Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

GPResult Computer Settings

Posted on 2010-01-02
18
Medium Priority
?
1,943 Views
Last Modified: 2012-05-08
Where are these pulled from?  I assume the schema somewhere though I'm not sure where.. I've recreated all of the FRS entries.

Essentially, my GPO is not being picked up on the Computer side - it works for users.  The Computer Settings say that there is no connectivity, domain controller is incorrect, etc.
0
Comment
Question by:tbaze
  • 8
  • 7
  • 2
  • +1
18 Comments
 
LVL 10

Expert Comment

by:lobo797
ID: 26164168
I Group Policy Management Console to troubleshoot GP.  It has a resultant wizard that will run against a user or computer and show which GP's where accepted and which were denied and usually why.
http://www.microsoft.com/downloads/details.aspx?FamilyID=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en

I believe this can be installed on an XP pro machine if you have proper admin rights to a DC.  It doesn't work to install on a Windows 2000 server.  It will throw up error messages faster than you can see much less close!  It works well on Windows Server 2003
0
 
LVL 10

Expert Comment

by:lobo797
ID: 26164183
Need to qualify my post.

You can edit and manage GP on a Windows 2000 server using gpmc; you just can't install on the server itself.
0
 

Author Comment

by:tbaze
ID: 26164325
I have GPMC on the DCs - the Group Policy Report just states lack of connectivity.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 10

Expert Comment

by:lobo797
ID: 26164334
Do you have any firewall settings enabled on the computers you are trying to reach?
0
 

Author Comment

by:tbaze
ID: 26164359
No, firewall services disabled.
0
 
LVL 10

Expert Comment

by:lobo797
ID: 26164369
Sorry that I'm asking so many questions.  I'm trying to get a grip on where to start looking.  Windows firewall has caused me grief more than once trying to get GPs to apply.

Are there any specific error messages showing in the system event viewer?
0
 
LVL 10

Expert Comment

by:lobo797
ID: 26164378
As far as where the policies are stored, they should be in the %system%\sysvol folder on the DC
0
 
LVL 10

Expert Comment

by:lobo797
ID: 26164437
Did you run the Group Policy Results wizard against a computer to make sure there are no wmi or rpc issues?
0
 

Author Comment

by:tbaze
ID: 26164738
Group Policy Infrastructure failed due to the error listed below.

The network is not present or not started.

Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.

Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 1/3/2010 2:02:41 AM and 1/3/2010 2:02:42 AM. - is what GP Results wizard says.

Again, the computer settings in GPResult found here:

COMPUTER SETTINGS
------------------
    CN=M1CMS004,CN=Computers,DC=testadservs,DC=net
    Last time Group Policy was applied: 1/3/2010 at 2:27:50 AM
    Group Policy was applied from:      LENAD02.testadservs.net
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        M1CMS004
    Domain Type:                        <Local Computer>

Are incorrect.

Group Policy should be applied from M1CMS001.testadservs.net, domain should be testadservs.net and Domain Type Windows 2000.  Where is it pulling these settings from or how is it getting them?  I think resolving this would go a long way to solving the whole thing.
0
 
LVL 10

Expert Comment

by:lobo797
ID: 26168391
tbaze,

Sorry for not responding till now.  I should have left a note that I would be out all day for church and family :(  I'll try to do better next time....

If I'm not mistaken, GPs are applied Local Policy > Site GPO > Domain GPO > OU GPO > Child OU GPO with each succeeding gp overriding the previous.  IOW, if there is a site gp, it overrides the local policy.  With that being said, it appears that your not accessing the DC where the Site GP and higher are located, therefore the local is being used.

From a computer in question can you type the following at the Run command  %logonserver%\Netlogon  and/or %logonserver%\sysvol and see the folder locations?
0
 
LVL 10

Expert Comment

by:lobo797
ID: 26168527
Here's a link that explains a little how GP works.  It's not necessarily and answer to your problem; just some info:
http://www.petri.co.il/working_with_group_policy.htm

Check this link out.  It's fairly long and detailed, but it addresses some of the same issues we are seeing here.
http://support.microsoft.com/kb/887303

It's bedtime, and I'm out all day tomorrow.  Will check back late tomorrow evening.  Since no other expert has pitched in here, and in case you don't want to wait that long, you may want to delete this question and repost.  You will not hurt my feelings if you want to do so.
0
 
LVL 2

Expert Comment

by:Charlesd
ID: 26168736
How many DC's you have......Are all servers online?....Check the Preferred DNS on the system in which you are getting the issue.....Make sure DNS lookups are working fine....clients/serves are being pointed to proper GP servers.
Are there any errors related to GP in event viewer under Systems, Application Logs or File Replication Service.

Please update for further queries.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 26170602
Is this still a problem after rejoining the computers as done in your other question about newly re-created domain?
0
 

Author Comment

by:tbaze
ID: 26170889
Yes, it is.
0
 

Author Comment

by:tbaze
ID: 26171032
There is only one DC which also serves as the DNS server.  No problems with resolution from the client PC.

Same error in eventvwr -

The processing of Group Policy failed because of lack of network connectivity to a domain controller.  This may be a transient condition.

When I modified my user policy to test if those would push through, they did.  Eventvwr on the controller turns no errors up whatsoever, unfortunately (from a troubleshooting perspective).. only error appears to be on client.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 26279841
Does netdiag or dcdiag commands tell you any problem on the DC? If so, try to use netdiag/fix and dcdiag/fix to solve some issues.
The commands nead to be run on the DC.
0
 

Author Comment

by:tbaze
ID: 26308790
Unfortunately, netdiag is not included/non-functional on 2k8 R2.  DCDiag fix did not resolve the issue.

I did, however, figure this out.  Essentially, if the GPO settings for "Allow Log On Locally" are changed from the Default Domain Controller Policy to exclude Users, the GPO pull fails.  This is in part a result of trying to implement the FDCC Desktop rules which.. of course, breaks a number of server functionality.  Alls well that ends well.

0
 

Accepted Solution

by:
tbaze earned 0 total points
ID: 26419623
Not Allow Log On Locally, "Access this computer from the network" which, if you use the default DC policy, is set to Everyone/Users by default.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question