Solved

GPO not assigned to one computer for logon script

Posted on 2010-11-19
7
704 Views
Last Modified: 2012-05-10
Hi experts,

Group policy does not seem go control one computer of the eight that I have. I have SBS 2008 and all XP Pro computers. The computer works fine, is one the domain and can network with the server with no issues.

I have done the Group Policy Results for each computer and user for comparison, and there are some errors in a few of them. I can also run an RSoP.

In the Group Policy Management in the Default Domain Policy under Scope, it lists the that Domain Admins and Domain Users are in the Security Filtering, but the WMI filtering is set to none. There is a selection for Windows XP Clients, but I don't know why that would help if most of the computers are working any.

Thanks for any help.

Bert
0
Comment
Question by:Bert2005
  • 4
  • 2
7 Comments
 
LVL 27

Expert Comment

by:KenMcF
ID: 34179572
Are other policies getting applied on this computer?
What are the errors you are getting?

Can you run gpresult on a computer that is working and the one that is not and post.
also run gpresult /v to compare.

Are there any errors in the event logs on the comuter?

Are you using Group Policy Preferences? Make sure you have the client side extensions install on the computer.
http://www.microsoft.com/downloads/en/details.aspx?familyid=E60B5C8F-D7DC-4B27-A261-247CE3F6C4F8&displaylang=en
0
 
LVL 24

Accepted Solution

by:
Awinish earned 500 total points
ID: 34179600
GPO, not applying can be because of many reason it can NIC issue, permission issue, corruption on system files or antivirus is not letting it to apply or might be Virus issue.

As, you said its applying except one system, it looks to be more system related than GPO error but for your confirmation you can use gpotool.exe to check health of GPO & also make sure replication is working fine & dc is not reporting the error.

You can also use gpupdate /force cmd on client machine & try to reboot & check the result.
In order to break the puzzle, it best start with RSOP.MSC & that you might have already tried,so try to enable userenv logging to troubleshoot the GPO application error in depth.

http://blogs.technet.com/b/askds/archive/2008/11/11/understanding-how-to-read-a-userenv-log-part-1.aspx
0
 
LVL 1

Author Comment

by:Bert2005
ID: 34181066
Thanks guys,

Appreciate your input. Looks like I have a lot to do. Ken, I lied after I went back and checked, none of the group policy is working on this machine.

Let me take one step at a time and post back. I did do the gpresult I think. I know I did all of the checks but didn't run RSoP as I didn't want to duplicate anything. I will post both for two machines.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 1

Author Comment

by:Bert2005
ID: 34181076
All I did was run gpupdate /force n the bad machine, and it is working now. I didn't know I could do that.
0
 
LVL 1

Author Closing Comment

by:Bert2005
ID: 34181314
It is so nice when the easiest thing is what fixes it. It definitely worked with the client gpupdate. I appreciate all the help and will save the two comments to my knolwedge base as there is clearly more information here that is usable.
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34182187
Great, its working..:)
0
 
LVL 1

Author Comment

by:Bert2005
ID: 34182610
Yes, and my staff can't come in late anymore. :-)
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now