Solved

Problems with group policy

Posted on 2003-11-30
9
352 Views
Last Modified: 2010-04-13
Hi there

I have been having problems with my win 2000 server, i have tryed to create group policies for users.they are all running 2000 machines.

I created an OU with 2 sub OU's, one for the users and one for the computers.the group policy was set in the parent OU and the 2 sub OU's to take the parent group policy
I then added the users and the respectable computers and refreshed the system with secedit /refreshpolicy USER_POLICY and secedit /refreshpolicy MACHINE_POLICY.

now the thing is that i tested this setup on a test domain that i created in our workshop and it worked 100%, but when i tryed to implement it on the proper domain the users do not take on the group policies unless you make the user a roaming profile and log on as the user on the server.

Is there a setting on the server stopping the server from refreshing the policies?
Another thing is that when I log on to a users machine and check to event viewer it gives the error " windows can not determine the user or computer name, return value (1722)".
this is obviously not correct.

could some one please help as i have been battleing with this problem for over 2 weeks now.

Thanks so much

Ricky Hollis
0
Comment
Question by:Rickyhollis
9 Comments
 
LVL 3

Expert Comment

by:izwiz
ID: 9844895
Do you have more than one DC?

Check that the NTFRs event log has no errors. The Group Policy editor always connects to the PDC emulator to make changes, however -these changes are not always replicated across DCs for some reason. This may cause symptoms that policies seem to be intermittently applied (depending on which DC you log into).

Check out the logs in \WINNT\DEBUG

also look at the file version on the ini file in the policies folder of SYSVOL on the different DCs.

As for the client machine error -take the machine out of the domain (join it to workgroup) and re-add it , which will recreate it's computer account. -just a thought.
0
 
LVL 7

Expert Comment

by:wtrmk74
ID: 9845508
Read this article --- but you have to read the entire thing to fully understand all the possibilities.

http://www.microsoft.com/WINDOWS2000/techinfo/reskit/deploymentscenarios/scenarios/ou_design_implement_ou_structure.asp 

let us know if this helps.
wtrmk74

0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 9847381
in the OU you are working on, rightclick on the OU and then select the Group Policy Tab, click on your GPO, and select properties, then go to the security tab.  Make sure your computer/user group that you want the GPO to be applied to has at least the read and apply group policy options checked.  Without these permissions they will NOT be applied to the computer/group regardless of where they are placed in your OU tree.  Hope this helps as it is the most common GPO mistake.
0
 

Author Comment

by:Rickyhollis
ID: 9848427
That option has been selected but it still doesn't work.
I think there must be a problem with the AD.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:Rickyhollis
ID: 9848444
we have one DC, i have tryed to revove the computers from the domain and add them again but that doesn't work.
0
 
LVL 7

Expert Comment

by:wtrmk74
ID: 9848524
Did you get a chance to read the article ... there is a lot of useful information in there on layout step by step!
I am pretty sure it can help you.

:)
wtrmk74
0
 
LVL 7

Accepted Solution

by:
wtrmk74 earned 30 total points
ID: 9848547
Is the primary DNS pointing to DNS Server where you have the Group Policy on.
and
Are the computers added to the OU which has the Group Policy in it
0
 

Author Comment

by:Rickyhollis
ID: 9849294
Thanks alot for your help guys.
It seems that one of the guys had gone around and made changes to the DNS.
so that was the problem.

Thanks alot for all your help but it was wtrmk74 that reminded me to go and recheck the DNS.

Regards
Ricky

P.S. Happy Holidays!!!
0
 
LVL 7

Expert Comment

by:wtrmk74
ID: 9854034
Glad it all worked out

have a great holiday season
wtrmk74
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now