Solved

Some Portions of GPOs Not Being Applied

Posted on 2011-02-28
26
16,429 Views
Last Modified: 2013-01-18
I have numerous policies that are only partial working after upgrading 2 of my three DC's to 2008. I believe that the issue withthe GPOs is the same accrost the board... One specific GPO that Im working on is suposed to set the connection settings in Internet Explorer, to use a proxy IP address for all web browsing, except for 4 different addesses, it is set to by pass the proxy IP.   There are various other restrictions in the policy that are in place as well...  The odd part of this is, everything in the policy is being apllied except for the proxy connection settings, and the list of bypass sites.  I should add that these are all user side settings, not computer.  Also it isnt at GPUpdate/force problem, I have been working on this for 3 days... certainly it would have updated policy by now ( though I have gpupdate about 90000000 times in working with this problem)  The deny all internet- timecard is the policy that has the Proxy setting in it.
here are samples of errors that i get on the client:
Event ID 8194
The client-side extension could not apply user policy settings for 'Deny All Internet - Timecard Only {B8D86384-5BBB-4E17-8103-174B0F068863}' because it failed with error code '0x80070003 The system cannot find the path specified.' See trace file for more details.
__________________________________________________________________

Event ID 1085
The Group Policy client-side extension Group Policy Applications failed to execute. Please look for any errors reported earlier by that extension.
___________________________________________________________________
Event ID 4098
The user 'Time Card' preference item in the 'Deny All Internet - Timecard Only {B8D86384-5BBB-4E17-8103-174B0F068863}' Group Policy object did not apply because it failed with error code '0x80070002 The system cannot find the file specified.' This error was suppressed.


Can anyone see where I might be lost here....
0
Comment
Question by:CCNPwanabe
  • 13
  • 6
  • 5
  • +2
26 Comments
 
LVL 11

Expert Comment

by:Renato Montenegro Rustice
ID: 34999785
Please, provide some additional information:

1) From what Windows Server version are you migrating?
2) Did you notice what are the client versions involved in the issue? Can you point that to us?
3) Are the clients fully updated?
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34999821
Hi,

What are your clients on which it is faling? If you have server XP clients getting GPO from Server 2008 then you need to apply client side extension.

http://exchadtech.blogspot.com/2010/09/gpo-preferences-in-server-2008.html
0
 

Author Comment

by:CCNPwanabe
ID: 34999876
All the clients are XP SP3 with all updates
I do have the SCE installed on all XP clients.
we are migrating from 2003 to 2008.  
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34999940
Hi,

Which GPO is failing and what are the settings?
Is there any machine that is getting it applied correctly?
Also please upload the GP logs from client and server side
http://exchadtech.blogspot.com/2011/02/where-gpo-logs-are.html
0
 
LVL 11

Expert Comment

by:Renato Montenegro Rustice
ID: 34999946
That was where I was trying to get to. Make sure your workstations are fully updated.

If that wont help, or help partially, there's another thing you may try. Make a completely new Group Policy and insert one configuration at a time. Disable the failing GPO during your tests, of course.

When you get the error, you know what configuration is involved, so that you can provide more information to us.
0
 

Author Comment

by:CCNPwanabe
ID: 35000053
I have isolated the problem to the point at which the proxy settings are applied, or rather, not being apllied.
I will create a new gpo, with only the setting for the proxy changes.
I will then upload the logs per the above link, thanks everyone for jumping on this so fast!
0
 

Author Comment

by:CCNPwanabe
ID: 35000655
I cant figure out how the loggin works ont he server side... Now when I run the only gpo ( unlinked everything else for the user Im testing with) that is to set the proxy info on the connections tab on IE7, it doesnt throw an erro in the event log under application.  nor does it on the server side.  However in the results for the GMO modeling, it sais that the GPO is "inaccessable"
Component Name Status Last Process Time
Group Policy Infrastructure Success 2/28/2011 11:42:23 AM
Folder Redirection Success 2/28/2011 11:18:35 AM
Group Policy Applications Failed 2/28/2011 9:50:01 AM
Group Policy Applications failed due to the error listed below.

The system cannot find the path specified.

Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 2/28/2011 9:50:01 AM and 2/28/2011 9:50:01 AM.
 
Group Policy Drive Maps Success 2/28/2011 11:18:35 AM
Group Policy Internet Settings Success 2/28/2011 11:18:36 AM
Group Policy Printers Failed 2/25/2011 8:35:37 AM
Group Policy Printers failed due to the error listed below.

The system cannot find the path specified.

Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 2/25/2011 8:35:37 AM and 2/25/2011 8:35:37 AM.
 
