Re: GP not applying for W2000 TS User
From: Update (technet_at_update.se)
Date: 11/05/04
- Next message: barabba: "folder redirection persists.....problem !"
- Previous message: Tony: "GPO to turn off Folder options/View/...."
- In reply to: Gabe Knuth: "Re: GP not applying for W2000 TS User"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 5 Nov 2004 10:00:20 -0800
Checked the security again and authenticated users have
permission to apply the policy.
Nothing showes in the App log and running GPresult still
ends up in only the GP with the loopback setting under:
computer received "Registry" setting from these GPOs.
I have done a simular configuration on another customers
W2003 Terminal server and it works without any problem.
This is so frustrating.
Regards,
Patrik
>-----Original Message-----
>Haha...well, one down, and a new one to go.
>
>Have you done anything with security on the policy that
isn't working?
>Check the permissions and make sure that the desired
users/groups/computers
>have access to apply it.
>
>Also, after you log on, check the App log on the TS to
see if there are any
>group policy errors. Those can be quite informative.
>
>
>"Update" <technet@update.se> wrote in message
>news:311f01c4c2a9$15ac6e20$a401280a@phx.gbl...
>> Tried making a separate GP with the loopback setting.
>> Enabled loopback on the TS as well & tried different
>> loopback settings.
>> Now when I login and run GPresult it showes only the
new
>> GP with the loopback setting. The old GP with the real
>> settings is not listed.
>>
>> Regards,
>> Patrik
>>
>> >-----Original Message-----
>> >Make sure your loopback setting is in a different
policy
>> than your other
>> >configurations. I run into that problem all the time.
>> >
>> >Also, if that doesn't work, you could try turning it
on
>> using gpedit.msc on
>> >the actual server (not bad if you only have a few, a
>> total pain if you have
>> >a bunch of TS servers).
>> >
>> >Also, check the loopback processing mode...it can
either
>> be set to Merge or
>> >Replace. Fool around with those a bit to see if that
>> fixes you.
>> >
>> >"technet@update.se"
>> <anonymous@discussions.microsoft.com> wrote in message
>> >news:3f7e01c4c24c$2efa86d0$a301280a@phx.gbl...
>> >> I want to restrict a single users access to
internet in
>> >> W2000 Terminal server using Group policy.
>> >> Made a OU and assigned a new GP to it. Tried moving
the
>> >> TS computer in the OU and enabled the loopback
setting.
>> >> My problem is that running the GP result in the user
>> >> session states that the computer recieved registry
>> >> settings from the GPO but the IE icon is still on
the
>> >> desktop and the other restrictions doesn't apply.
>> >> Any manual change to the settings in internet
explorer
>> is
>> >> also completely ignored.
>> >> What could be the problem?
>> >>
>> >> Here's a verbose version of the user env log: (the
GPO
>> is
>> >> named T)
>> >> USERENV(964.1454) 08:25:25:832 ProcessGPOs: User
name
>> >> is: CN=Casawin
>> >> Terminal,OU=Terminaler,DC=aristok,DC=local, Domain
name
>> >> is: ARISTOK
>> >> USERENV(964.1454) 08:25:25:832 ProcessGPOs: Domain
>> >> controller is: \\aristodc.aristok.local Domain DN
is
>> >> aristok.local
>> >> USERENV(964.1454) 08:25:25:832 MyGetDomainDNSName:
>> >> Successfully determined fqdn CN=Casawin
>> >> Terminal,OU=Terminaler,DC=aristok,DC=local
>> >> USERENV(964.1454) 08:25:25:832 MyGetDomainDNSName:
>> >> Successfully obtained domain dns name aristok.local
>> >> USERENV(964.1454) 08:25:25:832 ReadStatus: Failed to
>> open
>> >> reg key with 5.
>> >> USERENV(964.1454) 08:25:25:832 ReadStatus: Failed to
>> open
>> >> reg key with 5.
>> >> USERENV(964.1454) 08:25:25:848 ProcessGPOs: Calling
>> >> GetGPOInfo for normal policy mode
>> >> USERENV(964.1454) 08:25:25:848 GetGPOInfo:
>> >> ********************************
>> >> USERENV(964.1454) 08:25:25:848 GetGPOInfo:
Entering...
