Re: applying group policy
- From: "Todd J Heron" <todd_heron_no_spam@xxxxxxxxxxx>
- Date: Sat, 2 Jul 2005 21:29:33 -0400
In news:%23foD$M1fFHA.1372@xxxxxxxxxxxxxxxxxxxx,
me <jmforbk@xxxxxxxxxxxxx> posted the following:
> ok kinda a noob question here. I have set up a lil domain in my apt just
> for the heck of it basically to make sure i can do it and i got it right
> except for one thing. I cannot get the settings for group policy to
> filter down. What i have tried is on the domain controler set up an
> organisational unit and added the names of the user and computer that i
> wanted the GP to apply to. Then i modifed the GP for that organizational
> unit and turned overright off. However the settings i made are not
> propegating to the system im trying for it to, Any help would be
> appreciated
The following are common reasons why GPO settings may fail to apply to a
user or computer (10-point check):
1) Machine or user must be a domain member and authenticate with the domain
2) DNS client configuration problem. Is the client's preferred DNS server
setting pointing to a DNS server that handles the zone for AD domain
3) User or machine is not in the container to which the GPO is linked. Run
rsop.msc or gpresult.exe /v on the users workstation to check that the
policy is actually being applied or not.
4) User or machine is under a hierarchy which is blocking the GPO
5) There is group filtering which is preventing the user or machine from
reading the GPO
6) The user is a member of a group which is being filtered from the effect
of Group Policy. For example, the 'Authenticated Users' has "Deny" selected
for 'Appy Group Policy'.
7) If the machine is running a host-based firewall and blocking all ICMP
traffic then group policies will not apply. (Clients test the link speed by
sending an IMCP packet of 2048 bytes).
8) Check to see if the user is a member of too many groups. At the very
least, configure the client firewall to allow inbound ICMP traffic from the
domain controllers.
Quoted from:
Kerberos authentication may not work if user is a member of many groups:
http://support.microsoft.com/default.aspx?scid=kb;en-us;280830
If a user is a member of many groups either directly or because of group
nesting, Kerberos authentication may not work. The Group Policy object (GPO)
may not be applied to the user and the user may not be validated to use
network resources.
9) Are there any errors in the event log concerning seccli or userenv? If
so examine these errors closely.
10)Review the error messages in the %windir%\debug\usermode\userenv.log
file?
--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights
.
- References:
- applying group policy
- From: me
- applying group policy
- Prev by Date: Re: Mail Enabled Universal Security Groups? -AD replication issue?
- Next by Date: Blank desktop after migrating user from client to server
- Previous by thread: applying group policy
- Next by thread: Re: applying group policy
- Index(es):
Relevant Pages
|
