GPResult Computer Settings

Where are these pulled from?  I assume the schema somewhere though I'm not sure where.. I've recreated all of the FRS entries.

Essentially, my GPO is not being picked up on the Computer side - it works for users.  The Computer Settings say that there is no connectivity, domain controller is incorrect, etc.
tbazeAsked:
Who is Participating?
 
tbazeAuthor Commented:
Not Allow Log On Locally, "Access this computer from the network" which, if you use the default DC policy, is set to Everyone/Users by default.
0
 
lobo797Commented:
I Group Policy Management Console to troubleshoot GP.  It has a resultant wizard that will run against a user or computer and show which GP's where accepted and which were denied and usually why.
http://www.microsoft.com/downloads/details.aspx?FamilyID=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en

I believe this can be installed on an XP pro machine if you have proper admin rights to a DC.  It doesn't work to install on a Windows 2000 server.  It will throw up error messages faster than you can see much less close!  It works well on Windows Server 2003
0
 
lobo797Commented:
Need to qualify my post.

You can edit and manage GP on a Windows 2000 server using gpmc; you just can't install on the server itself.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
tbazeAuthor Commented:
I have GPMC on the DCs - the Group Policy Report just states lack of connectivity.
0
 
lobo797Commented:
Do you have any firewall settings enabled on the computers you are trying to reach?
0
 
tbazeAuthor Commented:
No, firewall services disabled.
0
 
lobo797Commented:
Sorry that I'm asking so many questions.  I'm trying to get a grip on where to start looking.  Windows firewall has caused me grief more than once trying to get GPs to apply.

Are there any specific error messages showing in the system event viewer?
0
 
lobo797Commented:
As far as where the policies are stored, they should be in the %system%\sysvol folder on the DC
0
 
lobo797Commented:
Did you run the Group Policy Results wizard against a computer to make sure there are no wmi or rpc issues?
0
 
tbazeAuthor Commented:
Group Policy Infrastructure failed due to the error listed below.

The network is not present or not started.

Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.

Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 1/3/2010 2:02:41 AM and 1/3/2010 2:02:42 AM. - is what GP Results wizard says.

Again, the computer settings in GPResult found here:

COMPUTER SETTINGS
------------------
    CN=M1CMS004,CN=Computers,DC=testadservs,DC=net
    Last time Group Policy was applied: 1/3/2010 at 2:27:50 AM
    Group Policy was applied from:      LENAD02.testadservs.net
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        M1CMS004
    Domain Type:                        <Local Computer>

Are incorrect.

Group Policy should be applied from M1CMS001.testadservs.net, domain should be testadservs.net and Domain Type Windows 2000.  Where is it pulling these settings from or how is it getting them?  I think resolving this would go a long way to solving the whole thing.
0
 
lobo797Commented:
tbaze,

Sorry for not responding till now.  I should have left a note that I would be out all day for church and family :(  I'll try to do better next time....

If I'm not mistaken, GPs are applied Local Policy > Site GPO > Domain GPO > OU GPO > Child OU GPO with each succeeding gp overriding the previous.  IOW, if there is a site gp, it overrides the local policy.  With that being said, it appears that your not accessing the DC where the Site GP and higher are located, therefore the local is being used.

From a computer in question can you type the following at the Run command  %logonserver%\Netlogon  and/or %logonserver%\sysvol and see the folder locations?
0
 
lobo797Commented:
Here's a link that explains a little how GP works.  It's not necessarily and answer to your problem; just some info:
http://www.petri.co.il/working_with_group_policy.htm

Check this link out.  It's fairly long and detailed, but it addresses some of the same issues we are seeing here.
http://support.microsoft.com/kb/887303

It's bedtime, and I'm out all day tomorrow.  Will check back late tomorrow evening.  Since no other expert has pitched in here, and in case you don't want to wait that long, you may want to delete this question and repost.  You will not hurt my feelings if you want to do so.
0
 
CharlesdCommented:
How many DC's you have......Are all servers online?....Check the Preferred DNS on the system in which you are getting the issue.....Make sure DNS lookups are working fine....clients/serves are being pointed to proper GP servers.
Are there any errors related to GP in event viewer under Systems, Application Logs or File Replication Service.

Please update for further queries.
0
 
Henrik JohanssonSystems engineerCommented:
Is this still a problem after rejoining the computers as done in your other question about newly re-created domain?
0
 
tbazeAuthor Commented:
Yes, it is.
0
 
tbazeAuthor Commented:
There is only one DC which also serves as the DNS server.  No problems with resolution from the client PC.

Same error in eventvwr -

The processing of Group Policy failed because of lack of network connectivity to a domain controller.  This may be a transient condition.

When I modified my user policy to test if those would push through, they did.  Eventvwr on the controller turns no errors up whatsoever, unfortunately (from a troubleshooting perspective).. only error appears to be on client.
0
 
Henrik JohanssonSystems engineerCommented:
Does netdiag or dcdiag commands tell you any problem on the DC? If so, try to use netdiag/fix and dcdiag/fix to solve some issues.
The commands nead to be run on the DC.
0
 
tbazeAuthor Commented:
Unfortunately, netdiag is not included/non-functional on 2k8 R2.  DCDiag fix did not resolve the issue.

I did, however, figure this out.  Essentially, if the GPO settings for "Allow Log On Locally" are changed from the Default Domain Controller Policy to exclude Users, the GPO pull fails.  This is in part a result of trying to implement the FDCC Desktop rules which.. of course, breaks a number of server functionality.  Alls well that ends well.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.