RE: GPO does not apply on 2 computers unless the user is an Admin.....
- From: v-jasont@xxxxxxxxxxxxxxxxxxxx (Jason Tan (MSFT))
- Date: Fri, 30 Dec 2005 07:25:49 GMT
Dear James,
Thanks for posting!
I understand that 2 of over 50 Windows XP machines cannot apply GPO if the
logon user is a domain user without local admin privilege. If I have
misunderstood your concerns please feel free to let me know.
>From your description it seems that the issue is related to permission.
Howerver, it is hard to identify the root cause now. If only the two
machines experienced the issue, I suggest you check the policy by the
following method.
1. Please confirm if the issue can be reproduced when you login this two
machines with other domain users.
2. Please confirm if the policy applied as expected when you login the
other machines with this domain user.
3. Please run Resultant Set of Policy (RSoP) tool or Gpresult.exe in
command prompt to troubleshoot the issue.
Start->Run->Rsop.msc
For more detailed information, please refer to the following URL.
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-
us/rspintro.mspx
Applying Windows XP Group Policy in a Windows 2000 Domain
http://www.windowsecurity.com/articles/Windows-XP-Group-Policy-Windows-2000-
Domain-Part2.html
For more information, please refer to the following article:
298444 A Description of the Group Policy Update Utility
http://support.microsoft.com/?id=298444
321709 HOW TO: Use the Group Policy Results Tool in Windows 2000
http://support.microsoft.com/?id=321709
250842 Troubleshooting Group Policy application problems
http://support.microsoft.com/?id=250842
Please provide me with a MPS_Report for further research.
The Detailed steps are as the following:
=============================
Download the MPSRPT_NETWORK.EXE from the following link and then run this
tool to gather some information from the problematic computer:
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
15706/MPSRPT_NETWORK.EXE
To run this tool:
1. Double-click on the MPSRPT_NETWORK.EXE file.
I understand this process may take some time, however it will not have a
negative effect on the performance.
2. A CAB file will be generated in the
%systemroot%\MPSReports\Network\Reports\Cab directory called
%COMPUTERNAME%_MPSReports.CAB. The CAB file will contain the reports
generated by the MPS Reporting Tool.
3. Send the CAB file as an attachment to v-jasont@xxxxxxxxxxxxx
Hope my information helps. If there is anything that is unclear, please
feel free to let me know.
Best Regards,
Jason Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: GPO does not apply on 2 computers unless the user is an
Admin.....
| thread-index: AcYM0k63ifl6ZneoTnS0iOyQUfE8jw==
| X-WBNR-Posting-Host: 69.15.137.194
| From: "=?Utf-8?B?Q01DR3JvdXA=?=" <CMCGroup@xxxxxxxxxxxxxx>
| Subject: GPO does not apply on 2 computers unless the user is an
Admin.....
| Date: Thu, 29 Dec 2005 15:48:03 -0800
| Lines: 26
| Message-ID: <5588C62D-840F-4623-9FC6-5448D819BE5F@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.group_policy
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.group_policy:18040
| X-Tomcat-NG: microsoft.public.windows.group_policy
|
| I have, what I hope is an easy problem to fix---
|
| 2 computers (of over 50) will not apply several GPOs, unless the domain
| user, logging in, is in the local Admin group. I had the users that were
| logging on-in the local Power Users group, but it still doesnt work.
|
| When I take them out of the local Admin group and they login-their
desktop
| reverts back to a generic blue wallpaper and Dell Vendor website as a
| homepage in IE. It will not allow any changes to the desktop
configuration or
| "home" link for IE. I can tell the GPOs did not apply correctly because
these
| computers can access MMC snap-ins and the Windows Update page (which is
not
| permitted if the GPO applied correctly).
|
| Why do the policies work when the user is in the local Admin group??? I
have
| absolutly no problem as long as I keep the domain user logging into the
| machine in the local Admin group.
|
| Can anyone help? Thanks!!
|
|
|
| --
|
| -James Wright
| IT Manager
|
|
.
- Prev by Date: LocalSystem account to execute scheduled task
- Next by Date: Local Group Policy on Windows 2003?
- Previous by thread: LocalSystem account to execute scheduled task
- Next by thread: Local Group Policy on Windows 2003?
- Index(es):
Relevant Pages
|
