firstheartland
asked on
Group Policy dealing with IE zone assignment not sticking!
I have a group policy (which ONLY deals with the zone assignment) that is continually switching on and off with reboots. I thought it was a conflicting group policy but when I run group policy modeling report it doesn't show any descrepancies that I can see. I thought it may be an issue with one domain controller wasn't replicating my policy change to the other one, but this isn't the case. I checked both domain controllers and they show the same information. The assignment is on a user basis and is in the user configuration > administrative templates > windows components > internet explorer > internet control panel > security page and is site to zone assignment.
jaynir
have you tried refreshing the gp? if not try gpupdate /force and see if that helps.
ASKER
It will, but only temporarily. It is like the local policy keeps overwriting the group policy at the domain level.
check the event logs if any errors logged.
ASKER
i show a Event ID: 1054 userenv error complaining about "the specified domain either does not exist or could not be contacted" showing on the machine's event log. I didn't find this when I first started looking 2 weeks ago so this may or may not be related. For the time being i'm going to say it is and examine it further.
Enable userenv logging & see if any virus which is not allowing policy to be applied on the system.
http://support.microsoft.com/kb/221833
http://support.microsoft.com/kb/221833
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Even though the group policies looked the same, there was a NtFrs error on the domain controllers. It turns out that firewall modification which was totally unrelated broke the active directory policies that were in place and started blocking the FRS. This article assisted me in resolving that issue: http://technet.microsoft.com/en-us/library/bb727063.aspx
Also the error was event ID 13559 and this article helped with that: http://eventid.net/display.asp?eventid=13559&eventno=657&source=NtFrs&phase=1
I'll post back and apply points as soon as I'm able to verify that the replication was the cause of the inconsistent group policy updates.
Also the error was event ID 13559 and this article helped with that: http://eventid.net/display.asp?eventid=13559&eventno=657&source=NtFrs&phase=1
I'll post back and apply points as soon as I'm able to verify that the replication was the cause of the inconsistent group policy updates.
Did you get your replication set fixed?
If not, by now you would probably have a tombstoned server.
If not, by now you would probably have a tombstoned server.