PaperTiger
asked on
Invisible domain group policies?!
I am running a single Windows 2000 domain with mostly Windows XP Pro clients. A while back I had a few group policies set up to enable Windows firewall and disable USB drive. However, for some reason, they got "lost."
So I re-created those policies from scratch with some small changes. Please note the Windows firewall policy must be created through a Windows XP machine as Windows 2000 Server admin tool does not support it.
After I created new policies to again enable Windows firewall and disable USB drive, a week later I found out that no matter how many times I rebooted or gpupdate, the client computers only use the old policies. Gpresult does not show any of the new policy being applied.
Now, how can I purge those old policies out of my system? They are no where to be found. I followed the normal steps trying to delete them, but they don't exist in the GPedit or admin console, OU, Group Policy
So I re-created those policies from scratch with some small changes. Please note the Windows firewall policy must be created through a Windows XP machine as Windows 2000 Server admin tool does not support it.
After I created new policies to again enable Windows firewall and disable USB drive, a week later I found out that no matter how many times I rebooted or gpupdate, the client computers only use the old policies. Gpresult does not show any of the new policy being applied.
Now, how can I purge those old policies out of my system? They are no where to be found. I followed the normal steps trying to delete them, but they don't exist in the GPedit or admin console, OU, Group Policy
Do they exist on the GPMC?
ASKER
No, they don't. unless you can help me to find them because i cannot find them. I even deleted the applicable OU that contained the client computers and move those computers to a different OU with new group policies.
No luck.
No luck.
1. under GPMC ,go to the Group policy objects and this will show you all the list of group policies..see if it is there
2.Also in the properties of GPMC you can run and see what are all the linked policies and un-linked polices...remove them if not using.
2.Also in the properties of GPMC you can run and see what are all the linked policies and un-linked polices...remove them if not using.
ASKER
like i said, they are not there. see this GPResult and note the 4 applied GPO.
then go see the screenshot from GPMC and note the 4 applied GPOs do not even exist in the GPMC.
COMPUTER SETTINGS
------------------
CN=IT-LAPTOP01,OU=Company Computers,OU=Corporate,DC= mycompany, DC=com
Last time Group Policy was applied: 10/16/2008 at 2:09:56 PM
Group Policy was applied from: mycompany.com
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-------------------------- ---
Disable USB Floppy
Windows Update
Default Domain Policy
Windows Firewall Policy
The following GPOs were not applied because they were filtered out
-------------------------- ---------- ---------- ---------- ---------- -
Turn-on Windows Firewall
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
gpmc.jpg
then go see the screenshot from GPMC and note the 4 applied GPOs do not even exist in the GPMC.
COMPUTER SETTINGS
------------------
CN=IT-LAPTOP01,OU=Company Computers,OU=Corporate,DC=
Last time Group Policy was applied: 10/16/2008 at 2:09:56 PM
Group Policy was applied from: mycompany.com
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
--------------------------
Disable USB Floppy
Windows Update
Default Domain Policy
Windows Firewall Policy
The following GPOs were not applied because they were filtered out
--------------------------
Turn-on Windows Firewall
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
gpmc.jpg
Interesting...most of the GPOs showed applied were not displayed in your GPMC Console. How many domain controller you have? On the GPResult, which domain controller are those GPOs applied from? Is that the same domain controller you are running the GPMC from? I'm wondering if you have a problem with GPO replication...
btw, you may want to run the gpotool /verbose to verify all your GPO and domain controllers etc. You may be able to find something there.
ASKER
it's a single domain with 2 domain controllers. GPresult shows the computer can get policy from either controller but with the same results.
ASKER
i took one of the computer off the domain and then put it back to the domain. now, none of the newly created policies are applied, nor is any old invisible policies.
the new policies were created with GPMC 1.0.2 while those old ones were created with 1.0 or Windows 2000's GPMC.
the new policies were created with GPMC 1.0.2 while those old ones were created with 1.0 or Windows 2000's GPMC.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.