Solved

GPO not being applied unless PC is rejoined to the domain

Posted on 2006-11-21
6
480 Views
Last Modified: 2013-12-04
We have recently started to use GPOs throughout our company and thought everything was going according to plan until we discovered that certain policies are not being applied to certain computers. Amongst them is a policy to disable mass USB storage devices, and also a policy that installs Flash on the PC.

This is not affecting all the PCs, only certain ones. We only use Windows 2000 and Windows XP clients and this problem is not specific to either one. All our domain servers are Windows 2003.

As I mentioned, this is not a domain wide problem as it only affects certain PCs. I have today found two identical PCs, same Dell model, same operating system (windows 2000), same patches and security updates installed......yet one of them applies all the policies at logon and the other one only applies certain policies..

I have found that if I 'un-join' the problem PC from the domain, add it to a workgroup, reboot, rejoin the domain then all of the policies work as they should.

I know that I can get around this problem by rejoining the PCs to the domain, but could someone suggest why this is happening and if there is something I can do instead of rejoining each PC to the domain ?

thanks in advance for any help
0
Comment
Question by:MisterBedo
  • 3
  • 2
6 Comments
 
LVL 87

Expert Comment

by:rindi
Comment Utility
open a command prompt on the PC and enter

gpupdate /force

That should make them get all the policies. Another reason could be that if you have more than 1 domain controllers, not all of them have been updated either, so you might want to make sure all the DC's have been replicated.
0
 

Expert Comment

by:richard_diver
Comment Utility
1. Do other policy settings apply to the problem pc successfully?
2. Are the 2 pc's in question in different OUs, sites or subnets?  this will have an effect on policy application.
0
 

Author Comment

by:MisterBedo
Comment Utility
rindi - I'll try that today and report back. I'm pretty sure all the policies are replicted round the DCs, but I'll double check.

richard - 1) Yes, there are other policies in effect that apply themselves succesfully, it's only certain ones that don't.
              2) It varies, some of the PCs are in different OUs etc, but some are in the sam eOU, subnet etc yet still one will get the policy apllied, one won't.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:MisterBedo
Comment Utility
rindi - GPUPDATE only works with XP clients, so I can't test that on a Win 2000 client. Will test it on an XP machine as soon as I can tho.
0
 

Expert Comment

by:richard_diver
Comment Utility
Is it an entire policy that is not applying, or just certain settings within the same policy?

As you are using Windows Server 2003 on the domain controllers, you should be able to use RSoP or GPMC to see the exact policy that will apply to specific pc's, compare one that works with one that doesn't

Ideally you will have a test environment, but if not it is worth creating a new OU and a new policy that just contains the settings that are not working. Isolate one of the PC's in question by placing it into this OU and ensure only this new policy is applied. This will show wether or not the settings can be applied to that PC, then start adding your other policies to see if a conflict appears.

Another idea is to check if the settings can be made manually, then ensure they remain when the next policy refresh occurs (reboot should do the trick as long as the DC it connects to has the latest versions)
0
 

Accepted Solution

by:
MisterBedo earned 0 total points
Comment Utility
Apologies, I forgot I left this open.

The solution in the end was down to the PCs in question needing an update to the WSH, after this they worked perfectly.

Thanks for the suggestions though.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now