?
Solved

Computer GPO Applying... But not....

Posted on 2009-05-19
10
Medium Priority
?
481 Views
Last Modified: 2013-11-21
Hello All

I'm attempting to apply a GPO to an OU containing users and computers, and specifically I'm attempting to enable "Offer Remote Assistance". I've created the GP, enabled the link and enforced it. On the test client machine (xp pro) I've run gpresult and confirmed that the policy is being applied to the Computer Settings. Problem is that when I run gpedit.msc the GP does not appear to have been applied, as remote assitance still shows as not configured. Also, remote assistance is not working. Any suggestions please?
0
Comment
Question by:jostafew
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
10 Comments
 
LVL 2

Expert Comment

by:fuzzer123456
ID: 24427351
Try running a gpupdate /force comand on it.

If not that , have you got a local policy setup on the machine? this will over rule the domain one.
0
 
LVL 3

Author Comment

by:jostafew
ID: 24427466
Ok, ran that cmd but no change. I haven't applied a local policy to the machine, but I can't say for sure that it hasn't been done by other means. How can I confirm if there are any policies in place?
0
 
LVL 2

Assisted Solution

by:fuzzer123456
fuzzer123456 earned 400 total points
ID: 24427566
gpresult will give you a definitive list of applies policies on the computer. Running GPEDIT.msc will open the local policy . This doesnt change when the GP is being applied to the computer.

gpresult is the only real way to see what is and what isnt being applied. Have you tried to do something else with the GP? I would also try adding a user based GP too such as remove the clock to see if its working for user and not computer.
0
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

 
LVL 20

Accepted Solution

by:
Rick Fee earned 1600 total points
ID: 24427664
Run RSOP.MSC which is Resultant Set of Policy that is query engine that polls existing policies and planned policies for the workstation or servers
0
 
LVL 3

Author Comment

by:jostafew
ID: 24436126
It appears that my original question is taking a bit of a turn. I've confirmed that my policies are being applied using RSOP and I can successfully offer and begin providing remote assistance to one of several test machines. That being said it's still failing on a couple others. I'm trying to determine why I'm not getting anywhere on those machines, but in the meantime I will welcome any suggestions.
0
 
LVL 20

Expert Comment

by:Rick Fee
ID: 24437940
Beyond saying that the GPO is failing are you getting any error messages in the event logs.   Or when you run rsop on a workstation that failed to apply getting any warnings there.    The workstations are talking to the DCs without issue via DNS?    I have also seen various switch configurations caused GPO issues but that is mainly when applying software.    Lock down the ports so there is no auto negotiation will fix that.   Turn off spanning tree protocol.
0
 
LVL 3

Author Comment

by:jostafew
ID: 24444376
Sorry, maybe my wording wasn't the best. On all machines I've confirmed that the GPO is being applied properly, but the remote assistance etc. fails.  The workstations have good connectivity to the DC, I don't see any issues there. I'm now using a handy gadget for Vista found here: http://www.scriptingpod.com/rcf-gadget.asp that allows me to quickly initiate a help session or do other tasks like check basic machine info. On the failing machines, if I attempt to check basic info I get an error; RPC server unnavailable. If I attempt to offer RA it fails with an error about computer name and permissions. I've created GPOs to allow RA, added the administrators group and my regular account as approved accounts, enabled ping (ICMP), and enabled remote desktop. I'll keep working at it but I'm starting to run out of ideas.
0
 
LVL 3

Author Comment

by:jostafew
ID: 24444388
I forgot to add that on a problem machine I can initiate RA through an emailed invitation, but cannot initiate it remotely.
0
 
LVL 2

Expert Comment

by:fuzzer123456
ID: 24453965
How about just using VNC ? would be much easier in the long term.
0
 
LVL 3

Author Comment

by:jostafew
ID: 24455597
VNC would be a considerable investment... RA is free ;-) I think I should really start this thread over in another topic as my original question was answered.
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question