computer startup and logon
(enable)
Iʼve tried it in two different OUʼs, one for
users and the other for computers. Iʼve also changed it at the domain
level.
Even if I manually run gpupdate /force it doesnʼt
update. I know itʼs not a rights issue because I can manually change the
setting from the PC.
Any ideas why this isnʼt propagating from AD?
Carlton.
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
| | | |
| cwhitmore
Posts:21
| | 04/23/2008 11:02 PM |
| Yes, I've reboot the PC several times. I tried the setting on both the OU for the computer and the OU for the user.
The computer is connected to a 1GB switch (same one as the server). I waited 10 minutes.
________________________________
From: ActiveDir-owner@mail.activedir.org on behalf of Brandon Shell
Sent: Wed 4/23/2008 6:21 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] GPO not updating?
1) This needs to be applied somewhere in the OU hierarchy where the Computer Account Resides... the User is irrelevant.
2) GPOs are stored in the Filesystem of a DC in a what we call Sysvol. This replicates separately then AD.
3) Did you reboot the client? Just curious.
Questions
- do you have multiple sites?
- how long did you wait?
On Wed, Apr 23, 2008 at 6:05 PM, Carlton L. Whitmore <cwhitmore@advocacyinc.org> wrote:
I'm trying to push the follow registry using the GPO from Windows 2003 AD.
Local Computer Policy -> Administrative Templates -> System -> Logon -> Always wait for the network at computer startup and logon (enable)
I've tried it in two different OU's, one for users and the other for computers. I've also changed it at the domain level.
Even if I manually run gpupdate /force it doesn't update. I know it's not a rights issue because I can manually change the setting from the PC.
Any ideas why this isn't propagating from AD?
Carlton.
| | | |
| bsonposh
Posts:171
| | 04/23/2008 11:22 PM |
| - do you have multiple sites?
- how many Domain Controllers?
- any NTFRS Errors on the DCs?
- what is the client?
On Wed, Apr 23, 2008 at 10:57 PM, Carlton L. Whitmore <
cwhitmore@advocacyinc.org> wrote:
> Yes, I've reboot the PC several times. I tried the setting on both the OU
> for the computer and the OU for the user.
> The computer is connected to a 1GB switch (same one as the server). I
> waited 10 minutes.
>
>
> ________________________________
>
> From: ActiveDir-owner@mail.activedir.org on behalf of Brandon Shell
> Sent: Wed 4/23/2008 6:21 PM
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir] GPO not updating?
>
>
> 1) This needs to be applied somewhere in the OU hierarchy where the
> Computer Account Resides... the User is irrelevant.
> 2) GPOs are stored in the Filesystem of a DC in a what we call Sysvol.
> This replicates separately then AD.
> 3) Did you reboot the client? Just curious.
>
> Questions
> - do you have multiple sites?
> - how long did you wait?
>
>
> On Wed, Apr 23, 2008 at 6:05 PM, Carlton L. Whitmore <
> cwhitmore@advocacyinc.org> wrote:
>
>
> I'm trying to push the follow registry using the GPO from Windows
> 2003 AD.
>
> Local Computer Policy -> Administrative Templates -> System ->
> Logon -> Always wait for the network at computer startup and logon (enable)
>
>
>
> I've tried it in two different OU's, one for users and the other
> for computers. I've also changed it at the domain level.
>
> Even if I manually run gpupdate /force it doesn't update. I know
> it's not a rights issue because I can manually change the setting from the
> PC.
>
>
>
> Any ideas why this isn't propagating from AD?
>
> Carlton.
>
>
>
>
>
| | | |
| kevinbrunson
Posts:44
| | 04/24/2008 12:03 AM |
| It will definitely need to be applied to the computer's OU, not the user's. If it is applied to the computer OU, but not working, then I suspect something set incorrectly on the Security tab of the GPO. Do you have Read and Apply Group Policy set to Allow for either the computer or a group that includes the computer? Do you have any Deny entries that would override the Allow?
If none of that applies, then I would suggest running RSOP.MSC against that computer account to see if the policy shows up there.
Kevin
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Carlton L. Whitmore
Sent: Wednesday, April 23, 2008 9:57 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] GPO not updating?
Yes, I've reboot the PC several times. I tried the setting on both the OU for the computer and the OU for the user.
The computer is connected to a 1GB switch (same one as the server). I waited 10 minutes.
________________________________
From: ActiveDir-owner@mail.activedir.org on behalf of Brandon Shell
Sent: Wed 4/23/2008 6:21 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] GPO not updating?
1) This needs to be applied somewhere in the OU hierarchy where the Computer Account Resides... the User is irrelevant.
2) GPOs are stored in the Filesystem of a DC in a what we call Sysvol. This replicates separately then AD.
3) Did you reboot the client? Just curious.
Questions
- do you have multiple sites?
- how long did you wait?
On Wed, Apr 23, 2008 at 6:05 PM, Carlton L. Whitmore <cwhitmore@advocacyinc.org<mailto:cwhitmore@advocacyinc.org>> wrote:
I'm trying to push the follow registry using the GPO from Windows 2003 AD.
Local Computer Policy -> Administrative Templates -> System -> Logon -> Always wait for the network at computer startup and logon (enable)
I've tried it in two different OU's, one for users and the other for computers. I've also changed it at the domain level.
Even if I manually run gpupdate /force it doesn't update. I know it's not a rights issue because I can manually change the setting from the PC.
Any ideas why this isn't propagating from AD?
Carlton.
| | | |
| febrero
Posts:4
| | 04/24/2008 2:00 AM |
| run gpresult on the client to see if that GPO its being applied.
If its not then probably you are authenticating against a DC that has not replicated the new GPO.
Check FRS Event log to see if there are any errors.
Rick
----- Original Message -----
From: Carlton L. Whitmore
To: ActiveDir@mail.activedir.org
Sent: Wednesday, April 23, 2008 5:05 PM
Subject: [ActiveDir] GPO not updating?
I’m trying to push the follow registry using the GPO from Windows 2003 AD.
Local Computer Policy -> Administrative Templates -> System -> Logon -> Always wait for the network at computer startup and logon (enable)
I’ve tried it in two different OU’s, one for users and the other for computers. I’ve also changed it at the domain level.
Even if I manually run gpupdate /force it doesn’t update. I know it’s not a rights issue because I can manually change the setting from the PC.
Any ideas why this isn’t propagating from AD?
Carlton.
| | | |
|
|