Group Policy not updating on Windows 2000 client

Hello,

I have one peculiar machine that does not update GP. When I run secedit /refreshpolicy machine_policy and user_policy, no changes are reflected. I have other Windows 2000 clients on the same subnet that update fine. Application log says the following:

Security policy in the Group policy objects are applied successfully.

But when I make particular changes, such as enabling and disabling the Display settings, they are not reflected. Any tips would help.
pwslglAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

valiconCommented:
Is this client in the same OU as the others?  I have seen policies that take more than one reboot to take effect, even though I have did secedit.  Where did you apply the GPO and was it at the computer or user level?  Are the DNS settings correct on this client?  Is this the only problem that you are experiencing with this client?
0
pwslglAuthor Commented:
The policy is applied on the OU which contains these specific users. The actual machines are all on the same GPO as well. The client seems setup correctly, although now that you mention it I've had trouble getting on certain websites in IE, which I believed was due to spyware and adware I found on the system. Our Intranet site works fine, though. I can VNC to the client and it can see all the core servers and clients around itself. DNS for these are handled by the DHCP server so that shouldn't be a problem...
0
pwslglAuthor Commented:
I've also rebooted as well.
0
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

valiconCommented:
Okay so let's step through it:

I think we can rule out both disabled policy and blocked inheritance as you say the other clients in the same GPO have no issue with this GPO.  Be sure to check that this client has Read and Apply Group Policy perms or that the user affected is a member of the security group that is affected.  If you apply the GPO at the Computer level, that machine must be in the OU that has the GPO applied.  Same goes if you applied the GPO at the user level. Also make sure that this client is getting a IP from the DHCP server and that DNS is correct.  I have seen clients on my network that were not able to get a IP go into auto config with an AIPA IP and still have internet access but things like GPOs were not getting applied.  Let me know. Good Luck!
0
pwslglAuthor Commented:
The GPO is definately applied correctly. The network settings looking correct as well. I checked the DNS records on the DNS server and the DHCP server just to make sure. All the clients at this site are in the same OU with the same policy installed, and the user who I am using is the same user across all the clients, so I'm thinking permissions isn't an issue.

Isn't it strange that it says it applied the policies successfully in the event log?
0
valiconCommented:
Isn't it strange that it says it applied the policies successfully in the event log?

That depends on what GPO it is getting and applying.  Do you have access to GPUpdate.exe and can you install it on this machine?  I have seen machines where no matter what I did the policy would not get applied, then after 90 - 120 minutes (which is how long it can take)  the policy was applied :)
0
pwslglAuthor Commented:
I'm pretty sure GPUpdate won't run on a 2000 client. This client won't get the new policy regardless of a manual update or waiting the default replication period which is 90 minutes. I'm upping the points for this question. ^_^
0
kapesCommented:
if its xp machine... go to....

start > help & support > tools > advanced user information > view group policy applied

it will give details of settings applied from various group policies... it also shows... which group policy WON in applying a setting in case of conflicts ...
0
pwslglAuthor Commented:
It's a 2000 machine, hence the topic and category...
0
mattisflonesCommented:
Just a tought from my previous experience with more or less the same problem. Could the users profilename have been  changed at any time? That might screw up SID`s and stuff and then deny policy changes..
0
gavin_wickensCommented:
Have you checked DNS on the client.  At client run nslookup, you should get:
yourservername.yourdomainname
server ipaddress

If not check the DNS settings on the client.
0
valiconCommented:
You are correct on GPUpdate, I had XP on the brain :)
0
valiconCommented:
You can enable debug logging to find the cause:

http://support.microsoft.com/kb/221833

Then look at Userenv.log, this is generated in the Winnt\Debug\UserMode folder.  Here is a link:

 http://support.microsoft.com/kb/250842/EN-US/

Hope this helps
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pwslglAuthor Commented:
Valicon, I tried that and I don't see any logs. It never creates the Usermode folder at all...
0
valiconCommented:
I am surprised, that is straight from the Microsoft docs.  Just to confirm, is this GPO applied at the Computer configuration level or the User configuration level?  I know that you said the client is in the OU but if this is a user level GPO, is the user in the affected OU as well? Since this is the only machine affected I would also check my TCP/IP settings and compare them to a machine that is known to be getting the GPO's correctly, even though your clients are DHCP.
0
pwslglAuthor Commented:
This GPO has configurations under both Computer and User levels. The GPO is applied to an OU with a group of users in them. Basically anywhere this user logs in they should get the same policy on any machine, and they do, except for this one. There is a policy applied on this machine; it is an older version of this same GPO.

Who knows what may have happened. I have Norton Ghost coming soon anyway, so I may just wipe this one clean.
0
valiconCommented:
Try placing that user and machine into a different OU so that it gets a different GPO, see if that works.  Then  move the user back in the original OU and see if it gets the policies.  At this point its work a try!  
0
kapesCommented:
Try this tool to find the exact policy getting applied on win2000


http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/gpresult-o.asp
0
gavin_wickensCommented:
Did you check the DNS settings?
0
maynardincSysadminCommented:
Did you ever get this figured out?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.