?
Solved

Group Policy dealing with IE zone assignment not sticking!

Posted on 2009-12-22
8
Medium Priority
?
347 Views
Last Modified: 2013-12-16
I have a group policy (which ONLY deals with the zone assignment) that is continually switching on and off with reboots.  I thought it was a conflicting group policy but when I run group policy modeling report it doesn't show any descrepancies that I can see.  I thought it may be an issue with one domain controller wasn't replicating my policy change to the other one, but this isn't the case.  I checked both domain controllers and they show the same information.  The assignment is on a user basis and is in the user configuration > administrative templates > windows components > internet explorer > internet control panel > security page and is site to zone assignment.
0
Comment
Question by:firstheartland
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 13

Expert Comment

by:jaynir
ID: 26107936
have you tried refreshing the gp? if not try gpupdate /force and see if that helps.
0
 
LVL 1

Author Comment

by:firstheartland
ID: 26107989
It will, but only temporarily.  It is like the local policy keeps overwriting the group policy at the domain level.
0
 
LVL 13

Expert Comment

by:jaynir
ID: 26108059
check the event logs if any errors logged.
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
LVL 1

Author Comment

by:firstheartland
ID: 26108389
i show a Event ID: 1054 userenv error complaining about "the specified domain either does not exist or could not be contacted" showing on the machine's event log.  I didn't find this when I first started looking 2 weeks ago so this may or may not be related.  For the time being i'm going to say it is and examine it further.
0
 
LVL 24

Expert Comment

by:Awinish
ID: 26111929
Enable userenv logging & see if any virus which is not allowing policy to be applied on the system.
http://support.microsoft.com/kb/221833 
0
 
LVL 39

Accepted Solution

by:
ChiefIT earned 2000 total points
ID: 26112207
Look in your FRS event logs for warnings or errors in the 13000's.

Also look for event errors 1030 and 1058.
0
 
LVL 1

Author Comment

by:firstheartland
ID: 26132702
Even though the group policies looked the same, there was a NtFrs error on the domain controllers.  It turns out that firewall modification which was totally unrelated broke the active directory policies that were in place and started blocking the FRS.  This article assisted me in resolving that issue:  http://technet.microsoft.com/en-us/library/bb727063.aspx

Also the error was event ID 13559 and this article helped with that: http://eventid.net/display.asp?eventid=13559&eventno=657&source=NtFrs&phase=1

I'll post back and apply points as soon as I'm able to verify that the replication was the cause of the inconsistent group policy updates.  
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 26448198
Did you get your replication set fixed?

If not, by now you would probably have a tombstoned server.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
The purpose of this video is to demonstrate how to prevent comment spam on a WordPress Website. This will be demonstrated using a Windows 8 PC. Plugin Akismet will be used. Go to your WordPress login page. This will look like the following: myw…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question