Solved

GPO not being applied unless PC is rejoined to the domain

Posted on 2006-11-21
6
483 Views
Last Modified: 2013-12-04
We have recently started to use GPOs throughout our company and thought everything was going according to plan until we discovered that certain policies are not being applied to certain computers. Amongst them is a policy to disable mass USB storage devices, and also a policy that installs Flash on the PC.

This is not affecting all the PCs, only certain ones. We only use Windows 2000 and Windows XP clients and this problem is not specific to either one. All our domain servers are Windows 2003.

As I mentioned, this is not a domain wide problem as it only affects certain PCs. I have today found two identical PCs, same Dell model, same operating system (windows 2000), same patches and security updates installed......yet one of them applies all the policies at logon and the other one only applies certain policies..

I have found that if I 'un-join' the problem PC from the domain, add it to a workgroup, reboot, rejoin the domain then all of the policies work as they should.

I know that I can get around this problem by rejoining the PCs to the domain, but could someone suggest why this is happening and if there is something I can do instead of rejoining each PC to the domain ?

thanks in advance for any help
0
Comment
Question by:MisterBedo
  • 3
  • 2
6 Comments
 
LVL 88

Expert Comment

by:rindi
ID: 17993860
open a command prompt on the PC and enter

gpupdate /force

That should make them get all the policies. Another reason could be that if you have more than 1 domain controllers, not all of them have been updated either, so you might want to make sure all the DC's have been replicated.
0
 

Expert Comment

by:richard_diver
ID: 17999300
1. Do other policy settings apply to the problem pc successfully?
2. Are the 2 pc's in question in different OUs, sites or subnets?  this will have an effect on policy application.
0
 

Author Comment

by:MisterBedo
ID: 18001672
rindi - I'll try that today and report back. I'm pretty sure all the policies are replicted round the DCs, but I'll double check.

richard - 1) Yes, there are other policies in effect that apply themselves succesfully, it's only certain ones that don't.
              2) It varies, some of the PCs are in different OUs etc, but some are in the sam eOU, subnet etc yet still one will get the policy apllied, one won't.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 

Author Comment

by:MisterBedo
ID: 18002177
rindi - GPUPDATE only works with XP clients, so I can't test that on a Win 2000 client. Will test it on an XP machine as soon as I can tho.
0
 

Expert Comment

by:richard_diver
ID: 18002565
Is it an entire policy that is not applying, or just certain settings within the same policy?

As you are using Windows Server 2003 on the domain controllers, you should be able to use RSoP or GPMC to see the exact policy that will apply to specific pc's, compare one that works with one that doesn't

Ideally you will have a test environment, but if not it is worth creating a new OU and a new policy that just contains the settings that are not working. Isolate one of the PC's in question by placing it into this OU and ensure only this new policy is applied. This will show wether or not the settings can be applied to that PC, then start adding your other policies to see if a conflict appears.

Another idea is to check if the settings can be made manually, then ensure they remain when the next policy refresh occurs (reboot should do the trick as long as the DC it connects to has the latest versions)
0
 

Accepted Solution

by:
MisterBedo earned 0 total points
ID: 20956399
Apologies, I forgot I left this open.

The solution in the end was down to the PCs in question needing an update to the WSH, after this they worked perfectly.

Thanks for the suggestions though.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question