Re: Overwritten ADM files - recovery?

Taking into workgroup and back into domain did not work.
I also find this morning that my desktop users also now have no proxy, and
I've not touched the Desktops GPO !

ANY advice before I ring PSS (and likely have to reset all and start from
scratch), would be greatly appreciated.

Dave

"Dave Swales" wrote:

Hi Mark,

Lets talk about a simple error ;-) -> Asynch. Startupbehavior.
OK, yes, this makes sense.
Settings applied as you suggest, gpupdated, rebooted.
No change.

Please, do NOT use IE Maintainance, reset them (Contextmenu,right mouseklick on IE Maintainance)
OK, now that's a problem...how else do I apply proxy ?
As I said before Mark, I MUST restore what did work before whatever
"pollution" occurred...this is a political influence, I cannot jump elsewhere
for a solution, when such a solution was just not necessary
before..."whatever" ...happened.
For this, I must answer each question : "what specifically caused it to stop
working"...."how do we put it back"... and also "if we can't put it back,
specifically, why not?"...?
Only then would the question arise "What alternatives are available to
resolve"?

I completely accept my use of a downloaded Server 2003 GPMC run from my
Vista box may have caused the initial pollution, but having accessed,
changed, backed-up, restored, created new OU's, GPOs and Links using GPMC
run from one DC, everything I've read says that this issue should not now
exist...

Because of "playing around a lot" it could be ;-)
lol ... I always put things back when "playing around", not leave them to
be another problem later , so :p to you, Mark :)
(though I'm still chuckling)

For interest, I eventually found the "artefact" record in either the Default
Domain Controller Policy or the Default Domain Policy...in all honesty, I now
forget which, it was around 2am...either way, I fail to understand how it got
there, as I am the only one who edits GPOs...and I know better than to apply
more than password policies on either of these containers.
This is worrying, as it suggests that this pollution may be more widespread.

Check if local Policies exist and propably delete "registry.pol" inside:
%systemroot%\system32\GroupPolicy\Machine
Deleted one from here...it was not replaced at restart after above changes
etc....I imagine it should be, huh?

Remove the RDP Server from AD, put him back into a workgroup. (etc)
I'm remote, so can't try this yet...I did move RDP server from its own OU to
another OU, ran gpupdates and reboots, returned object to RDP OU, and ran
gpupdates and reboots again, but no change there either.
However, as one of the few remaining options beyond resetting the entire
Domain's GPs and rebuilding from scratch, it looks like I'm going to have to
beat everyone into the office in the morning to try it, since nothing else
has yet worked.... :(

In fact, unless some miracle occurs (whether by His, your, or other
providence), I'm going to have to call PSS tomorrow...
... hopefully they'll laugh and point me at a simple tick-box :)

Either way, I'd like to say thanks again for providing your time and
knowledge to help with this, even over the Easter Holidays...danke schon,
Mark.

Dave



"Mark Heitbrink [MVP]" wrote:

Hi,

Dave Swales schrieb:
Unfortunately, no difference was made to this situation.
The new RDP_Users still does not apply proxy, and as an experiment, the new
RDP_Computer does not change slow link detection setting (for example).
Both settings appear in GPMC.

Lets talk about a simple error ;-) -> Asynch. Startupbehavior.

Edit the Computer GPO:
Computer Configuration\Administrative Templates\System\Logon
"Always wait for the network at computer startup and logon" = Enable

Computer Configuration\Administrative Templates\System\Scripts
"Run scripts synchronously"=Enable

Close GPO and before you restart the Server run a "gpupdate"
manually.

If I play around with some link settings,

Please, do NOT use IE Maintainance, reset them (Contextmenu,
right mouseklick on IE Maintainance)

Meantime...stale local settings?
Am I on the right track do you think?

Because of "playing around a lot" it could be ;-)

Check if local Policies exist and propably delete "registry.pol" inside:
%systemroot%\system32\GroupPolicy\User, or
%systemroot%\system32\GroupPolicy\Machine

Aswell, another possibility:
Remove the RDP Server from AD, put him back into a workgroup.
Restart, and check if still some GPOs are efektive with this free tool:
http://www.sdmsoftware.com/regclean.php
After that put him back into AD.

Mark
--
Mark Heitbrink - MVP Windows Server - Group Policy

Homepage: www.gruppenrichtlinien.de - deutsch
Blog: gpupdate.spaces.live.com - english

.

Relevant Pages

  • RE: Proxy settings on GPO server
    ... I understand that you want your SBS server ... does not perform the IE proxy GPO created by yourself. ...
    (microsoft.public.windows.server.sbs)
  • RE: Simple ISA 2004 questions
    ... You'd better create a new GPO for IE proxy, ... Run "gpmc.msc" in SBS server, ... Right-click this new GPO IE proxy setting, ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA, Internet Access and Branch Office VPN
    ... One for the proxy settings of each ISA. ... GPO Name: Branch Office Proxy ... Troubleshooting Client Authentication on Access Rules in ISA Server 2004 ...
    (microsoft.public.isa.enterprise)
  • =?ISO-8859-15?Q?Re=3A_GPO_-_Adobe_Acrobat_Pro_9_-_?= =?ISO-8859-15?Q?Verteil
    ... Es gibt eine einzige GPO aber 2 Speicherorte. ... das Sysvol, dort liegt die Konfiguration der Richtlinie ... Mark Heitbrink - MVP Windows Server - Group Policy ...
    (microsoft.public.de.german.windows.server.general)
  • Re: Druckerhinweis per GPO abschalten
    ... herausgefunden hat und eine eigenes ADm Teplamte erstellt hat ... Aber warum willst du es per GPO abschalten? ... Mark Heitbrink - MVP Windows Server ...
    (microsoft.public.de.german.windows.server.active_directory)