AD, policy does not apply...

Hi fellow experts..

I have a problem.
My users are set up in AD to route the my documents folder to \\server\%username%, that doesnt always work..
No problem while the user use the same computer every day, but often when they change seats.. This also goes for other policyobjects like settings for desktop and so on..

How to work around and be sure that the policy is effective?
Would a line in the startupscript for reapplying the policy have any effect?
or is there any way to set the folders path in my startupscript directly?

Thanx

Mattis
LVL 15
mattisflonesAsked:
Who is Participating?
 
Fatal_ExceptionSystems EngineerCommented:
Are your clients running XP or 2K..??  If you open up your Domain Default GPO, you will find various places to turn off the slow link detection, or configure it appropriately...  i.e. Computer Config > Admin Templates > System > Logon > Do not detect slow link...

Additionally, ck this out:  Computer Config > Admin Templates > System > Group Policy > Folder Redirection Policy Processing

You may play with some of these settings to try to fix your problem...
0
 
Pete LongTechnical ConsultantCommented:
Ensure The group policy is applied  either to the Root of AD or the OU where the users/machines reside.

Right click either the policy or the level at which the policy was applied and select the security tab. Ensure "Apply Group Policy" is ticked.

Press Start > Run > SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE  (see note below)

Press Start > Run > SECEDIT /REFRESHPOLICY USER_POLICY /ENFORCE (see note below)

Policy not being enforced Try http://support.microsoft.com/default.aspx?scid=kb;en-us;254174

Policy not applying to users try
http://support.microsoft.com/default.aspx?scid=kb;EN-US;263693

Still no Joy! Try the official Microsoft Troubleshooting guide http://www.microsoft.com/windows2000/techinfo/howitworks/management/gptshoot.asp

*****NOTE*****

SECEDIT has been replaced in windows XP and Server 2003 with gpupdate (for syntax see below)
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/refrgp.mspx
0
 
mattisflonesAuthor Commented:
Hi Pete.
The links you provided does not apply.. there is an extremely simple architecture of this site so no possibilities for problems with that.
I suspect that this is a flaw with AD in general on the W2K platform as i have experienced the same on several sites..

Do you think that running SECEDIT in the startupscript will force the policy anyway? I havent explored that and dont know if it has any effect as long as the policy is not effectively applied automatically...
0
Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

 
Pete LongTechnical ConsultantCommented:
>>Do you think that running SECEDIT

Unsure, Ive never personally had to do this, as far as Im aware this would happen by default anyway? How big are the folders? just wondering? if they were VERY big the client might be struggling to pul them over the network?

Pete
www.petenetlive.com
0
 
Fatal_ExceptionSystems EngineerCommented:
Are you using MS Word for your Docs..??   In smaller firms, I manually configure the default location within Word to push docs to a file server...  You can do this with most MS Office applications such as Excel, etc...

Open Word > Tools > Options > File Locations tab...  then modify the default location...

This is not the best way for organizations larger than say 50 clients, but it may work in your case..

FE
0
 
mattisflonesAuthor Commented:
Pete, The folders are in general about 5 Mb. So i dont think that should be a problem. No other problems with the network performance at all...
Its typical that it works for some users, then not for others.. and its not any differences that i can find in computer setup and so on..

Ill try out the SECEDIT in script, and let y`all know how it goes..

Fatal, To do this at each PC is no option.. Its all going to be set up and controlled remotely with no support personell on site. Way to much work..
 ;-) (got others tings to not do..)
0
 
Pete LongTechnical ConsultantCommented:
>>;-) (got others tings to not do..)

Man, I know that feeling

**Afternoon Bill**

I know that AD is designed for you to set home drives on the user object, but have you tried ececuting a LOCAL login script for an offending user? with a good ole net use statement? then at least you can eliminate the client PC?

Pete
0
 
Fatal_ExceptionSystems EngineerCommented:
Yea..  like I mentioned, I only do this in the smaller domains..  and I also know that feeling..  :)
0
 
rhrowsonCommented:
Are your users in an OU or in the default Users container. In the latetr, GPO does not process correctly. I have certainly seen folder redirtection not working correctly.

To help to troubleshoot tis on a W2K platform. USe the Reskit tool GPresult (comes with XP), to see what policies are being applied and from what
0
 
Fatal_ExceptionSystems EngineerCommented:
Actually, I like the RSOP tool myself...   XP also comes with this and it can be run from the Start > Run > rsop.msc (OK)...   It is not native to W2K Pro though...

FE
0
 
mattisflonesAuthor Commented:
rrhowson, thanx.. didnt know of that tool... does it run under W2K to? and the same for RSOP Fatal..?!

Seems like all settings are applied correctly, but i will try this on a usermachine on next failure.. Thnx..

The settings are set on top level in the domain, the only OU that has otherwise is the IT support staff OU witch has no override and works perfect!
0
 
jon_godwinCommented:
Are your client machines Windows XP, I have ran into occasions were XP machines will simulate network connections, before actually applying group policy in order to speed up logon.  Possibly a logon script with gpupdate /force will help you.
0
 
Fatal_ExceptionSystems EngineerCommented:
Suggest you grab this Doc from MS on Troubleshooting Group Policy..  It covers gpresult.exe, gpotool.exe, ReplMon.exe and other items that you may find worth the read...

Troubleshooting Group Policy in Windows 2000

http://www.microsoft.com/windows2000/techinfo/howitworks/management/gptshoot.asp
0
 
Fatal_ExceptionSystems EngineerCommented:
Found another TS link from Technet..  Note the following when dealing with SlowLink connections:

Be careful when applying Group Policies over slow WAN links. Remember that the order of settings that are applied is not equal for every component. For example:

• Registry and Security settings are always applied.
 