>> >> USERENV(964.1454) 08:25:25:848 GetGPOInfo: Server
>> >> connection established.
>> >> USERENV(964.1454) 08:25:25:863 GetGPOInfo: Bound
>> >> successfully.
>> >> USERENV(964.1454) 08:25:25:879 SearchDSObject:
>> Searching
>> >> <OU=Terminaler,DC=aristok,DC=local>
>> >> USERENV(964.1454) 08:25:25:879 SearchDSObject:
Found
>> GPO
>> >> (s): <[LDAP://CN={62DA425B-C651-458C-9A93-
>> >>
>>
5590DA4F0540},CN=Policies,CN=System,DC=aristok,DC=local;2]
>> >> >
>> >> USERENV(964.1454) 08:25:25:879 ProcessGPO:
>> >> ==============================
>> >> USERENV(964.1454) 08:25:25:879 ProcessGPO:
Deferring
>> >> search for <LDAP://CN={62DA425B-C651-458C-9A93-
>> >>
>>
5590DA4F0540},CN=Policies,CN=System,DC=aristok,DC=local>
>> >> USERENV(964.1454) 08:25:25:879 SearchDSObject:
>> Searching
>> >> <DC=aristok,DC=local>
>> >> USERENV(964.1454) 08:25:25:879 SearchDSObject:
Found
>> GPO
>> >> (s): <[LDAP://CN={31B2F340-016D-11D2-945F-
>> >>
>>
00C04FB984F9},CN=Policies,CN=System,DC=aristok,DC=local;0]
>> >> >
>> >> USERENV(964.1454) 08:25:25:879 ProcessGPO:
>> >> ==============================
>> >> USERENV(964.1454) 08:25:25:879 ProcessGPO:
Deferring
>> >> search for <LDAP://CN={31B2F340-016D-11D2-945F-
>> >>
>>
00C04FB984F9},CN=Policies,CN=System,DC=aristok,DC=local>
>> >> USERENV(964.1454) 08:25:25:894 SearchDSObject:
>> Searching
>> >> <CN=Default-First-
>> >> Site,CN=Sites,CN=Configuration,DC=aristok,DC=local>
>> >> USERENV(964.1454) 08:25:25:894 SearchDSObject: No
GPO
>> (s)
>> >> for this object.
>> >> USERENV(964.1454) 08:25:25:894 EvaluateDeferredGPOs:
>> >> Searching for GPOs in
>> >> cn=policies,cn=system,DC=aristok,DC=local
>> >> USERENV(964.1454) 08:25:25:894 ProcessGPO:
>> >> ==============================
>> >> USERENV(964.1454) 08:25:25:894 ProcessGPO:
Searching
>> <CN=
>> >> {62DA425B-C651-458C-9A93-
>> >>
>>
5590DA4F0540},CN=Policies,CN=System,DC=aristok,DC=local>
>> >> USERENV(964.1454) 08:25:25:894 ProcessGPO: User has
>> >> access to this GPO.
>> >> USERENV(964.1454) 08:25:25:894 ProcessGPO: Found
>> >> functionality version of: 2
>> >> USERENV(964.1454) 08:25:25:894 ProcessGPO: Found
file
>> >> system path of:
>> >>
>>
<\\aristok.local\SysVol\aristok.local\Policies\{62DA425B-
>> >> C651-458C-9A93-5590DA4F0540}>
>> >> USERENV(964.1454) 08:25:25:910 ProcessGPO: Found
>> common
>> >> name of: <{62DA425B-C651-458C-9A93-5590DA4F0540}>
>> >> USERENV(964.1454) 08:25:25:910 ProcessGPO: Found
>> display
>> >> name of: <T>
>> >> USERENV(964.1454) 08:25:25:910 ProcessGPO: Found
user
>> >> version of: GPC is 6, GPT is 6
>> >> USERENV(964.1454) 08:25:25:910 ProcessGPO: Found
flags
>> >> of: 0
>> >> USERENV(964.1454) 08:25:25:910 ProcessGPO: Found
>> >> extensions: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}
>> >> {0F6B957E-509E-11D1-A7CC-0000F87571E3}]
>> >> USERENV(964.1454) 08:25:25:910 ProcessGPO:
>> >> ==============================
>> >> USERENV(964.1454) 08:25:25:910 ProcessGPO:
>> >> ==============================
>> >> USERENV(964.1454) 08:25:25:910 ProcessGPO:
Searching
>> <CN=
>> >> {31B2F340-016D-11D2-945F-
>> >>
>>
00C04FB984F9},CN=Policies,CN=System,DC=aristok,DC=local>
>> >> USERENV(964.1454) 08:25:25:910 ProcessGPO: User has
>> >> access to this GPO.
