[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1264
  • Last Modified:

GPO Applied inconsistantly

We have users logging into a new 2003 domain in which we've created a few GPOs that should apply to both users and computers.  In particular, there is a Folder Redirection GPO for My Documents and a Login Script GPO which maps network drives and printers which are being applied twice to each user.  
Running GPRESULT shows:
   The user received "Folder Redirection" settings from these GPOs:
      Folder Redirection
      Folder Redirection
   ====================================================
   The user received "Scripts" settings from these GPOs:
      Printer Connections
      Map Network Drives
      Printer Connections
      Map Network Drives

The Folder Redirection and Map Network Drives GPOs are linked to the Domain since everyone, regardless of OU, should get them.  The Printer Connections GPO is linked to the site.  I've checked to see if they are linked elsewhere as well, but they are not.

Any ideas as to why all of the GPOs for the  would apply twice?
0
acksis
Asked:
acksis
  • 3
  • 2
  • 2
1 Solution
 
crissandCommented:
Use gpmc from microsoft site to see the result set of policy. The policy is applied both to computers and to users and that's useless, because folder redirection and map network drives are usually user related.

I know that the folder redirection can be applied to computers too, but not the same as for users (usually, one apply folder redirection for users when one want to use %USERNAME% environment variable). If folder redirection doesn't use user related information, it must be applied on computers only.

The same consideration for scripts, the administrator must establish exactly where to apply it, it's useless to apply the same policy to users and computers.
0
 
acksisAuthor Commented:
The Folder Redirection and Map Network Drives GPOs are only applied to the Users.

RSoP shows that both of those are Denied GPOs for the Computer Configuration Summary.  The Printer Connections GPO is applied at both the User and Computer because we're usin Loopback Processing in Merge Mode to force any user at a particular site to receive only local printers.

Under User Configuration Summary/Applied GPOs is the following:
   Printer Connections
   Map Network Drives
   Folder Redirection
   Default Domain Policy
   Printer Connections
   Map Network Drives
   Folder Redirection
   Default Domain Policy

As you can see, these GPOs are applying twice.
 
   "The policy is applied both to computers and to users and that's useless..."

   "The same consideration for scripts, the administrator must establish exactly where to apply it,
     it's useless to apply the same policy to users and computers."

The GPOs are to apply to every user in the Domain.  And, like I said earlier, Folder Redirection and Map Network Drives are denied on the computer and applied on the user.

If I'm missing your point, please clarify.


0
 
crissandCommented:
Please use gpmc from Microsoft to see the resultant set of policy applied. Download from here, install and run:

http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en

0
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

 
acksisAuthor Commented:
GPMC was already installed - that's where I got the RSoP that I referenced in my second post.
It says that the user settings are applied twice and the computer settings once.

I've also used the command line tool "gpresult.exe" which, when run on the client machine, says the exact same thing (see the first post).
0
 
Debsyl99Commented:
Hi
Could this be why you're getting it twice?
"The Printer Connections GPO is applied at both the User and Computer because we're using Loopback Processing in Merge Mode to force any user at a particular site to receive only local printers"
If you're using it in the user config and it's also applying via a set loopback, then it will apply again to all users logging on to that PC or pc's or servers covered by the loopback policy,

Or did I miss a point somewhere? (which is ENTIRELY possible after the week I've had ;-))

Deb :))
0
 
Debsyl99Commented:
I didn't miss the point then - my brain is still happily intact!
Glad to help,
Deb :))
0
 
acksisAuthor Commented:
That was it - we deleted the Printer Connections link to the site and booted up a user and everything ran as it should.  Thanks.  We'll just have to write a script for the users that will identifiy their site and attach printers accordingly.

Again, thanks for that.  My brain was beginning to hurt!
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now