• EFS and IP Security Settings are applied by default.
 
• Application Deployment, Scripts, Folder Redirection, and Disk Quotas are Not applied by default over slow links.
 
http://www.microsoft.com/technet/community/columns/profwin/pw0502.mspx
0
 
mattisflonesAuthor Commented:
jon godwin, no my clients run W2K.

Thanx Fatal, ill look at the links you gave, i got an idea on the slow wan link thingey, wonder if the five machines i`ve seen this on maybe is on a failing HUB.. I`m going to set up an extensive NW monitoring tomorrow and check if this happends on many simultaneous logins or something..

0
 
rhrowsonCommented:
Gpresult I first saw in the W2K Reskit. It is native to XP. Never knoew about RSOP.msc, so thanks Fatal Exception.

Gpresult is great, but it almost give too much information
0
 
Fatal_ExceptionSystems EngineerCommented:
If you have XP running on your network, I suggest you look into downloading the GPMC..  This is a wonderful tool that MS decided to give us to use, but can only be run on W2K3 or XP...   It has really brought together the ADUC and GPO interface into one very nice GUI...   But even though it must be installed on XP, it can be used to manage GPO's on a W2K server..   :)

Group Policy Management Console with Service Pack 1

http://www.microsoft.com/downloads/details.aspx?FamilyId=C355B04F-50CE-42C7-A401-30BE1EF647EA&displaylang=en

Administering Group Policy with the GPMC

http://www.microsoft.com/windowsserver2003/gpmc/gpmcwp.mspx
0
 
mattisflonesAuthor Commented:
Hmm.. lots of good stuff..!
Even though we are thinking of XP clients we are not there yet.. We have W2K servers and workstations.
0
 
mattisflonesAuthor Commented:
Fatal and rhowson, i havent got my solution yet, but your efforts is a good step in the right direction.
So thanx! Ill award you the points..
0
 
Fatal_ExceptionSystems EngineerCommented:
Wish we could have nailed it, but thanks..

FE
0
 
mattisflonesAuthor Commented:
I`ll post back if i get to the core of it! Promise...
0
 
mattisflonesAuthor Commented:
Btw, the problem is a little on and of now after a switch was exchanged.. Might be a slow networklink thingey...
0
 
Fatal_ExceptionSystems EngineerCommented:
:)  Luck to you..!!
0
 
mattisflonesAuthor Commented:
Thnx!
0
 
Pete LongTechnical ConsultantCommented:
0
 
rgilbertCommented:
I have this same exact problem on my network running AD Windows 2000 Servers and both Windows 2000 and Windows XP clients.  Most computers have no problem getting the policy and applying the folder redirect.  However, you could be sitting next to a applied GPO computer, login, and the policy will not be applied, yet you try again later on that same computer and the redirection may work, vise versa, and any variation thereof……..  

There is no pattern between OSs, computers, rooms, etc....  The users reside in an OU with the applied policy with no existing hierarchical policies.   I’ve utilized the folder redirection policy processing and the tools mentioned above, yet I cannot find a cause to this sporadic issue.  I've never experienced anything quite like this, but after reading this I know I'm not the only one!
0
 
mattisflonesAuthor Commented:
Hmm.. Strange isnt`t it??!!
I got around by puting a secedit command in the startupscript.. But that causes XP to run a infodialog about the fact that XP dont use secedit but gpedit.. lol!!

0
 
Fatal_ExceptionSystems EngineerCommented:
Interesting fix Matt...  Want to share that secedit command..??   (I know, I am lazy..  :)
0
 
mattisflonesAuthor Commented:
Sure:
secedit /refreshpolicy machine_policy /enforce
secedit /refreshpolicy user_policy /enforce

I believe its the same for XP with gpupdate instead of secedit...
0
 
Fatal_ExceptionSystems EngineerCommented:
*grin*  I recognize that command..!!   Now I see what you are doing..  Thanks...
0
 
mattisflonesAuthor Commented:
:-) LOL! And you know what... its friday!
0
 
rgilbertCommented:
so refreshing the policy running a startup script works for you?
0
 
mattisflonesAuthor Commented:
Yup...
0
 
rgilbertCommented:
Interesing......

There has to be a logical excuse for this mess!  Nonetheless, I'm going to utilize this script.  Great feedback guys, thanks!
0
 
Fatal_ExceptionSystems EngineerCommented:
This is the EE is supposed to work...   :)
0
 
mattisflonesAuthor Commented:
Fatal:
"This is the EE it ts supposed to work", or "This is EE, i`m supposed to work" ???

:-)
0
 
Fatal_ExceptionSystems EngineerCommented:
This is the WAY EE is supposed to work..!!   LOL, eh.. that four letter word..!!

And you know, if we got points on grammer, I would be lucky if I broke 100....  :)
0
 
Pete LongTechnical ConsultantCommented:
My fingers dont seem to be able to process the commands sent to them either :( must be a techhy thing
0
 
mattisflonesAuthor Commented:
LOL!
0
 
rgilbertCommented:
I have found that on the computers that randomly fail to apply the GPO, they get one of the following error in the Application Event Log (Windows XP):

Event ID: 1085
The Group Policy client-side extension Scripts failed to execute. Please look for any errors reported earlier by that extension.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I've checked EventID.net, Microsoft Knowledge Base, but none of their solutions apply to the problem I'm having with Group Policies...........

Any ideas?
0
 
Fatal_ExceptionSystems EngineerCommented:
rg..  you really need to open another thread for you question...  that way you will get the help you need...

FE
0
 
rgilbertCommented:
Make sure the File Replication Service is not in an error state....
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.