>> >> USERENV(964.1454) 08:25:25:910 ProcessGPO: Found
>> >> functionality version of: 2
>> >> USERENV(964.1454) 08:25:25:910 ProcessGPO: Found
file
>> >> system path of:
>> >>
>>
<\\aristok.local\sysvol\aristok.local\Policies\{31B2F340-
>> >> 016D-11D2-945F-00C04FB984F9}>
>> >> USERENV(964.1454) 08:25:25:926 ProcessGPO: Found
>> common
>> >> name of: <{31B2F340-016D-11D2-945F-00C04FB984F9}>
>> >> USERENV(964.1454) 08:25:25:926 ProcessGPO: Found
>> display
>> >> name of: <Default Domain Policy>
>> >> USERENV(964.1454) 08:25:25:926 ProcessGPO: Found
user
>> >> version of: GPC is 1, GPT is 1
>> >> USERENV(964.1454) 08:25:25:926 ProcessGPO: Found
flags
>> >> of: 0
>> >> USERENV(964.1454) 08:25:25:926 ProcessGPO: Found
>> >> extensions: [{3060E8D0-7020-11D2-842D-00C04FA372D4}
>> >> {3060E8CE-7020-11D2-842D-00C04FA372D4}]
>> >> USERENV(964.1454) 08:25:25:926 ProcessGPO:
>> >> ==============================
>> >> USERENV(964.1454) 08:25:25:926 GetGPOInfo: GPO
Local
>> >> Group Policy doesn't contain any data since the
version
>> >> number is 0. It will be skipped.
>> >> USERENV(964.1454) 08:25:25:926 GetGPOInfo: Leaving
>> with 1
>> >> USERENV(964.1454) 08:25:25:926 GetGPOInfo:
>> >> ********************************
>> >> USERENV(964.1454) 08:25:25:926 ProcessGPOs:
>> >> OpenThreadToken failed with error 1008, assuming
thread
>> >> is not impersonating
>> >> USERENV(964.1454) 08:25:25:926 ProcessGPOs: --------
---
>> ---
>> >> ---------
>> >> USERENV(964.1454) 08:25:25:926 ProcessGPOs:
Processing
>> >> extension Registry
>> >> USERENV(964.1454) 08:25:25:941 CompareGPOLists: The
>> >> lists are the same.
>> >> USERENV(964.1454) 08:25:25:941 CheckGPOs: No GPO
>> changes
>> >> and no security group membership change and
extension
>> >> Registry has NoGPOChanges set.
>> >> USERENV(964.1454) 08:25:25:941 ProcessGPOs: --------
---
>> ---
>> >> ---------
>> >> USERENV(964.1454) 08:25:25:941 ProcessGPOs: --------
---
>> ---
>> >> ---------
>> >> USERENV(964.1454) 08:25:25:941 ProcessGPOs:
Processing
>> >> extension Folder Redirection
>> >> USERENV(964.1454) 08:25:25:941 CompareGPOLists: The
>> >> lists are the same.
>> >> USERENV(964.1454) 08:25:25:941 CheckGPOs: No GPO
>> changes
>> >> but couldn't read extension Folder Redirection's
status
>> >> or policy time.
>> >> USERENV(964.1454) 08:25:25:941 ProcessGPOs:
Extension
>> >> Folder Redirection skipped because both deleted and
>> >> changed GPO lists are empty.
