Solved

GPO not being applied unless PC is rejoined to the domain

Posted on 2006-11-21
6
486 Views
Last Modified: 2013-12-04
We have recently started to use GPOs throughout our company and thought everything was going according to plan until we discovered that certain policies are not being applied to certain computers. Amongst them is a policy to disable mass USB storage devices, and also a policy that installs Flash on the PC.

This is not affecting all the PCs, only certain ones. We only use Windows 2000 and Windows XP clients and this problem is not specific to either one. All our domain servers are Windows 2003.

As I mentioned, this is not a domain wide problem as it only affects certain PCs. I have today found two identical PCs, same Dell model, same operating system (windows 2000), same patches and security updates installed......yet one of them applies all the policies at logon and the other one only applies certain policies..

I have found that if I 'un-join' the problem PC from the domain, add it to a workgroup, reboot, rejoin the domain then all of the policies work as they should.

I know that I can get around this problem by rejoining the PCs to the domain, but could someone suggest why this is happening and if there is something I can do instead of rejoining each PC to the domain ?

thanks in advance for any help
0
Comment
Question by:MisterBedo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 88

Expert Comment

by:rindi
ID: 17993860
open a command prompt on the PC and enter

gpupdate /force

That should make them get all the policies. Another reason could be that if you have more than 1 domain controllers, not all of them have been updated either, so you might want to make sure all the DC's have been replicated.
0
 

Expert Comment

by:richard_diver
ID: 17999300
1. Do other policy settings apply to the problem pc successfully?
2. Are the 2 pc's in question in different OUs, sites or subnets?  this will have an effect on policy application.
0
 

Author Comment

by:MisterBedo
ID: 18001672
rindi - I'll try that today and report back. I'm pretty sure all the policies are replicted round the DCs, but I'll double check.

richard - 1) Yes, there are other policies in effect that apply themselves succesfully, it's only certain ones that don't.
              2) It varies, some of the PCs are in different OUs etc, but some are in the sam eOU, subnet etc yet still one will get the policy apllied, one won't.
0
Raise the IQ of Your IT Alerts

From IT major incidents to manufacturing line slowdowns, every business process generates insights that need to reach the people required to take action. You need a platform that integrates with your business tools to create fully enabled DevOps toolchains.

You need xMatters.

 

Author Comment

by:MisterBedo
ID: 18002177
rindi - GPUPDATE only works with XP clients, so I can't test that on a Win 2000 client. Will test it on an XP machine as soon as I can tho.
0
 

Expert Comment

by:richard_diver
ID: 18002565
Is it an entire policy that is not applying, or just certain settings within the same policy?

As you are using Windows Server 2003 on the domain controllers, you should be able to use RSoP or GPMC to see the exact policy that will apply to specific pc's, compare one that works with one that doesn't

Ideally you will have a test environment, but if not it is worth creating a new OU and a new policy that just contains the settings that are not working. Isolate one of the PC's in question by placing it into this OU and ensure only this new policy is applied. This will show wether or not the settings can be applied to that PC, then start adding your other policies to see if a conflict appears.

Another idea is to check if the settings can be made manually, then ensure they remain when the next policy refresh occurs (reboot should do the trick as long as the DC it connects to has the latest versions)
0
 

Accepted Solution

by:
MisterBedo earned 0 total points
ID: 20956399
Apologies, I forgot I left this open.

The solution in the end was down to the PCs in question needing an update to the WSH, after this they worked perfectly.

Thanks for the suggestions though.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question