Solved

GPO not assigned to one computer for logon script

Posted on 2010-11-19
7
744 Views
Last Modified: 2012-05-10
Hi experts,

Group policy does not seem go control one computer of the eight that I have. I have SBS 2008 and all XP Pro computers. The computer works fine, is one the domain and can network with the server with no issues.

I have done the Group Policy Results for each computer and user for comparison, and there are some errors in a few of them. I can also run an RSoP.

In the Group Policy Management in the Default Domain Policy under Scope, it lists the that Domain Admins and Domain Users are in the Security Filtering, but the WMI filtering is set to none. There is a selection for Windows XP Clients, but I don't know why that would help if most of the computers are working any.

Thanks for any help.

Bert
0
Comment
Question by:Bert2005
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 27

Expert Comment

by:KenMcF
ID: 34179572
Are other policies getting applied on this computer?
What are the errors you are getting?

Can you run gpresult on a computer that is working and the one that is not and post.
also run gpresult /v to compare.

Are there any errors in the event logs on the comuter?

Are you using Group Policy Preferences? Make sure you have the client side extensions install on the computer.
http://www.microsoft.com/downloads/en/details.aspx?familyid=E60B5C8F-D7DC-4B27-A261-247CE3F6C4F8&displaylang=en
0
 
LVL 24

Accepted Solution

by:
Awinish earned 500 total points
ID: 34179600
GPO, not applying can be because of many reason it can NIC issue, permission issue, corruption on system files or antivirus is not letting it to apply or might be Virus issue.

As, you said its applying except one system, it looks to be more system related than GPO error but for your confirmation you can use gpotool.exe to check health of GPO & also make sure replication is working fine & dc is not reporting the error.

You can also use gpupdate /force cmd on client machine & try to reboot & check the result.
In order to break the puzzle, it best start with RSOP.MSC & that you might have already tried,so try to enable userenv logging to troubleshoot the GPO application error in depth.

http://blogs.technet.com/b/askds/archive/2008/11/11/understanding-how-to-read-a-userenv-log-part-1.aspx
0
 
LVL 1

Author Comment

by:Bert2005
ID: 34181066
Thanks guys,

Appreciate your input. Looks like I have a lot to do. Ken, I lied after I went back and checked, none of the group policy is working on this machine.

Let me take one step at a time and post back. I did do the gpresult I think. I know I did all of the checks but didn't run RSoP as I didn't want to duplicate anything. I will post both for two machines.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 1

Author Comment

by:Bert2005
ID: 34181076
All I did was run gpupdate /force n the bad machine, and it is working now. I didn't know I could do that.
0
 
LVL 1

Author Closing Comment

by:Bert2005
ID: 34181314
It is so nice when the easiest thing is what fixes it. It definitely worked with the client gpupdate. I appreciate all the help and will save the two comments to my knolwedge base as there is clearly more information here that is usable.
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34182187
Great, its working..:)
0
 
LVL 1

Author Comment

by:Bert2005
ID: 34182610
Yes, and my staff can't come in late anymore. :-)
0

Featured Post

Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
A hard and fast method for reducing Active Directory Administrators members.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question