Solved

GPO not being applied unless PC is rejoined to the domain

Posted on 2006-11-21
6
481 Views
Last Modified: 2013-12-04
We have recently started to use GPOs throughout our company and thought everything was going according to plan until we discovered that certain policies are not being applied to certain computers. Amongst them is a policy to disable mass USB storage devices, and also a policy that installs Flash on the PC.

This is not affecting all the PCs, only certain ones. We only use Windows 2000 and Windows XP clients and this problem is not specific to either one. All our domain servers are Windows 2003.

As I mentioned, this is not a domain wide problem as it only affects certain PCs. I have today found two identical PCs, same Dell model, same operating system (windows 2000), same patches and security updates installed......yet one of them applies all the policies at logon and the other one only applies certain policies..

I have found that if I 'un-join' the problem PC from the domain, add it to a workgroup, reboot, rejoin the domain then all of the policies work as they should.

I know that I can get around this problem by rejoining the PCs to the domain, but could someone suggest why this is happening and if there is something I can do instead of rejoining each PC to the domain ?

thanks in advance for any help
0
Comment
Question by:MisterBedo
  • 3
  • 2
6 Comments
 
LVL 88

Expert Comment

by:rindi
ID: 17993860
open a command prompt on the PC and enter

gpupdate /force

That should make them get all the policies. Another reason could be that if you have more than 1 domain controllers, not all of them have been updated either, so you might want to make sure all the DC's have been replicated.
0
 

Expert Comment

by:richard_diver
ID: 17999300
1. Do other policy settings apply to the problem pc successfully?
2. Are the 2 pc's in question in different OUs, sites or subnets?  this will have an effect on policy application.
0
 

Author Comment

by:MisterBedo
ID: 18001672
rindi - I'll try that today and report back. I'm pretty sure all the policies are replicted round the DCs, but I'll double check.

richard - 1) Yes, there are other policies in effect that apply themselves succesfully, it's only certain ones that don't.
              2) It varies, some of the PCs are in different OUs etc, but some are in the sam eOU, subnet etc yet still one will get the policy apllied, one won't.
0
Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

 

Author Comment

by:MisterBedo
ID: 18002177
rindi - GPUPDATE only works with XP clients, so I can't test that on a Win 2000 client. Will test it on an XP machine as soon as I can tho.
0
 

Expert Comment

by:richard_diver
ID: 18002565
Is it an entire policy that is not applying, or just certain settings within the same policy?

As you are using Windows Server 2003 on the domain controllers, you should be able to use RSoP or GPMC to see the exact policy that will apply to specific pc's, compare one that works with one that doesn't

Ideally you will have a test environment, but if not it is worth creating a new OU and a new policy that just contains the settings that are not working. Isolate one of the PC's in question by placing it into this OU and ensure only this new policy is applied. This will show wether or not the settings can be applied to that PC, then start adding your other policies to see if a conflict appears.

Another idea is to check if the settings can be made manually, then ensure they remain when the next policy refresh occurs (reboot should do the trick as long as the DC it connects to has the latest versions)
0
 

Accepted Solution

by:
MisterBedo earned 0 total points
ID: 20956399
Apologies, I forgot I left this open.

The solution in the end was down to the PCs in question needing an update to the WSH, after this they worked perfectly.

Thanks for the suggestions though.
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now