GPO problems with server after 2008 migration

Posted on 2010-11-11
Last Modified: 2012-05-10
We've recently migrated from 2003 SBS to 2008 SBS.

All GPOs are working just fine on every client computer. There's this member server though which was ok until we demoted the 2003 server.  Folder redirection GPO is not applying on the server for no user (shows as Filtering:  Denied (Security) on gpresult)

Not only that, there's another GPO which is not even showing as applied nor filtered on gpresult.
Both GPOS apply correctly on any other machine on the domain. I just moved the server to the SBSservers OU without any result.

Another strange thing is on gprsult output information about the computer or user are not showing (name, ou, etc) . See bellow.

Have no clue why this is happening and would really appreciate any help.
Thanks a lot.


Heres the gpuresult output:


    Last time Group Policy was applied: 11/10/2010 at 9:57:29 PM
    Group Policy was applied from:      CSA1.domain.local
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        DOMAIN
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
        Local Group Policy

    The computer is a part of the following security groups
        NT AUTHORITY\Authenticated Users


    Last time Group Policy was applied: 11/10/2010 at 9:57:29 PM
    Group Policy was applied from:      CSA1.domain.local
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        DOMAIN
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
        Windows SBS User Policy
        Windows SBS CSE Policy
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
        Small Business Server Folder Redirection Policy
            Filtering:  Denied (Security)

        Local Group Policy
            Filtering:  Not Applied (Empty)

            Filtering:  Denied (WMI Filter)

        Update Services Common Settings Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups
        Domain Users
        Remote Desktop Users
        NT AUTHORITY\Authenticated Users
        This Organization
        Windows SBS Fax Users
        Windows SBS SharePoint_MembersGroup
        Windows SBS Link Users
        Windows SBS Remote Web Workplace Users

Question by:reliantcorp
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4

Expert Comment

ID: 34117282
I'm suprised that the member server is not a member of 'domain computers'. On the GP policy itself, what groups are set for the policy to apply to?

Author Comment

ID: 34118147

Well, just checked on aduc an the server is member of domain computers. Doesnt show as a member of that group on gpresult output.

The GPOs scopes are "authenticated users" for the logon scripts GPO and "windows SBS Folder redirection Accounts" group for the folder redirection policy.

I disjoined the server from the domain, restarted a few times, rjoined and nothing happened.
Also deleted all the profiles.

Now I run gpresult and get "the user does not have RSOP data" ?!

Im totally out of ideas.

Please, help.

Author Comment

ID: 34118162
No results with rsop.msc either. It says that the possible reason is because computer and user policies might have not been not processed, an thats absolutely whats happening and I dont know why.

So now no single GPO is being applied.

Accepted Solution

reliantcorp earned 0 total points
ID: 34118303


The old server was the only DNS server listed on this machine. Changed it to the new SBS and everythings now fine.

Author Closing Comment

ID: 34143585
Cause Ive found the problem.

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know what services you can and cannot, should and should not combine on your server.
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question