Re: GPO testing
- From: Scott <scotts@xxxxxxxxxxxxxx>
- Date: Thu, 19 Oct 2006 09:23:28 -0700
Hi Florian,
Installed the Microsoft User Profile Hive Cleanup Service as you suggested and restarted the XP workstation. Did a secedit /REFRESHPOLICY [machine && user]_policy /ENFORCE on the server. Did a gpupdate /FORCE on the workstation. Then used the RSoP snap-in for the mmc to test to see if the GPO was applied. It wasn't applied and even worse I removed one of my users from a different security group and that was not updated. Under "Security Group Membership when Group Policy was applied." the user is still a member of the security group I removed it from a couple days ago. This is why I have no idea what is going on with this processing of the GPOs and the updating of the policy.
I wish Microsoft would come up with a way to give admins more information about the status of group policy processing. Is there any way I can enable logging of every stage of the group policy processing and updating of the policy? I already have extended logging in the event log and it prints out about 50 messages every time I refresh the policy but there are no errors! There has to be an error somewhere.
Cheers,
Scott
Florian Frommherz wrote:
Howdie Scott!.
Scott wrote:
To answer Toni's question, I did log in as one of the users in the test OU.
Okay!
This output is from the tail of the userenv.log :
USERENV(e4.90) 16:55:07:843 MyRegUnLoadKey: Hive unload for S-1-5-21-4033885032-1064338026-362975531-500 failed due to open registry key. Windows will try unloading the registry hive once a second for the next 60 seconds (max).
USERENV(e4.90) 16:56:07:859 MyRegUnLoadKey: Windows was not able to unload the registry hive.
[...]
On my first read through your log, it seems like Windows couldn't unload the user hive - I don't know as to how this is related to your issue but I'd recommend you to install the following service onto the client machine:
"Microsoft User Profile Hive Cleanup Service"
http://www.microsoft.com/downloads/details.aspx?FamilyID=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en
Event Type: Information
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 10/18/2006
Time: 11:14:01 AM
User: NT AUTHORITY\SYSTEM
Computer: JRCNAV
Description:
Windows did not apply extension Application Management, and flags are (0x90007).
This message just indicates that the Application Management Extensions are not processed as you are in the extended logging mode. It's just a information for you.
If the policy not working is this roaming profiles policy, please check the "User Profile Hive Cleanup Service" and install it on the clients. If this doesn't resolve your issue, feel free to post back!
cheers,
Florian
- Follow-Ups:
- Re: GPO testing
- From: Florian Frommherz
- Re: GPO testing
- From: T. Uranjek
- Re: GPO testing
- References:
- GPO testing
- From: Scott
- Re: GPO testing
- From: Florian Frommherz
- Re: GPO testing
- From: Scott
- Re: GPO testing
- From: Florian Frommherz
- GPO testing
- Prev by Date: GPO Management
- Next by Date: Re: GPO testing
- Previous by thread: Re: GPO testing
- Next by thread: Re: GPO testing
- Index(es):
Relevant Pages
|
