Solved

Problems with group policy

Posted on 2003-11-30
9
372 Views
Last Modified: 2010-04-13
Hi there

I have been having problems with my win 2000 server, i have tryed to create group policies for users.they are all running 2000 machines.

I created an OU with 2 sub OU's, one for the users and one for the computers.the group policy was set in the parent OU and the 2 sub OU's to take the parent group policy
I then added the users and the respectable computers and refreshed the system with secedit /refreshpolicy USER_POLICY and secedit /refreshpolicy MACHINE_POLICY.

now the thing is that i tested this setup on a test domain that i created in our workshop and it worked 100%, but when i tryed to implement it on the proper domain the users do not take on the group policies unless you make the user a roaming profile and log on as the user on the server.

Is there a setting on the server stopping the server from refreshing the policies?
Another thing is that when I log on to a users machine and check to event viewer it gives the error " windows can not determine the user or computer name, return value (1722)".
this is obviously not correct.

could some one please help as i have been battleing with this problem for over 2 weeks now.

Thanks so much

Ricky Hollis
0
Comment
Question by:Rickyhollis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 3

Expert Comment

by:izwiz
ID: 9844895
Do you have more than one DC?

Check that the NTFRs event log has no errors. The Group Policy editor always connects to the PDC emulator to make changes, however -these changes are not always replicated across DCs for some reason. This may cause symptoms that policies seem to be intermittently applied (depending on which DC you log into).

Check out the logs in \WINNT\DEBUG

also look at the file version on the ini file in the policies folder of SYSVOL on the different DCs.

As for the client machine error -take the machine out of the domain (join it to workgroup) and re-add it , which will recreate it's computer account. -just a thought.
0
 
LVL 7

Expert Comment

by:wtrmk74
ID: 9845508
Read this article --- but you have to read the entire thing to fully understand all the possibilities.

http://www.microsoft.com/WINDOWS2000/techinfo/reskit/deploymentscenarios/scenarios/ou_design_implement_ou_structure.asp 

let us know if this helps.
wtrmk74

0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 9847381
in the OU you are working on, rightclick on the OU and then select the Group Policy Tab, click on your GPO, and select properties, then go to the security tab.  Make sure your computer/user group that you want the GPO to be applied to has at least the read and apply group policy options checked.  Without these permissions they will NOT be applied to the computer/group regardless of where they are placed in your OU tree.  Hope this helps as it is the most common GPO mistake.
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 

Author Comment

by:Rickyhollis
ID: 9848427
That option has been selected but it still doesn't work.
I think there must be a problem with the AD.
0
 

Author Comment

by:Rickyhollis
ID: 9848444
we have one DC, i have tryed to revove the computers from the domain and add them again but that doesn't work.
0
 
LVL 7

Expert Comment

by:wtrmk74
ID: 9848524
Did you get a chance to read the article ... there is a lot of useful information in there on layout step by step!
I am pretty sure it can help you.

:)
wtrmk74
0
 
LVL 7

Accepted Solution

by:
wtrmk74 earned 30 total points
ID: 9848547
Is the primary DNS pointing to DNS Server where you have the Group Policy on.
and
Are the computers added to the OU which has the Group Policy in it
0
 

Author Comment

by:Rickyhollis
ID: 9849294
Thanks alot for your help guys.
It seems that one of the guys had gone around and made changes to the DNS.
so that was the problem.

Thanks alot for all your help but it was wtrmk74 that reminded me to go and recheck the DNS.

Regards
Ricky

P.S. Happy Holidays!!!
0
 
LVL 7

Expert Comment

by:wtrmk74
ID: 9854034
Glad it all worked out

have a great holiday season
wtrmk74
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
After seeing numerous questions for Dynamic Data Validation I notice that most have used Visual Basic to solve the problem. This suggestion is purely formula based and can be used in multiple rows.
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question