?
Solved

Windows 7 machines are not comply with my GPO

Posted on 2010-01-13
10
Medium Priority
?
615 Views
Last Modified: 2012-05-08
Hello
My all Win 7 clients are not comply with my GPO when joined to my domain,
what is the solution for this
Note: I have Active directory 2008
0
Comment
Question by:Seni
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 21

Accepted Solution

by:
farazhkhan earned 501 total points
ID: 26302318
Hi,

you do not need to change your update your Active Directoy (if it's at least 2000, when Group Policy came about) to take advantage of sweet new Group Policy features and settings. The exception is if the application that the setting is relevant to requires an AD upgrade, like BitLocker.

You may be redirecting to wrong DNS server would be causing all GPO to fail at Window7. Make sure that Windows 7 clients have correct DNS entries first pointing to your DC.

Regards,
Faraz H. KHan
0
 
LVL 22

Assisted Solution

by:senad
senad earned 252 total points
ID: 26302321
what server are you using ?
0
 
LVL 19

Assisted Solution

by:PeteJThomas
PeteJThomas earned 747 total points
ID: 26302618
Are you saying that the GPOs are ALL failing to apply completely? Even the Default Domain Policy etc? Or is it just a particular policy that isn't working?

You said you're using 2008 and Windows7, so all new settings etc available for Win7 should be there and available...

If you can add some more detail that would be very helpful!

Pete
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 

Author Comment

by:Seni
ID: 26302654
Hello,

some of the policy are failing, i.e wallpaper, Screen server timeout,

regards,
0
 
LVL 19

Assisted Solution

by:PeteJThomas
PeteJThomas earned 747 total points
ID: 26302699
Ok, bit at a time - Are all the 'settings' that are failing, within a single GPO (policy object)?

Or are the settings in different actual policies?

To start, If you run "gpresult" from the search within the 'Start' menu on a Windows7 machine that has the problem, can you post the results back here so we can see if any particular policies are not applying for some reason?

Pete
0
 

Author Comment

by:Seni
ID: 26303173
Hello PeteJThomas
could you please post the full command line for that gpresult, cause i don't seems to get it right

Thanks,
0
 
LVL 19

Assisted Solution

by:PeteJThomas
PeteJThomas earned 747 total points
ID: 26303240
Of course - I apologise, just looked on a Windows 7 machine and it appears the command has changed slightly.

To display the results, the command is "gpresult /R" - However, it may be best to run the command "gpresult /R >C:\Gpresult.txt"

This will just output the same results to a txt file which you can then just attach to your next post - It's probably a bit easier than copying and pasting the results!

Pete
0
 

Author Comment

by:Seni
ID: 26356910
Hi Pete please see the results below

Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 1/20/2010 at 8:55:13 AM



RSOP data for ZAIN\fulla.p on TZDAR_SYSTEM_AD : Logging Mode
-------------------------------------------------------------

OS Configuration:            Member Workstation
OS Version:                  6.1.7600
Site Name:                   Dar-HQ
Roaming Profile:             N/A
Local Profile:               C:\Users\fulla.p.ZAIN
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
    CN=TZDAR_SYSTEM_AD,OU=SCCM Computers_HQ,OU=SCCM Computers,DC=zain,DC=co,DC=tz
    Last time Group Policy was applied: 1/19/2010 at 7:12:22 PM
    Group Policy was applied from:      tzdarhq-dc2.zain.co.tz
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        ZAIN
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy
        SCCM Computers GPO
        Zain-Domain Wide Policy
        Local Group Policy

    The computer is a part of the following security groups
    -------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        SophosAdministrator
        SophosUser
        BUILTIN\Users
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        This Organization
        TZDAR_SYSTEM_AD$
        Domain Computers
        System Mandatory Level
       

USER SETTINGS
--------------
    CN=Patrick Fulla,OU=infomation technology,OU=User Groups,DC=zain,DC=co,DC=tz
    Last time Group Policy was applied: 1/20/2010 at 8:44:22 AM
    Group Policy was applied from:      tzdarhq-dc1.zain.co.tz
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        ZAIN
    Domain Type:                        Windows 2000
   
    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy
        User Groups GPO
        Zain-Domain Wide Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
        Domain Users
        Everyone
        SophosUser
        SophosAdministrator
        BUILTIN\Users
        BUILTIN\Administrators
        NT AUTHORITY\INTERACTIVE
        CONSOLE LOGON
        NT AUTHORITY\Authenticated Users
        This Organization
        LOCAL
        Marvalrep_Modify
        Internet Browsing
        CTX_LMS_USER
        IT Support Test
        LAN & WAN Admin
        CTX_WINF_USERS
        SMEX Admin Group
        BoardroomWirelessAcess
        Systems_Modify
        Domain Admins
        IT Staff
        CTX_LMS_ADM
        Asset Users
        Exchange Public Folder Administrators
        Exchange Organization Administrators
        Exchange View-Only Administrators
        Exchange Recipient Administrators
        Domain Masters
        Zain-Wireless Users access in Celtel
        IT Support Test
        CTX_LMS_ADM
        Systems_Modify
        CTX_WINF_USERS
        SMEX Admin Group
        fulla.p
        CTX_LMS_USER
        Internet Browsing
        Asset Users
        BoardroomWirelessAcess
        LAN & WAN Admin
        IT Staff
        CTX_Internet Explorer
        CTX_Remote Desktop
        CTX_Putty
        Zain-Allow-Domain-Admins local logon
        CTX_XSHELL
        CTX_MS Office
        CTX_ERP
        CTX_ERPTEST
        CTX_Billing
        New-AD2008-Zain-Admins
        Denied RODC Password Replication Group
        CTX_CuteFTP
        Celtel-Allow-Local Logon
        CTX_Toad
        CTX_VNC
        CTX_ADMINISTRATORS_FULL
        CTX_XMANAGER
        DHCP Administrators
        CTX_Adagium
        CTX_SSH
        CTX_MinSat
        SophosAdministrator
        CTX_Acrobat Reader
        Zain-Allow-Domain-Admins local logon
        New-AD2008-Zain-Admins
        DHCP Administrators
        High Mandatory Level
0
 
LVL 21

Assisted Solution

by:farazhkhan
farazhkhan earned 501 total points
ID: 26357971
Hi,

Well, I have noticed one thing that with gpresult the domain type is shown as Windows 2000, while you are saying that your domain is Windows 2008! so this could be problem now if you don't have any other domain controller with 2000/2003 installed the raise your domain functional level to Windows 2008, but before doing that check your domain functional level whether it is 2000or 2008?

First Check your domain functional level: http://www.petri.co.il/understanding-windows-server-2008-active-directory-domain-and-forest-functional-levels.htm

If it is not Windows 2008 then raise the functional level to Windows 2008: http://www.petri.co.il/raising-windows-server-2008-active-directory-domain-and-forest-functional-levels.htm

Now, once you ahve raised the functioanl level then check if GPO applies or not.

Regarsd,
Faraz H. Khan
0
 

Author Closing Comment

by:Seni
ID: 31676566
Really help
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses
Course of the Month13 days, 17 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question