Group Policy Registry Success 2/28/2011 11:18:35 AM
Group Policy Shortcuts Success 2/28/2011 11:18:35 AM
Internet Explorer Branding Success 2/28/2011 11:23:40 AM
Registry Success 2/28/2011 11:18:35 AM
Software Installation Success 2/25/2011 7:13:33 AM

0
 
LVL 12

Expert Comment

by:Navdeep
ID: 35000835
Run the following command

gpupdate /force

gpresult /v > result.log

upload the log
and GPO Editor user mode logs

0
 

Author Comment

by:CCNPwanabe
ID: 35001516
COMPUTER SETTINGS
------------------
    CN=GRF05904-VM16GB,CN=Computers,DC=GRF-LW,DC=INTERNAL
    Last time Group Policy was applied: 2/28/2011 at 1:20:56 PM
    Group Policy was applied from:      GRF-LW-DC5.GRF-LW.INTERNAL
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy (Locked-Down)
        Executables - Do not Allow Setup.exe
        Logon Shortcut - Run All Batch Files
        Server - Time Sync with NTP Servers
        Bluecoat Proxy Trusted Site

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Screen Saver Timeout Lock
            Filtering:  Not Applied (Empty)

        Drive Map - Public Drive New
            Filtering:  Not Applied (Empty)

        Local Group Policy
            Filtering:  Not Applied (Empty)

    The computer is a part of the following security groups:
    --------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        BUILTIN\Users
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        GRF05904-VM16GB$
        Domain Computers
       
    Resultant Set Of Policies for Computer:
    ----------------------------------------

        Software Installations
        ----------------------
            N/A

        Startup Scripts
        ---------------
            N/A

        Shutdown Scripts
        ----------------
            N/A

        Account Policies
        ----------------
            GPO: Default Domain Policy (Locked-Down)
                Policy:            MinimumPasswordAge
                Computer Setting:  N/A

            GPO: Default Domain Policy (Locked-Down)
                Policy:            PasswordHistorySize
                Computer Setting:  5

            GPO: Default Domain Policy (Locked-Down)
                Policy:            LockoutDuration
                Computer Setting:  10

            GPO: Default Domain Policy (Locked-Down)
                Policy:            ResetLockoutCount
                Computer Setting:  10

            GPO: Default Domain Policy (Locked-Down)
                Policy:            MinimumPasswordLength
                Computer Setting:  5

            GPO: Default Domain Policy (Locked-Down)
                Policy:            LockoutBadCount
                Computer Setting:  5

            GPO: Default Domain Policy (Locked-Down)
                Policy:            MaximumPasswordAge
                Computer Setting:  120

        Audit Policy
        ------------
            GPO: Default Domain Policy (Locked-Down)
                Policy:            AuditPolicyChange
                Computer Setting:  Success, Failure

            GPO: Default Domain Policy (Locked-Down)
                Policy:            AuditPrivilegeUse
                Computer Setting:  Success, Failure

            GPO: Default Domain Policy (Locked-Down)
                Policy:            AuditDSAccess
                Computer Setting:  Success, Failure

            GPO: Default Domain Policy (Locked-Down)
                Policy:            AuditAccountLogon
                Computer Setting:  Success, Failure

            GPO: Default Domain Policy (Locked-Down)
                Policy:            AuditObjectAccess
                Computer Setting:  Success, Failure

            GPO: Default Domain Policy (Locked-Down)
                Policy:            AuditAccountManage
                Computer Setting:  Success, Failure

            GPO: Default Domain Policy (Locked-Down)
                Policy:            AuditLogonEvents
                Computer Setting:  Success, Failure

            GPO: Default Domain Policy (Locked-Down)
                Policy:            AuditProcessTracking
                Computer Setting:  Success, Failure

            GPO: Default Domain Policy (Locked-Down)
                Policy:            AuditSystemEvents
                Computer Setting:  Success, Failure

        User Rights
        -----------
            GPO: Default Domain Policy (Locked-Down)
                Policy:            NetworkLogonRight
                Computer Setting:  Authenticated Users
                                   GRF-LW\Domain Admins
                                   GRF-LW\Domain Users
                                   
        Security Options
        ----------------
            GPO: Default Domain Policy (Locked-Down)
                Policy:            RequireLogonToChangePassword
                Computer Setting:  Not Enabled

            GPO: Default Domain Policy (Locked-Down)
                Policy:            PasswordComplexity
                Computer Setting:  Not Enabled

            GPO: Default Domain Policy (Locked-Down)
                Policy:            ForceLogoffWhenHourExpire
                Computer Setting:  Not Enabled

