We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now


Group Policies Not Applying

Brian_Blair asked
Medium Priority
Last Modified: 2010-03-18
All Clients are W2k professional. All fresh installs, no upgrades.
All DC's are W2k Server in native mode. Many of these servers were upgraded a while back from Windows NT.
I just want to get a GPO to apply to a set of users to remove buttons from the toolbar in Internet Explorer.
I have an OU that includes the users I need the policy applied to and I have created the GPO called toolbar in that OU.
I have checked the security tab on the group policy, both authenticated users and the specific domain users that need this policy applied have read and apply group policy checked
We really don't have a lot of GPOS on our network so I don't thing this is being overwritten
I've run GPresult on a machine where I am logged in as that user. The only other GPO that is included in that OU shoes up as being applied.
Watch Question

Do you have any errors in the Application Log in Event Viewer that indicate that this policy is failing when it attempts to apply it?  So you don't even see this new GPO listed when you run GPresult, but you do see another GPO that is linked to the same OU?



I will check event log 3/31.

That is correct, the policy is not even listed in the output of gpresult. However, the default domain policy, another gpo called "roaming" that is linked to the OU, and the local policy are showing up as affecting the user.
This could possibly be a result of a replication problem between DCs.  If you configured the GPO on one DC and it is not replicating to another DC, then perhaps the client machine is getting its list of policies to apply from the second DC.

To check on this, look in the event viewer on your DCs under the File Replication Service logs and Directory Service logs (especially for NTDS KCC entries).  Also try the replmon and netdiag tools in the Windows 2000 Support Tools (if not already installed, these are on the W2K Server CD).



Chacked that yesterday. Policies are replicating successfully.
Also checked event viewer. No errors in event viewer indicating policy failure.

We are a 1 domain shop with 11 dc's all W2K server.  When I create a gpo I do it through Active Directory Users and Computers. I'm a little confused when I see it suggested that the GPO may have been configured on one DC. I configure them right on my pc and link it to an OU. They seem to apply OK except this one.

Thanks for your help to this point though.
If I understand it correctly, when you use Active Directory Users and Computers, it connects to the "closest" DC.  Whatever changes you make while connected to this DC are then replicated to the rest of the DCs at the next replication cycle.  So if you have replication problems on any particular DC and a client connects to that DC while logging on, it may not get the policy.  Does that make sense?

Are you using the Group Policy Management Console?  This is the new way of managing group policy that is downloadable from MS.  I have found it to very valuable for troubleshooting the organization of GPOs in our network.  It is a little more visual than the old way of doing it -- might help to pinpoint where it's failing.


I see that all your clients are w2k.  The GPMC may only be installed on XP Pro or W2K3 Server; however, it will manage W2K servers as well as W2K3 servers.  Perhaps you won't be able to use this tool if you have no XP clients.



No I haven't tried that yet. If I load XP on a machine and then download it, will I be able to look and see how policies are being applied on specific PC's in my networK?
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.