asked on
GPO problems with server after 2008 migration
We've recently migrated from 2003 SBS to 2008 SBS.
All GPOs are working just fine on every client computer. There's this member server though which was ok until we demoted the 2003 server. Folder redirection GPO is not applying on the server for no user (shows as Filtering: Denied (Security) on gpresult)
Not only that, there's another GPO which is not even showing as applied nor filtered on gpresult.
Both GPOS apply correctly on any other machine on the domain. I just moved the server to the SBSservers OU without any result.
Another strange thing is on gprsult output information about the computer or user are not showing (name, ou, etc) . See bellow.
Have no clue why this is happening and would really appreciate any help.
Thanks a lot.
Diego
Heres the gpuresult output:
COMPUTER SETTINGS
--------------
Last time Group Policy was applied: 11/10/2010 at 9:57:29 PM
Group Policy was applied from: CSA1.domain.local
Group Policy slow link threshold: 500 kbps
Domain Name: DOMAIN
Domain Type: Windows 2000
Applied Group Policy Objects
--------------------------
Local Group Policy
The computer is a part of the following security groups
--------------------------
BUILTIN\Administrators
Everyone
NT AUTHORITY\Authenticated Users
USER SETTINGS
--------------
Last time Group Policy was applied: 11/10/2010 at 9:57:29 PM
Group Policy was applied from: CSA1.domain.local
Group Policy slow link threshold: 500 kbps
Domain Name: DOMAIN
Domain Type: Windows 2000
Applied Group Policy Objects
--------------------------
Windows SBS User Policy
Windows SBS CSE Policy
Default Domain Policy
The following GPOs were not applied because they were filtered out
--------------------------
Small Business Server Folder Redirection Policy
Filtering: Denied (Security)
Local Group Policy
Filtering: Not Applied (Empty)
DISABLE WINDOWS FIREWALL
Filtering: Denied (WMI Filter)
Update Services Common Settings Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups
--------------------------
Domain Users
Everyone
Remote Desktop Users
BUILTIN\Users
REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
Windows SBS Fax Users
Windows SBS SharePoint_MembersGroup
Windows SBS Link Users
Windows SBS Remote Web Workplace Users
All GPOs are working just fine on every client computer. There's this member server though which was ok until we demoted the 2003 server. Folder redirection GPO is not applying on the server for no user (shows as Filtering: Denied (Security) on gpresult)
Not only that, there's another GPO which is not even showing as applied nor filtered on gpresult.
Both GPOS apply correctly on any other machine on the domain. I just moved the server to the SBSservers OU without any result.
Another strange thing is on gprsult output information about the computer or user are not showing (name, ou, etc) . See bellow.
Have no clue why this is happening and would really appreciate any help.
Thanks a lot.
Diego
Heres the gpuresult output:
COMPUTER SETTINGS
--------------
Last time Group Policy was applied: 11/10/2010 at 9:57:29 PM
Group Policy was applied from: CSA1.domain.local
Group Policy slow link threshold: 500 kbps
Domain Name: DOMAIN
Domain Type: Windows 2000
Applied Group Policy Objects
--------------------------
Local Group Policy
The computer is a part of the following security groups
--------------------------
BUILTIN\Administrators
Everyone
NT AUTHORITY\Authenticated Users
USER SETTINGS
--------------
Last time Group Policy was applied: 11/10/2010 at 9:57:29 PM
Group Policy was applied from: CSA1.domain.local
Group Policy slow link threshold: 500 kbps
Domain Name: DOMAIN
Domain Type: Windows 2000
Applied Group Policy Objects
--------------------------
Windows SBS User Policy
Windows SBS CSE Policy
Default Domain Policy
The following GPOs were not applied because they were filtered out
--------------------------
Small Business Server Folder Redirection Policy
Filtering: Denied (Security)
Local Group Policy
Filtering: Not Applied (Empty)
DISABLE WINDOWS FIREWALL
Filtering: Denied (WMI Filter)
Update Services Common Settings Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups
--------------------------
Domain Users
Everyone
Remote Desktop Users
BUILTIN\Users
REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
Windows SBS Fax Users
Windows SBS SharePoint_MembersGroup
Windows SBS Link Users
Windows SBS Remote Web Workplace Users
Microsoft Server OSWindows Server 2008SBS
Last Comment
reliantcorp
ASKER
Well, just checked on aduc an the server is member of domain computers. Doesnt show as a member of that group on gpresult output.
The GPOs scopes are "authenticated users" for the logon scripts GPO and "windows SBS Folder redirection Accounts" group for the folder redirection policy.
I disjoined the server from the domain, restarted a few times, rjoined and nothing happened.
Also deleted all the profiles.
Now I run gpresult and get "the user does not have RSOP data" ?!
Im totally out of ideas.
Please, help.
ASKER
No results with rsop.msc either. It says that the possible reason is because computer and user policies might have not been not processed, an thats absolutely whats happening and I dont know why.
So now no single GPO is being applied.
So now no single GPO is being applied.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Cause Ive found the problem.
I'm suprised that the member server is not a member of 'domain computers'. On the GP policy itself, what groups are set for the policy to apply to?