Solved

Computer GPO Applying... But not....

Posted on 2009-05-19
10
479 Views
Last Modified: 2013-11-21
Hello All

I'm attempting to apply a GPO to an OU containing users and computers, and specifically I'm attempting to enable "Offer Remote Assistance". I've created the GP, enabled the link and enforced it. On the test client machine (xp pro) I've run gpresult and confirmed that the policy is being applied to the Computer Settings. Problem is that when I run gpedit.msc the GP does not appear to have been applied, as remote assitance still shows as not configured. Also, remote assistance is not working. Any suggestions please?
0
Comment
Question by:jostafew
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
10 Comments
 
LVL 2

Expert Comment

by:fuzzer123456
ID: 24427351
Try running a gpupdate /force comand on it.

If not that , have you got a local policy setup on the machine? this will over rule the domain one.
0
 
LVL 3

Author Comment

by:jostafew
ID: 24427466
Ok, ran that cmd but no change. I haven't applied a local policy to the machine, but I can't say for sure that it hasn't been done by other means. How can I confirm if there are any policies in place?
0
 
LVL 2

Assisted Solution

by:fuzzer123456
fuzzer123456 earned 100 total points
ID: 24427566
gpresult will give you a definitive list of applies policies on the computer. Running GPEDIT.msc will open the local policy . This doesnt change when the GP is being applied to the computer.

gpresult is the only real way to see what is and what isnt being applied. Have you tried to do something else with the GP? I would also try adding a user based GP too such as remove the clock to see if its working for user and not computer.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 20

Accepted Solution

by:
EndureKona earned 400 total points
ID: 24427664
Run RSOP.MSC which is Resultant Set of Policy that is query engine that polls existing policies and planned policies for the workstation or servers
0
 
LVL 3

Author Comment

by:jostafew
ID: 24436126
It appears that my original question is taking a bit of a turn. I've confirmed that my policies are being applied using RSOP and I can successfully offer and begin providing remote assistance to one of several test machines. That being said it's still failing on a couple others. I'm trying to determine why I'm not getting anywhere on those machines, but in the meantime I will welcome any suggestions.
0
 
LVL 20

Expert Comment

by:EndureKona
ID: 24437940
Beyond saying that the GPO is failing are you getting any error messages in the event logs.   Or when you run rsop on a workstation that failed to apply getting any warnings there.    The workstations are talking to the DCs without issue via DNS?    I have also seen various switch configurations caused GPO issues but that is mainly when applying software.    Lock down the ports so there is no auto negotiation will fix that.   Turn off spanning tree protocol.
0
 
LVL 3

Author Comment

by:jostafew
ID: 24444376
Sorry, maybe my wording wasn't the best. On all machines I've confirmed that the GPO is being applied properly, but the remote assistance etc. fails.  The workstations have good connectivity to the DC, I don't see any issues there. I'm now using a handy gadget for Vista found here: http://www.scriptingpod.com/rcf-gadget.asp that allows me to quickly initiate a help session or do other tasks like check basic machine info. On the failing machines, if I attempt to check basic info I get an error; RPC server unnavailable. If I attempt to offer RA it fails with an error about computer name and permissions. I've created GPOs to allow RA, added the administrators group and my regular account as approved accounts, enabled ping (ICMP), and enabled remote desktop. I'll keep working at it but I'm starting to run out of ideas.
0
 
LVL 3

Author Comment

by:jostafew
ID: 24444388
I forgot to add that on a problem machine I can initiate RA through an emailed invitation, but cannot initiate it remotely.
0
 
LVL 2

Expert Comment

by:fuzzer123456
ID: 24453965
How about just using VNC ? would be much easier in the long term.
0
 
LVL 3

Author Comment

by:jostafew
ID: 24455597
VNC would be a considerable investment... RA is free ;-) I think I should really start this thread over in another topic as my original question was answered.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question