Re: GPO Limts
- From: Gladys Rodriguez <GladysRodriguez@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 6 Oct 2006 05:46:02 -0700
Also Check at the DCs IP configuration and the DNS Server configuration.
--
Gladys I. Rodriguez
http://www.globalstrata.com
"Gladys Rodriguez" wrote:
You can use GPMC.MSC and do RSOP Reports for the computer that is having the.
problem.
You can also use gpresult and gpresult /v in the workstation with the
problem and see what is applying.
Also use rsop.msc and drill down through the settings being applied. If you
right click in any of the settings, you can see the order of precedense which
leads to the settings are applied.
I also suggest for you to review how to the userenv.log in the workstation.
technet2.microsoft.com/WindowsServer/en/library/ccd7b430-99a5-40fd-b68a-6c1979e565a21033.mspx
To expand the information logged in the userenv.log,
http://support.microsoft.com/default.aspx?scid=kb;en-us;221833
However, from my experience, a lot of these type of problems are caused by
replication or connectivity issues. I would suggest for you to look at FRS
in the Domain Controllers. Also, run gpotool in the domain controllers to
check that the GPOs are fine and synchronized through all the DCs. If at the
end of the report you get an OK, then everything looks fine from that end.
Else you need to do some work and the gpotool should be able to tell you the
problem.
Hope this helps,
--
Gladys I. Rodriguez
http://www.globalstrata.com
"Jorge Silva" wrote:
So repeating the same GP over and over again is not nessesery a bad thing.Depends... generally that means that you have a Bad OU design, otherwise you
should be able to use only one GPO a the top which can handle all basic
requirements, then with sub OUs you can tune- up your needs.
Another problem with having the same GPO linked to different OUs as to do
with different requirements for different OUs, let me explain: if you make a
change to one GPO in a certain OU you're changing that particular setting to
all OUs where the GPO is being linked (in fact when you change that GPO
you're changing the same linked GPO to different OUs), and that can cause
you trouble, because that setting might be required to one or two OUs but
not for others.
Example: you need to apply a particular setting for four different
departments (Sales, HR, IT and XX), you don't go and link the same GPO to
each one... instead you have one Top OU with those inside and link that OU
at the top OU, then you can create other GPO to apply specific settings to
other Dep. OUs, this is a simple example, but you can complicate the
structure, is up to you to decide which is the best OU design for your
scenario
how would one check Enforce or Loopback?Enforce - right click the GPO and choose enforce (Note:activating this
setting inheritance doesn't have effect over that enforce policy)
Loopback - you've merge mode or replace mode, but before using it take a
look at this article so you can have a better understanding how it works...
http://support.microsoft.com/?kbid=231287
the Loopback is generally used in TS scenarios.
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"matt" <matt@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:86B2C17D-495B-4015-9425-616DC40B335F@xxxxxxxxxxxxxxxx
So repeating the same GP over and over again is not nessesery a bad thing.
- The exception to these rules is block policy inheritance, Enforce
Policy
or loopback policy.
how would one check Enforce or Loopback?
"Jorge Silva" wrote:
Hi
The GPO is applied in the following order:
- Local>Site>Domain->OU->Sub OU, etc.
- The exception to these rules is block policy inheritance, Enforce
Policy
or loopback policy.
- The Computer section of a GPO is applied during boot-up. The User
section
of a GPO is applied at user login
- The policies within the same container with higher priority are the
last
ones to apply which means that in case of policy conflict these last ones
"Wins".
- To check which policies are being applied run gpresult or rsop.msc.
-The problem with many policies to be applied as to do with performance
in
computers boot process and users logon.
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"matt" <matt@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1811E1F3-4EE8-406C-85D4-0C868E46F0E2@xxxxxxxxxxxxxxxx
I have a domain that was set up before me. It has a few problems, not
sure
where to start.
one question is there a limt to GP's the way the domain is set up now
is
root (Domain GP applied)
Computer OU (diffrent GP applied with same entrys)
Site location OU (has a few workstations)(diffrent GP applied with
same entrys as both root and computer)
Sub Site OU (has workstations)(diffrent GP applied with same
entrys
as both root, computer and Site)
Users OU (diffrent GP applied with same entrys as root)
Site Users OU (has a few users) (diffrent GP applied with same
entrys
as root and users)
Sub Site OU (has users)(GP applied) (diffrent GP applied with
same
entrys as root, users and sub)
The reason I was told this is set this way is cos the GP's don't get
applied
right. some stop at the computer and some stop at the site. would like
some
feed back on this set up. the only changes to the GP's is the warning
baner
each one has the name of the OU so they would know what one was applied
last.
Is there some logon script to see what GP's are geting applied 1st and
last
and what ones are being droped?
thanks
- References:
- Re: GPO Limts
- From: Jorge Silva
- Re: GPO Limts
- From: matt
- Re: GPO Limts
- From: Jorge Silva
- Re: GPO Limts
- From: Gladys Rodriguez
- Re: GPO Limts
- Prev by Date: Re: Schema Master Role Problems
- Next by Date: Re: Startup Scripts applied via GPO does not work
- Previous by thread: Re: GPO Limts
- Next by thread: Accounts locked out every hour
- Index(es):
Relevant Pages
|
