Re: Path Rules - Enabled Paths sometime are restricted
- From: "Kirk Miller" <UCanSendemailtothefollowing-kirk@xxxxxxxxx>
- Date: Wed, 7 Sep 2005 15:16:05 -0700
Thanks for the info! We had the problem crop up again today on a users
machine I ran netdiag and dcdiag. Both showed no problems on the network and
all DC were as expected and DNS records were good. We manage our own DNS and
run all XP SP2 with Microsoft Update installed on a 2003 native network.
We ran rsop on the client machine and the following path exception was
missing:
C:\Program Files\Quest Technologies\QuestSuite Professional
The exact order of the path rules on the server include the following
C:\Program Files\QuarkXPress Passport
C:\Program Files\Quest Technologies\QuestSuite Professional
c:\Program Files\QUICKEN
The path in front and behind were both present on the client.
According to gpresult, the proper policy was applied and came from our
domain controler named SKIP. I looked on Skip and all three lines above are
in the policy and it was added to the policy on aug 25. This path was
working this morning at 8 am.
The user said he worked in the program most of the day and closed it. When
he re-opened it, he received the denied error.
What else can I check? Why would this one path be left out of the policy?
Does XP store the path rules that are currently being used... and when the
policy gets refreshed (we refresh once per hour) it conflicts? Any thoughts
or other ideas we should check?
Machine is
"Steven L Umbach" wrote:
> Next time that it happens try running the Resultant Set of Policy mmc snapin
> on that computer and check to see if the rules for SRP are coming from the
> GPO you expect. You also could use the support tool gpresult to do much of
> the same and it will also show the last time that GP was applied and from
> what domain controller. Also look in Event Viewer system and application
> logs to see if anything helpful is reported there and run the support tool
> netdiag to see if any problems are found with dns, dc discovery, or
> trust/secure channel. Since you are experiencing problems with inconsistent
> application of Group Policy I would also run netdiag, dcdiag, and gpotool on
> your domain controllers and verify that dns is correct for your domain per
> the link below. Make sure that you NEVER list an ISP dns server as a
> preferred dns server for any domain computer. The support tools are on the
> install disk in the support/tools folder where you run the setup program
> there to install them as a group. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382 --- DNS
> FAQ for Active Directory
>
> "Kirk Miller" <UCanSendemailtothefollowing-kirk@xxxxxxxxx> wrote in message
> news:1F9210A5-286A-4716-8DBA-ABE8EA4949BB@xxxxxxxxxxxxxxxx
> >I have a problem where programs which are enabled via Path rules sometimes
> > will still be blocked. The paths are correct and work 80% of the time,
> > but
> > sometimes you will click and receive the restricted message. Somtimes it
> > happens to IE, sometimes to an FTP program, sometimes something else.
> > Doing
> > a GPUpdate/force/reboot solves the problem.... but it might crop up later.
> >
> > I have seen this problem on both 16 bit and 32 bit applicatiosns. What
> > should I look for?
> >
> > Thanks!
>
>
>
.
- Follow-Ups:
- Re: Path Rules - Enabled Paths sometime are restricted
- From: Steven Umbach
- Re: Path Rules - Enabled Paths sometime are restricted
- References:
- Path Rules - Enabled Paths sometime are restricted
- From: Kirk Miller
- Re: Path Rules - Enabled Paths sometime are restricted
- From: Steven L Umbach
- Path Rules - Enabled Paths sometime are restricted
- Prev by Date: Re: HELP
- Next by Date: Re: Group Policy not applied after reboot (intermittent)
- Previous by thread: Re: Path Rules - Enabled Paths sometime are restricted
- Next by thread: Re: Path Rules - Enabled Paths sometime are restricted
- Index(es):
Relevant Pages
|
