RE: GP in Terminal server
From: Bob Qin [MSFT] (bobqin_at_online.microsoft.com)
Date: 11/05/04
- Next message: Bill Bradley: "Detecting server vs. workstation type at login"
- Previous message: TimStokeUK: "Re: IE Branding problems using GP on Windows 2003"
- Next in thread: Bob Qin [MSFT]: "RE: GP in Terminal server"
- Maybe reply: Bob Qin [MSFT]: "RE: GP in Terminal server"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 05 Nov 2004 09:54:43 GMT
Hi Patrik,
I have check the userenv.log you sent to Jack. It seems that the user does
not have permissions to modify some user profile settings.
If the client uses Windows XP, please run Regedit to change the permissions
of HKEY_CURRENT_USER folder to the following:
Administrators, system, and everyone full control.
If it is Windows 2000, please run regedt32.
Now reboot computer and logon again.
What is the result?
Regards,
Bob Qin
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
From: "Update" <technet@update.se>
Subject: RE: GP in Terminal server
Date: Wed, 20 Oct 2004 04:40:02 -0700
Newsgroups: microsoft.public.windows.group_policy
Hi Bob,
Thanks for the reply.
The DNS is correctly pointing to the DC.
Before the user object lied in a sub OU, so I tried
making a new ou and a new Policy. Moved the user to the
new ou and enforced a update.
The result was computer recieving these GPOS: Local Group
policy, Default domain policy only. The policy in the OU
that the user was in before had disappeared but the new
policy is not applied.
Looked at the Troubleshooting link and what I found is a
lot of errors in the userenv file, but can't find
anything to do about it.
Here's the log output:
USERENV(42c.438) 02:00:00:187 Profile was loaded but the
Ref Count is 1 !!!
USERENV(42c.fa4) 02:00:06:718 MyRegUnLoadKey: Hive unload
for S-1-5-21-1844237615-412668190-725345543-500 failed
due to open registry key. Windows will try unloading the
registry hive once a second for the next 60 seconds (max).
USERENV(42c.fa4) 02:01:06:827 MyRegUnLoadKey: Windows was
not able to unload the registry hive.
USERENV(42c.fa4) 02:01:06:827 MyRegUnLoadKey: Failed to
unmount hive 5
USERENV(42c.fa4) 02:01:06:827 UnloadUserProfile: Didn't
unload user profile <err = 5>
USERENV(42c.fa4) 02:01:06:827 DumpOpenRegistryHandle: 2
user registry Handles leaked from \Registry\User\S-1-5-21-
1844237615-412668190-725345543-500
USERENV(123c.c50) 11:03:39:800 CreateEnvironmentBlock:
Failed to open HKEY_CURRENT_USER, error = 5
USERENV(123c.c50) 11:03:39:832
ExpandEnvironmentStringsForUser: CreateEnvironmentBlock
failed with = 203
USERENV(123c.ec0) 11:06:07:582 RegisterGPNotification:
CreateEvent failed with 5
USERENV(123c.ec0) 11:06:07:582 RegisterGPNotification:
CreateEvent failed with 5
USERENV(1044.1130) 11:21:08:597 CreateEnvironmentBlock:
Failed to open HKEY_CURRENT_USER, error = 5
USERENV(1044.1130) 11:21:08:628
ExpandEnvironmentStringsForUser: CreateEnvironmentBlock
failed with = 203
USERENV(148.1388) 11:21:09:566 CreateEnvironmentBlock:
Failed to open HKEY_CURRENT_USER, error = 5
USERENV(148.1388) 11:21:09:566
ExpandEnvironmentStringsForUser: CreateEnvironmentBlock
failed with = 203
Thankful for any help
Regards,
Patrik Gisselsson
>-----Original Message-----
>Hi Partrik,
>
>Thanks for your posting here.
>
>This behavior can occur if a DNS server address is not
correctly configured
>in the client computer's Internet Protocol (IP)
properties.
>
>To resolve this issue:
>
>1. Right-click My Network Places, and then click
Properties.
>
>2. Right-click Local Area Connection, and then click
Properties.
>
>3. Double-click Internet Protocol (TCP/IP).
>
>4. Click "Use the following DNS server addresses", and
then type the
>correct DNS server address. I recommend that you point
it to the same DNS
>server as your Domain Controller.
>
>You can use Gpresult.exe (a tool included in the
Microsoft Windows 2000
>Resource Kit) to troubleshoot group policy issues.
>
>You can also refer to the following document for more
information about
>troubleshooting procedures for Group Policy processing
on a Windows 2000
>client computer.
>
>250842 Troubleshooting Group Policy Application Problems
>http://support.microsoft.com/?id=250842
>
>Wish it helps.
>
>Regards,
>Bob Qin
>Microsoft Online Partner Support
>
>Get Secure! - www.microsoft.com/security
>
>====================================================
>When responding to posts, please "Reply to Group" via
your newsreader so
>that others may learn and benefit from your issue.
>====================================================
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>--------------------
> From: "Update" <technet@update.se>
> Subject: GP in Terminal server
> Date: Thu, 14 Oct 2004 10:52:28 -0700
> Newsgroups: microsoft.public.windows.group_policy
>
> I want to restrict a users desktop in W2000
Terminal
> server. Disable Internet explorer, controlpanel,
my
> network and so on. Made a OU for the restricted
user and
> moved the user there. Then added the OU GP with
the
> restrictions in user configuration. But the
restrictions
> does not apply. Tried checking block inheritance &
no
> overide, using secedit to update the policys,
adding a
> group with the user to the GP security.
> What should I do to make this work?
>
> Regards,
> Patrik Gisselsson
>
>
>.
>
- Next message: Bill Bradley: "Detecting server vs. workstation type at login"
- Previous message: TimStokeUK: "Re: IE Branding problems using GP on Windows 2003"
- Next in thread: Bob Qin [MSFT]: "RE: GP in Terminal server"
- Maybe reply: Bob Qin [MSFT]: "RE: GP in Terminal server"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
