robg3381
asked on
Help with Computer Filtering for GPO
I'm having difficulty getting Computer filtering to work the way I feel it should. I'm trying to apply a setting for Outlook to stop using cached exchange mode. I have a newly created GPO called "common use". I have create a Security Group and added my computer in there. I then went into the GPO under Scope, removed Authenticated users, and added my newly created group. The settings I set on the GPO are below. I've rebooted several times and I can't seem to get this working. I've also tried to add my user account to the Group and still no luck. Anyone have any ideas??
Computer Configuration/Administrati
Setting: User Group Policy loopback processing mode - Enabled (Mode:replace)
User Configuration/Administrati
Setting: Use Cached Exchange Mode for new and existing Outlook profiles - Disabled
Computer Configuration/Administrati
Setting: User Group Policy loopback processing mode - Enabled (Mode:replace)
User Configuration/Administrati
Setting: Use Cached Exchange Mode for new and existing Outlook profiles - Disabled
So the problem is that once it is branded with "Cachemode" it wont change back out of "cachemode" even with the GPO enforced?
ASKER
Well the Disabled setting for Cached mode is supposed to be fore any new profiles. Well if I try to make a new Outlook profile, it still automatically enables Cached mode.
As a test, I had a test OU where I enabled both of these 2 settings. And it actually worked. The "Use Cached Exchange Mode" was grayed out and turned off. So I know the settings are correct. I'm thinking the problem has something to do with the Computer/Group filtering aspect maybe.
As a test, I had a test OU where I enabled both of these 2 settings. And it actually worked. The "Use Cached Exchange Mode" was grayed out and turned off. So I know the settings are correct. I'm thinking the problem has something to do with the Computer/Group filtering aspect maybe.
Can we see your GPO Settings?
I think the cached mode option is a "user" GP setting and not a "copmuter" setting. I loaded the outlk11.adm file from the Office 2003 res kit into a test GP and can only see the cache mode settings under the "user" section of the policy.
try appying you GP to a user account and see if works as expected.
You could enable loopback processing-merge for the GP if you must apply to the computer account and not the user.
Happy saturday everyone!!!
try appying you GP to a user account and see if works as expected.
You could enable loopback processing-merge for the GP if you must apply to the computer account and not the user.
Happy saturday everyone!!!
ASKER
Please re-read my original question. It shows that the setting I enabled was the loopback processing setting and the Cached Exchange USER setting Those are the only settings enabled in the GPO. I also explained that I even tried to add my user account to the group without luck. Attached are my settings. Thanks for any help.
Settings.JPG
Settings.JPG
Your right, sorry about not reading the post before opening my big fingers... :)
Another possible source could be the Office install. Is the office install a default install or is it a customized install?
Another possible source could be the Office install. Is the office install a default install or is it a customized install?
ASKER
The install is customized, but I'm not sure if that is the issue. I have gotten this to work on my comptuer from a test OU/GPO of mine. I really think the issue is the computer filtering. If I set this same setting on my test OU and add my computer to that (and turn on the loopback as well), it works ok. However, long-term I'd like to add it to my main OU and use computer filtering.
For reference, my OU structure is the following below (I have permission from the Department A level and below).
Domain
-Department A
-Lab
-Office
-Test
For reference, my OU structure is the following below (I have permission from the Department A level and below).
Domain
-Department A
-Lab
-Office
-Test
Clarification, can we see the code behind the polices?
ASKER
I don't think I know how to obtain the code behind the policies. Where do I look for this?
Can you find the ADM files?
ASKER
yes, I know where the adm files are located.
Just copy the ADM files and we shoudl get a clear picture of the policies in place.
BTW - Are th policies custom or Microsoft templates?
ASKER
attached are the ADM's (remove .txt) being used. All are Microsoft templates. Only the 2 Outlook ones were added from the standard.
conf.adm.txt
inetres.adm.txt
Installed-Templates.JPG
outlk11.adm.txt
outlk12.adm.txt
system.adm.txt
wmplayer.adm.txt
wuau.adm.txt
conf.adm.txt
inetres.adm.txt
Installed-Templates.JPG
outlk11.adm.txt
outlk12.adm.txt
system.adm.txt
wmplayer.adm.txt
wuau.adm.txt
Policies look good, so the question leads to "how are the GPO's being set/ filtered"?
When you do a GPRESULT, do you see your Office GPO in the list?
When you do a GPRESULT, do you see your Office GPO in the list?
Add this text below into a ADM file and add it to your Office GPO. See if this envokes your setting:
CLASS USER
CATEGORY "Office 2007"
CATEGORY "Cached Mode"
POLICY "Set Cached Mode behavior"
KEYNAME "Software\Policies\Microso
VALUENAME Enable
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
END CATEGORY
END CATEGORY
CLASS USER
CATEGORY "Office 2007"
CATEGORY "Cached Mode"
POLICY "Set Cached Mode behavior"
KEYNAME "Software\Policies\Microso
VALUENAME Enable
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
END CATEGORY
END CATEGORY
ASKER
I ran the GPREsult command and it shows the GPO under Computer Settings, Applied Group Policy Objects. Then the next section, "The computer is a part of the following security groups:" has the NT group I created to filter listed there as well.
I'll try the ADM thing in a moment and re-post after I see what I get.
I'll try the ADM thing in a moment and re-post after I see what I get.
ASKER
I did the following: Copied/pasted to a test.adm text file. Then went to my GPO and right-click on User configuration\Administrati
There is no point in configuring user settings for computers which use loopback processing in Replace mode
In this mode, the user's list of GPOs is not gathered. Only the list of GPOs based on the computer object is used.
Try to use Merge mode. In this mode, when the user logs on, the user's list of GPOs is typically gathered by using the GetGPOList function. The GetGPOList function is then called again by using the computer's location in Active Directory. The list of GPOs for the computer is then added to the end of the GPOs for the user. This causes the computer's GPOs to have higher precedence than the user's GPOs. In this example, the list of GPOs for the computer is added to the user's list.
"Loopback processing of Group Policy"
http://support.microsoft.com/kb/231287
In this mode, the user's list of GPOs is not gathered. Only the list of GPOs based on the computer object is used.
Try to use Merge mode. In this mode, when the user logs on, the user's list of GPOs is typically gathered by using the GetGPOList function. The GetGPOList function is then called again by using the computer's location in Active Directory. The list of GPOs for the computer is then added to the end of the GPOs for the user. This causes the computer's GPOs to have higher precedence than the user's GPOs. In this example, the list of GPOs for the computer is added to the user's list.
"Loopback processing of Group Policy"
http://support.microsoft.com/kb/231287
Make the reg change manually on the workstation and see if it downloads mail to the OST after creating a new profile.
I beleive you shoudl find it in at least two places.
I beleive you shoudl find it in at least two places.
Do you see the setting as applied if you run a gpresult /v on the machine? may have to output to a text file to get all the settings.
gpresult /v >C:\result.txt
gpresult /v >C:\result.txt
Indeed - how is the progressing?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Cool, glad that you have a workable resolution. :)
*Don't forget to close this Question.
*Don't forget to close this Question.
What does the RSoP report look like on the box?