            GPO: Default Domain Policy (Locked-Down)
                Policy:            ClearTextPassword
                Computer Setting:  Not Enabled

            GPO: Default Domain Policy (Locked-Down)
                Policy:            NewGuestName
                Computer Setting:  Enabled

        Event Log Settings
        ------------------
            GPO: Default Domain Policy (Locked-Down)
                Policy:            MaximumLogSize
                Computer Setting:  2048
                Log Name:          Security

            GPO: Default Domain Policy (Locked-Down)
                Policy:            MaximumLogSize
                Computer Setting:  2048
                Log Name:          System

            GPO: Default Domain Policy (Locked-Down)
                Policy:            RetentionDays
                Computer Setting:  0
                Log Name:          Application

            GPO: Default Domain Policy (Locked-Down)
                Policy:            MaximumLogSize
                Computer Setting:  2048
                Log Name:          Application

            GPO: Default Domain Policy (Locked-Down)
                Policy:            RetentionDays
                Computer Setting:  0
                Log Name:          System

            GPO: Default Domain Policy (Locked-Down)
                Policy:            RetentionDays
                Computer Setting:  0
                Log Name:          Security

            GPO: Default Domain Policy (Locked-Down)
                Policy:            RestrictGuestAccess
                Computer Setting:  Enabled
                Log Name:          System

            GPO: Default Domain Policy (Locked-Down)
                Policy:            RestrictGuestAccess
                Computer Setting:  Enabled
                Log Name:          Application

            GPO: Default Domain Policy (Locked-Down)
                Policy:            RestrictGuestAccess
                Computer Setting:  Enabled
                Log Name:          Security

        Restricted Groups
        -----------------
            N/A

        System Services
        ---------------
            N/A

        Registry Settings
        -----------------
            N/A

        File System Settings
        --------------------
            N/A

        Public Key Policies
        -------------------
            N/A

        Administrative Templates
        ------------------------
            GPO: Bluecoat Proxy Trusted Site
                Setting: Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\Windows\System
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications\List
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\Windows\System
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\Windows\System
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
                State:   Enabled

            GPO: Server - Time Sync with NTP Servers
                Setting: Software\Policies\Microsoft\W32Time\Config
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint
                State:   Enabled

            GPO: Server - Time Sync with NTP Servers
                Setting: Software\Policies\Microsoft\W32Time\Config
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts\List
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\Windows\System
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\Windows\Task Scheduler5.0
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\Windows NT\Printers
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\Windows\Task Scheduler5.0
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint
                State:   Enabled

            GPO: Server - Time Sync with NTP Servers
                Setting: Software\Policies\Microsoft\W32Time\Config
                State:   Enabled

            GPO: Bluecoat Proxy Trusted Site
                Setting: Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey
                State:   Enabled

            GPO: Server - Time Sync with NTP Servers
                Setting: Software\Policies\Microsoft\W32Time\TimeProviders\NtpClient
                State:   Enabled

            GPO: Server - Time Sync with NTP Servers
                Setting: Software\Policies\Microsoft\W32Time\Config
                State:   Enabled

            GPO: Server - Time Sync with NTP Servers
                Setting: Software\Policies\Microsoft\W32Time\Config
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\Windows\Task Scheduler5.0
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\Windows\System
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\Windows\NetCache
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\Windows\System
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\Windows\System
                State:   Enabled

            GPO: Bluecoat Proxy Trusted Site
                Setting: Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\Windows\Task Scheduler5.0
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
                State:   disabled

            GPO: Server - Time Sync with NTP Servers
                Setting: Software\Policies\Microsoft\W32Time\Config
                State:   Enabled

            GPO: Server - Time Sync with NTP Servers
                Setting: Software\Policies\Microsoft\W32Time\Config
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\Windows\Task Scheduler5.0
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\WindowsFirewall\DomainProfile
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\Windows\System
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Microsoft\Windows\CurrentVersion\Policies\System
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
                State:   Enabled

            GPO: Server - Time Sync with NTP Servers
                Setting: Software\Policies\Microsoft\W32Time\TimeProviders\NtpClient
                State:   Enabled

            GPO: Server - Time Sync with NTP Servers
                Setting: Software\Policies\Microsoft\W32Time\TimeProviders\NtpClient
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Microsoft\Windows\CurrentVersion\Policies\System
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\Peernet
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\Windows\System
                State:   disabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications\List
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts\List
                State:   Enabled

            GPO: Bluecoat Proxy Trusted Site
                Setting: Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
                State:   disabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\Windows\System
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\Windows\Network Connections
                State:   Enabled