>> >> USERENV(964.1454) 08:25:25:941 ProcessGPOs: --------
---
>> ---
>> >> ---------
>> >> USERENV(964.1454) 08:25:25:941 ProcessGPOs:
Processing
>> >> extension Microsoft Disk Quota
>> >> USERENV(964.1454) 08:25:25:941 ProcessGPOs:
Extension
>> >> Microsoft Disk Quota skipped with flags 0x6.
>> >> USERENV(964.1454) 08:25:25:941 ProcessGPOs: --------
---
>> ---
>> >> ---------
>> >> USERENV(964.1454) 08:25:25:941 ProcessGPOs:
Processing
>> >> extension Scripts
>> >> USERENV(964.1454) 08:25:25:941 CompareGPOLists: The
>> >> lists are the same.
>> >> USERENV(964.1454) 08:25:25:941 CheckGPOs: No GPO
>> changes
>> >> but couldn't read extension Scripts's status or
policy
>> >> time.
>> >> USERENV(964.1454) 08:25:25:941 ProcessGPOs:
Extension
>> >> Scripts skipped because both deleted and changed GPO
>> >> lists are empty.
>> >> USERENV(964.1454) 08:25:25:941 ProcessGPOs: --------
---
>> ---
>> >> ---------
>> >> USERENV(964.1454) 08:25:25:941 ProcessGPOs:
Processing
>> >> extension Security
>> >> USERENV(964.1454) 08:25:25:941 ProcessGPOs:
Extension
>> >> Security skipped with flags 0x6.
>> >> USERENV(964.1454) 08:25:25:941 ProcessGPOs: --------
---
>> ---
>> >> ---------
>> >> USERENV(964.1454) 08:25:25:941 ProcessGPOs:
Processing
>> >> extension Internet Explorer Branding
>> >> USERENV(964.1454) 08:25:25:941 CompareGPOLists: The
>> >> lists are the same.
>> >> USERENV(964.1454) 08:25:25:957 CheckGPOs: No GPO
>> changes
>> >> but extension Internet Explorer Branding had
returned
>> >> ERROR_OVERRIDE_NOCHANGES for previous policy
processing
>> >> call.
>> >> USERENV(964.1454) 08:25:25:957 ProcessGPOs:
Extension
>> >> Internet Explorer Branding skipped because both
deleted
>> >> and changed GPO lists are empty.
>> >> USERENV(964.1454) 08:25:25:957 ProcessGPOs: --------
---
>> ---
>> >> ---------
>> >> USERENV(964.1454) 08:25:25:957 ProcessGPOs:
Processing
>> >> extension EFS recovery
>> >> USERENV(964.1454) 08:25:25:957 ProcessGPOs:
Extension
>> EFS
>> >> recovery skipped with flags 0x6.
>> >> USERENV(964.1454) 08:25:25:957 ProcessGPOs: --------
---
>> ---
>> >> ---------
>> >> USERENV(964.1454) 08:25:25:957 ProcessGPOs:
Processing
>> >> extension Application Management
>> >> USERENV(964.1454) 08:25:25:957 ProcessGPOs:
Extension
>> >> Application Management skipped with flags 0x6.
>> >> USERENV(964.1454) 08:25:25:957 ProcessGPOs: --------
---
>> ---
>> >> ---------
>> >> USERENV(964.1454) 08:25:25:957 ProcessGPOs:
Processing
>> >> extension IP Security
>> >> USERENV(964.1454) 08:25:25:957 ProcessGPOs:
Extension
>> IP
>> >> Security skipped with flags 0x6.
>> >> USERENV(964.1454) 08:25:25:957
>> >> LeaveCriticalPolicySection: Critical section 0x1a4
has
>> >> been released.
>> >> USERENV(964.1454) 08:25:25:957 ProcessGPOs: User
Group
>> >> Policy has been applied.
>> >> USERENV(964.1454) 08:25:25:957 ProcessGPOs: Leaving
>> with
>> >> 1.
>> >> USERENV(964.1454) 08:25:25:957 ApplyGroupPolicy:
>> Leaving
>> >> successfully.
