[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 832
  • Last Modified:

Group Policy Not propagating/applying to the other server (terminal server)

i created a GPO (with some user settings applied to it) and linked it to an OU for one reason that only these will be affected by this policy. When i tested it i found out that the policy was only applied to server1(dc-primary server) not to the other server (server2 (dc, terminal server)). Have been working on this since late this morning and am stuck. i've gone to this " http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Q_23176363.html" but did not solve it (well the situation is different but some comments was. and i already performed them. like loopback etc.) I ran the GP result and it showed that on the user configuration the policy is being applied. Any help on this issue is greatly appreciated.
0
amcurso
Asked:
amcurso
  • 4
  • 2
1 Solution
 
DaMaestroCommented:
So in order to insure i have a correct statement, you currently have a policy that defines user settings that is linked to an OU where these two DCs are, and for the terminal server which is a domain controller is not processing the policy and you are attempting to use loopback?

What were the results of GPresult and RSOP.msc?
0
 
amcursoAuthor Commented:
I cant get the rsop result due to the temporary removal of the policy. The OU where the policy is linked to contains only user account not the two dc. i used the loopback since i couldnt find anything that might help. Again - There are two servers both of them are DC, 1 of them is also a terminal server which i am trying to get the results from when the users log in to these server. for sure i am not doing everything correct since when i login to the terminal server using the certain user account, i dont see the policy being applied. On the other hand when login to the other server (primary DC) the policy get applied. :-)
The last time i ran GP Result - i saw that the policy is on the applied policy (user configuration). i hope i am getting to the point where you can understand me / what am trying to do. thanks.
0
 
DaMaestroCommented:
1) Are you using the GPMC console with SP1? If so have you been able to due a GP Model for the accounts? It can help show differences if you cannot do a gpresult or rsop.msc
2) Are you using any security groups on the policy or is it defaulted to Authenticated users?
3) Are you sure the user is within the OU structure where the policy is? (Basic I know, but I have to ask)
4) Does any other user have policy issues on that box?
5) Are you using the loopback because of certain settings on the terminal server itself that are not ideal for use in the policy? If not, in this scenario loopback is not neccescary. If all the settings you want are in the policy AND that policy is linked where the user account objects are, and the settings are under user configuration then you would not use loopback. Only if there are terminal server specific settings you want applied that would not normally apply to other systems the user account is on.
6) Although you stated they were user polcies, did u define anything in the computer configuration section?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
amcursoAuthor Commented:
Very thorough. thanks.
1. yes, am using gpmc w/ sp1. I did run a GP model and i saw there the applied policies and one of them was the policy i created.
2. Default Authenticated users.
3. Yes. :-)
4. Not 100% sure but so far this have been the only issue.
5. I dont have to use this for the reason you have presented.
6. None except the loopback.
0
 
DaMaestroCommented:
So here is what I might do.

1a) turn off loopback in the user policy, also verify that the computer polcies affecting the terminal server do not have the setting enabled.
1b) check the application eventlog for policy processing errors
2) check the last tab of the policy, see if the user affected is in any of the groups (other than autheintcated users) and see if the "Deny" apply policy is checked for any of them.
3) temporarily remove "restrictions" to Group Policy settings in both the user and computer section of an applicable policy for both the computer and user (the gp model would help determine which policy would be edited) to verify that none of those are playing a part. For example, after a domain transition i prevented the use of group policy modeling, unfortunately this resulted in the GPO state registry entry not being updated, which prevented Push Prniter Connections from deploying printers by policy.
4) create a test user with a test policy in a different ou and add settings to restrict the UI and see if they apply when using that user account on the affected server.


0
 
DaMaestroCommented:
correction on 3, I enabled "Turn off Resultant Set of Policy Logging", I had to disable the setting for Push Printer Connections to work
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now