Solved

Group Policy Not propagating/applying to the other server (terminal server)

Posted on 2008-06-19
6
771 Views
Last Modified: 2013-11-21
i created a GPO (with some user settings applied to it) and linked it to an OU for one reason that only these will be affected by this policy. When i tested it i found out that the policy was only applied to server1(dc-primary server) not to the other server (server2 (dc, terminal server)). Have been working on this since late this morning and am stuck. i've gone to this " http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Q_23176363.html" but did not solve it (well the situation is different but some comments was. and i already performed them. like loopback etc.) I ran the GP result and it showed that on the user configuration the policy is being applied. Any help on this issue is greatly appreciated.
0
Comment
Question by:amcurso
  • 4
  • 2
6 Comments
 
LVL 6

Expert Comment

by:DaMaestro
ID: 21833735
So in order to insure i have a correct statement, you currently have a policy that defines user settings that is linked to an OU where these two DCs are, and for the terminal server which is a domain controller is not processing the policy and you are attempting to use loopback?

What were the results of GPresult and RSOP.msc?
0
 

Author Comment

by:amcurso
ID: 21833849
I cant get the rsop result due to the temporary removal of the policy. The OU where the policy is linked to contains only user account not the two dc. i used the loopback since i couldnt find anything that might help. Again - There are two servers both of them are DC, 1 of them is also a terminal server which i am trying to get the results from when the users log in to these server. for sure i am not doing everything correct since when i login to the terminal server using the certain user account, i dont see the policy being applied. On the other hand when login to the other server (primary DC) the policy get applied. :-)
The last time i ran GP Result - i saw that the policy is on the applied policy (user configuration). i hope i am getting to the point where you can understand me / what am trying to do. thanks.
0
 
LVL 6

Expert Comment

by:DaMaestro
ID: 21834362
1) Are you using the GPMC console with SP1? If so have you been able to due a GP Model for the accounts? It can help show differences if you cannot do a gpresult or rsop.msc
2) Are you using any security groups on the policy or is it defaulted to Authenticated users?
3) Are you sure the user is within the OU structure where the policy is? (Basic I know, but I have to ask)
4) Does any other user have policy issues on that box?
5) Are you using the loopback because of certain settings on the terminal server itself that are not ideal for use in the policy? If not, in this scenario loopback is not neccescary. If all the settings you want are in the policy AND that policy is linked where the user account objects are, and the settings are under user configuration then you would not use loopback. Only if there are terminal server specific settings you want applied that would not normally apply to other systems the user account is on.
6) Although you stated they were user polcies, did u define anything in the computer configuration section?
0
 

Author Comment

by:amcurso
ID: 21834440
Very thorough. thanks.
1. yes, am using gpmc w/ sp1. I did run a GP model and i saw there the applied policies and one of them was the policy i created.
2. Default Authenticated users.
3. Yes. :-)
4. Not 100% sure but so far this have been the only issue.
5. I dont have to use this for the reason you have presented.
6. None except the loopback.
0
 
LVL 6

Accepted Solution

by:
DaMaestro earned 500 total points
ID: 21834935
So here is what I might do.

1a) turn off loopback in the user policy, also verify that the computer polcies affecting the terminal server do not have the setting enabled.
1b) check the application eventlog for policy processing errors
2) check the last tab of the policy, see if the user affected is in any of the groups (other than autheintcated users) and see if the "Deny" apply policy is checked for any of them.
3) temporarily remove "restrictions" to Group Policy settings in both the user and computer section of an applicable policy for both the computer and user (the gp model would help determine which policy would be edited) to verify that none of those are playing a part. For example, after a domain transition i prevented the use of group policy modeling, unfortunately this resulted in the GPO state registry entry not being updated, which prevented Push Prniter Connections from deploying printers by policy.
4) create a test user with a test policy in a different ou and add settings to restrict the UI and see if they apply when using that user account on the affected server.


0
 
LVL 6

Expert Comment

by:DaMaestro
ID: 21834972
correction on 3, I enabled "Turn off Resultant Set of Policy Logging", I had to disable the setting for Push Printer Connections to work
0

Join & Write a Comment

Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now