Solved

Computer GPO Applying... But not....

Posted on 2009-05-19
10
473 Views
Last Modified: 2013-11-21
Hello All

I'm attempting to apply a GPO to an OU containing users and computers, and specifically I'm attempting to enable "Offer Remote Assistance". I've created the GP, enabled the link and enforced it. On the test client machine (xp pro) I've run gpresult and confirmed that the policy is being applied to the Computer Settings. Problem is that when I run gpedit.msc the GP does not appear to have been applied, as remote assitance still shows as not configured. Also, remote assistance is not working. Any suggestions please?
0
Comment
Question by:jostafew
  • 5
  • 3
  • 2
10 Comments
 
LVL 2

Expert Comment

by:fuzzer123456
ID: 24427351
Try running a gpupdate /force comand on it.

If not that , have you got a local policy setup on the machine? this will over rule the domain one.
0
 
LVL 3

Author Comment

by:jostafew
ID: 24427466
Ok, ran that cmd but no change. I haven't applied a local policy to the machine, but I can't say for sure that it hasn't been done by other means. How can I confirm if there are any policies in place?
0
 
LVL 2

Assisted Solution

by:fuzzer123456
fuzzer123456 earned 100 total points
ID: 24427566
gpresult will give you a definitive list of applies policies on the computer. Running GPEDIT.msc will open the local policy . This doesnt change when the GP is being applied to the computer.

gpresult is the only real way to see what is and what isnt being applied. Have you tried to do something else with the GP? I would also try adding a user based GP too such as remove the clock to see if its working for user and not computer.
0
 
LVL 20

Accepted Solution

by:
EndureKona earned 400 total points
ID: 24427664
Run RSOP.MSC which is Resultant Set of Policy that is query engine that polls existing policies and planned policies for the workstation or servers
0
 
LVL 3

Author Comment

by:jostafew
ID: 24436126
It appears that my original question is taking a bit of a turn. I've confirmed that my policies are being applied using RSOP and I can successfully offer and begin providing remote assistance to one of several test machines. That being said it's still failing on a couple others. I'm trying to determine why I'm not getting anywhere on those machines, but in the meantime I will welcome any suggestions.
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 20

Expert Comment

by:EndureKona
ID: 24437940
Beyond saying that the GPO is failing are you getting any error messages in the event logs.   Or when you run rsop on a workstation that failed to apply getting any warnings there.    The workstations are talking to the DCs without issue via DNS?    I have also seen various switch configurations caused GPO issues but that is mainly when applying software.    Lock down the ports so there is no auto negotiation will fix that.   Turn off spanning tree protocol.
0
 
LVL 3

Author Comment

by:jostafew
ID: 24444376
Sorry, maybe my wording wasn't the best. On all machines I've confirmed that the GPO is being applied properly, but the remote assistance etc. fails.  The workstations have good connectivity to the DC, I don't see any issues there. I'm now using a handy gadget for Vista found here: http://www.scriptingpod.com/rcf-gadget.asp that allows me to quickly initiate a help session or do other tasks like check basic machine info. On the failing machines, if I attempt to check basic info I get an error; RPC server unnavailable. If I attempt to offer RA it fails with an error about computer name and permissions. I've created GPOs to allow RA, added the administrators group and my regular account as approved accounts, enabled ping (ICMP), and enabled remote desktop. I'll keep working at it but I'm starting to run out of ideas.
0
 
LVL 3

Author Comment

by:jostafew
ID: 24444388
I forgot to add that on a problem machine I can initiate RA through an emailed invitation, but cannot initiate it remotely.
0
 
LVL 2

Expert Comment

by:fuzzer123456
ID: 24453965
How about just using VNC ? would be much easier in the long term.
0
 
LVL 3

Author Comment

by:jostafew
ID: 24455597
VNC would be a considerable investment... RA is free ;-) I think I should really start this thread over in another topic as my original question was answered.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now