Solved

Group Policy Issue

Posted on 2011-02-23
5
458 Views
Last Modified: 2012-05-11
Hi

We have 3 group policies configured.  1 is root on the domain, 2nd is for a proxy server (which is configured for loopback processing) for computers not users, and a third is for users only.

problem is the users only policy isnt being picked up.  i suspect this is becase of the loopback setting on the proxy policy.

an ideas?
0
Comment
Question by:CHI-LTD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 34959762
How do you mean the users only policy is being picked up?
On what OU's are the policies defined? Are the policies against the right OU's for your users and your computers?
What output does an gpresult.exe /z give on a workstation?
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 34959978
you should only apply loopback processing mode if necessary.
i don't think you need it here.
proxy settings have to be applied in the user part of the GPO applied to your users.
so you can delete the loopback GPO.

when applying loopback policy mode on computers, then when an user connect on, the user takes all the gpos where the computer belong, and not the user.
0
 
LVL 1

Accepted Solution

by:
CHI-LTD earned 0 total points
ID: 34996433
Had to get rid of the loopback processing as issues elsewhere.

Now using:

UserConfg-WindowsSettings-InternetExplorerMaintenance-Connection-ProxySettings (preference Mode)
Interent Explorer Maintenance set to Preference Mode.

Policy now applies to users however if the interent connection settings are changed - i.e. user disables proxy the GPO doesnt reapply on logon.
Is there any way of forcing the GPO for this IE maintenance setting?

I will then also disable the conenctions topion in GPO - but need to ensure the policy is forced/applied.

thx
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35012400
yes you can force IE part of the GPO to apply at each refresh:
Computer Configuration\Administrative Templates\System\Group Policy\Internet Explorer Maintenance policy processing
Check the "Process even if the Group Policy Objects have not changed".
This will apply the CSE "Internet Explorer Maintenance" (Client Side Extension) at each GPO background refresh, by default every 90 minutes on client computers.
0
 
LVL 1

Author Closing Comment

by:CHI-LTD
ID: 35115245
used the preference mode (per OU policy)
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question