RE: Computer Policy Not applied
From: Allen Firouz (AllenFirouz_at_discussions.microsoft.com)
Date: 02/10/05
- Next message: M3John: "Re: Domain object removal"
- Previous message: Ray H: "Re: w2k backup dc for win2003dc?"
- In reply to: magician: "Computer Policy Not applied"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 10 Feb 2005 06:15:03 -0800
Magician,
Where does the computer policy reside? Empty root (top level domain) or at
the child domains? Have you run RSoP from the server side to validate the
propagation of the GPO? Based on the logs, there are also some minor access
issues, but I don't think any of them justifies the problems you are
seeing... for example, the OpenThreadToken error indicates only that
asynchronous application of the GPO is failing. Additionally, the RSoP error
may give you more detail if you can pinpoint which CSE (client side
extensions) are not registering properly. Check the CSE's in the registry at
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\GPExtensions.
-Allen Firouz
"magician" wrote:
> We are running three domains (one root domain with two children that are
> sisters.... mydomain.local, women.mydomain.local, men.mydomain.local). The
> two children are the ones with all the users and stuff.
>
> I cannot seem to get computer policy to work through our group policies.
> User policies are generally no problem.
>
> Specifically, I am trying to force the PC's to logoff users when account
> logon hours are reached (in order to backup .pst files). However, we have
> attempted to implement previous policies in both domains but neither seem to
> work. (The both domains are predominently W2KSP4 but we have a few XPSP2 and
> are migrating come the summer) I am running the test on my own PC and
> account. My PC is in OU=TomsPC,OU=menscomputers,DC=men,DC=mydomain,DC=local
> and I have a GPO and this has a GPO linked to it with the Computer
> Config\Windows Settings\Local Policies\Security Options - Force logoff when
> logon hours expire
>
> At the moment I am applying the same GPO to my user object. There are some
> User Configurations applied and these work fine.
>
> GPResult tells me everything is fine and looks OK. I do have a couple of
> errors in the Application event log-
> 1) Regards folder redirection as I don't have access to the server the
> folders are redirected to(!).
> 2) "The Group Policy client-side extension Internet Explorer Branding failed
> to log RSOP (Resultant Set of Policy) data. " Source: Userenv ID: 1091 This
> is odd as the "branding" does actually appear to work - we have a customized
> Title Bar.
>
> I had a look at logging userenv. I just cleared this and did a gpudate. This
> is the result:
>
> USERENV(33c.328) 12:19:55:156 ProcessGPOs: GetGPOInfo failed.
>
> If I do a verbose log….. I get confused! It appears to find the policies and
> stuff OK. The first thing I see that suggests anything is wrong is:
>
> USERENV(33c.6f8) 16:13:59:640 ReadGPExtensions: Rsop entry point not found
> for gptext.dll
>
> This is followed by 4 or 5 of the same relating to different .dll's. My PC
> is XP SP2 and full updates.
>
> The log appears to show searching for and finding all the appropriate
> policies (confirmed with gpresult) and the next "error"? I see is:
>
> USERENV(33c.6f8) 16:14:00:344 ProcessGPOs: OpenThreadToken failed with error
> 1008, assuming thread is not impersonating
>
> Any help at all would be greatly appreciated.
>
> I am currently trawling through the "Troubleshooting Group Policy" document
> and reckon it'll take me a week to read :(
>
> Thanks
> Tom
>
- Next message: M3John: "Re: Domain object removal"
- Previous message: Ray H: "Re: w2k backup dc for win2003dc?"
- In reply to: magician: "Computer Policy Not applied"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
