Re: Group policy not processing properly

1. All the sites and subnets are configured properly
2. Event viewer logs always say group policy has applied successfully
3. I ran the gpresult and it says my policy has applied. However the
settings do not appear (Internet Explorer proxy settings)

"Herb Martin" wrote:

"AT" <AT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E5DDAB48-BA43-4C84-80D6-24193A23A675@xxxxxxxxxxxxxxxx
Hi all,

I have a very large Windows 2003 /XP network spread accross the country. I
have several domain controllers placed around the country however most of
the
remote locations travel accross the links for authentication and other
domain
requests.

Are you Sites properly configured in Sites and Services
so that (true) Sites with DCs are defined by the IP subnets
and (mere) locations are included in the nearest Site so as
to optimize the authentication and such?

The problem I am having is with a group policy that does not apply to some
of these remote sites (works for about 80% of the sites but not the rest
of
20%).

Some of Group Policy is depending on not finding a "Slow WAN link"
but most of it should occur over a slow WAN AS LONG AS a DC
is found and authentication occurs.

Does Group Policy ever fail to process yet authentication actually
occur?

I looked into this a lot (replication, DNS resolution, network
infrastructure, group policy setup, permissions, etc) and the only thing I
can think of would be that the group policy does not apply because of a
slow
link.

This can happen but should NOT be the case for Security and
Registry (Admin templates) entries.

When it does happen, check the "Logon server" using the simple
"Set Logon" command or by using a more capable tool such as
NLTest (very difficult to use however.)

However I am not 100% sure of this. The only error I get is
"PolicyChangedThread: UpdateUser failed with 1008" in the userenv.log. In
the
event log for the computer it says the group policy has applied correctly
however when I check out in RSOP nothing shows up.

What about just running GPResult.exe from the command line
of the affected machine?

Any suggestions would be greatly appreciated.



--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]


Cheers,
AT



.

Relevant Pages

  • Re: Group policy not processing properly
    ... I have a very large Windows 2003 /XP network spread accross the country. ... remote locations travel accross the links for authentication and other ... of these remote sites (works for about 80% of the sites but not the rest ... Some of Group Policy is depending on not finding a "Slow WAN link" ...
    (microsoft.public.windows.server.active_directory)
  • Re: Domain Users into Local Admins
    ... Was your RSoP error "Invalid Namespace"? ... Server User Assistance - Group Policy ... >> 1) Machine or user must be a domain member and authenticate with the ... Kerberos authentication may not work. ...
    (microsoft.public.windows.server.security)
  • RE: Domain logon without network connection + group policies
    ... >> Through group policy, you can forbid logon without DC ... > Require Domain Controller authentication to unlock workstation) ... >> They will not be able to use their system off the network. ...
    (Focus-Microsoft)
  • Re: IIS Authentication
    ... involving Group Policy ... ... authentication and Authorization. ... you need to understand that the in Basic Authentication the ... "Riyaz Mansoor" wrote: ...
    (microsoft.public.inetserver.iis.security)
  • RE: Domain logon without network connection + group policies
    ... the setting to which I believe you refer is for *unlocking* ... but authentication and group policy processing are ... > Another option if forcing a group policy refresh. ...
    (Focus-Microsoft)
Loading