>> >> USERENV(f48.1368) 08:25:26:098 LibMain: Process
Name:
>> >> C:\WINNT\system32\userinit.exe
>> >> USERENV(964.1344) 08:25:26:988 GPOThread: Next
refresh
>> >> will happen in 98 minutes
>> >> USERENV(93c.8e4) 08:25:36:019 LibMain: Process Name:
>> >> C:\WINNT\system32\ipconfig.exe
>> >> USERENV(8e4.93c) 08:25:40:191 LibMain: Process Name:
>> >> C:\WINNT\system32\gpresult.exe
>> >> USERENV(8e4.93c) 08:25:40:191
>> EnterCriticalPolicySection:
>> >> User critical section has been claimed. Handle =
0x39c
>> >> USERENV(8e4.93c) 08:25:40:191
>> EnterCriticalPolicySection:
>> >> Machine critical section has been claimed. Handle =
>> 0x398
>> >> USERENV(8e4.93c) 08:25:40:988 GetAppliedGPOList:
>> >> Entering. Extension = {35378EAC-683F-11D2-A89A-
>> >> 00C04FBBCFA2}
>> >> USERENV(8e4.93c) 08:25:40:988 GetAppliedGPOList:
>> >> Entering. Extension = {25537BA6-77A8-11D2-9B6C-
>> >> 0000F8080861}
>> >> USERENV(8e4.93c) 08:25:40:988 GetAppliedGPOList:
>> >> Entering. Extension = {3610EDA5-77EF-11D2-8DC5-
>> >> 00C04FA31A66}
>> >> USERENV(8e4.93c) 08:25:40:988 GetAppliedGPOList:
>> >> Entering. Extension = {42B5FAAE-6536-11D2-AE5A-
>> >> 0000F87571E3}
>> >> USERENV(8e4.93c) 08:25:40:988 GetAppliedGPOList:
>> >> Entering. Extension = {827D319E-6EAC-11D2-A4EA-
>> >> 00C04F79F83A}
>> >> USERENV(8e4.93c) 08:25:41:004 GetAppliedGPOList:
>> >> Entering. Extension = {A2E30F80-D7DE-11D2-BBDE-
>> >> 00C04F86AE3B}
>> >> USERENV(8e4.93c) 08:25:41:004 GetAppliedGPOList:
>> >> Entering. Extension = {B1BE8D72-6EAC-11D2-A4EA-
>> >> 00C04F79F83A}
>> >> USERENV(8e4.93c) 08:25:41:019 GetAppliedGPOList:
>> >> Entering. Extension = {C6DC5466-785A-11D2-84D0-
>> >> 00C04FB169F7}
>> >> USERENV(8e4.93c) 08:25:41:113 GetAppliedGPOList:
>> >> Entering. Extension = {E437BC1C-AA7D-11D2-A382-
>> >> 00C04F991E27}
>> >> USERENV(8e4.93c) 08:25:41:113
>> LeaveCriticalPolicySection:
>> >> Critical section 0x39c has been released.
>> >> USERENV(8e4.93c) 08:25:41:113
>> LeaveCriticalPolicySection:
>> >> Critical section 0x398 has been released.
>> >> USERENV(964.ba0) 08:25:57:973 UnloadUserProfile:
>> >> Entering, hProfile = <0x160>
>> >> USERENV(964.ba0) 08:25:57:973 GetUserMutex:
entering
>> >> USERENV(964.ba0) 08:25:57:973 GetUserMutex:
Waiting...
>> >> USERENV(964.ba0) 08:25:57:973 GetUserMutex: Wait
>> >> succeeded. Mutex currently held.
>> >> USERENV(964.ba0) 08:25:57:973 UnloadUserProfile:
>> Didn't
>> >> unload user profile, Ref Count is 2
>> >> USERENV(964.ba0) 08:25:57:973 LoadUserProfile:
>> Releasing
>> >> mutex.
>> >> USERENV(964.ba0) 08:25:57:973 UnloadUserProfile:
>> Leaving
>> >> with a return value of 1
>> >>
>> >> Regards,
>> >> Patrik
>> >>
>> >
>> >
>> >.
>> >
>
>
>.
>
- Next message: barabba: "folder redirection persists.....problem !"
- Previous message: Tony: "GPO to turn off Folder options/View/...."
- In reply to: Gabe Knuth: "Re: GP not applying for W2000 TS User"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