            GPO: Server - Time Sync with NTP Servers
                Setting: Software\Policies\Microsoft\W32Time\TimeProviders\NtpClient
                State:   Enabled

            GPO: Server - Time Sync with NTP Servers
                Setting: Software\Policies\Microsoft\W32Time\TimeProviders\NtpClient
                State:   Enabled

            GPO: Server - Time Sync with NTP Servers
                Setting: Software\Policies\Microsoft\W32Time\Config
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\Windows NT\Printers
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications
                State:   Enabled

            GPO: Server - Time Sync with NTP Servers
                Setting: Software\Policies\Microsoft\W32Time\Config
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Microsoft\Windows\CurrentVersion\Policies\System
                State:   disabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
                State:   Enabled

            GPO: Server - Time Sync with NTP Servers
                Setting: Software\Policies\Microsoft\W32Time\TimeProviders\NtpClient
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\Conferencing
                State:   Enabled

            GPO: Server - Time Sync with NTP Servers
                Setting: Software\Policies\Microsoft\W32Time\Config
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List
                State:   Enabled

            GPO: Server - Time Sync with NTP Servers
                Setting: Software\Policies\Microsoft\W32Time\Config
                State:   Enabled

            GPO: Server - Time Sync with NTP Servers
                Setting: Software\Policies\Microsoft\W32Time\Config
                State:   Enabled

            GPO: Bluecoat Proxy Trusted Site
                Setting: Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey
                State:   Enabled

            GPO: Server - Time Sync with NTP Servers
                Setting: Software\Policies\Microsoft\W32Time\Config
                State:   Enabled

            GPO: Server - Time Sync with NTP Servers
                Setting: Software\Policies\Microsoft\W32Time\Parameters
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\Windows\Task Scheduler5.0
                State:   Enabled

            GPO: Server - Time Sync with NTP Servers
                Setting: Software\Policies\Microsoft\W32Time\Config
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\WindowsFirewall\StandardProfile
                State:   Enabled

            GPO: Server - Time Sync with NTP Servers
                Setting: Software\Policies\Microsoft\W32Time\Config
                State:   Enabled

            GPO: Default Domain Policy (Locked-Down)
                Setting: Software\Policies\Microsoft\Windows\Task Scheduler5.0
                State:   Enabled

            GPO: Server - Time Sync with NTP Servers
                Setting: Software\Policies\Microsoft\W32Time\Parameters
                State:   Enabled


USER SETTINGS
--------------
    CN=Test REC,OU=MIS Test OU,OU=360 MIS,OU=FINANCE DIV.,OU=Departments,DC=GRF-LW,DC=INTERNAL
    Last time Group Policy was applied: 2/28/2011 at 1:20:56 PM
    Group Policy was applied from:      GRF-LW-DC5.GRF-LW.INTERNAL
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        No Internet Proxy Settings

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups:
    ----------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Administrators
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        LOCAL
       
    Resultant Set Of Policies for User:
    ------------------------------------

        Software Installations
        ----------------------
            N/A

        Public Key Policies
        -------------------
            N/A

        Administrative Templates
        ------------------------
            N/A

        Folder Redirection
        ------------------
            N/A

        Internet Explorer Browser User Interface
        ----------------------------------------
            GPO: No Internet Proxy Settings
                Large Animated Bitmap Name:      N/A
                Large Custom Logo Bitmap Name:   N/A
                Title BarText:                   N/A
                UserAgent Text:                  N/A
                Delete existing toolbar buttons: No

        Internet Explorer Connection
        ----------------------------
            HTTP Proxy Server:   200.201.201.201:9321
            Secure Proxy Server: 200.201.201.201:9321
            FTP Proxy Server:    200.201.201.201:9321
            Gopher Proxy Server: 200.201.201.201:9321
            Socks Proxy Server:  200.201.201.201:9321
            Auto Config Enable:  No
            Enable Proxy:        Yes
            Use same Proxy:      Yes

        Internet Explorer URLs
        ----------------------
            GPO: No Internet Proxy Settings
                Home page URL:           N/A
                Search page URL:         N/A
                Online support page URL: N/A

        Internet Explorer Security
        --------------------------
            Always Viewable Sites:     N/A
            Password Override Enabled: False

            GPO: No Internet Proxy Settings
                Import the current Content Ratings Settings:      No
                Import the current Security Zones Settings:       No
                Import current Authenticode Security Information: No
                Enable trusted publisher lockdown:                No

        Internet Explorer Programs
        --------------------------
            GPO: No Internet Proxy Settings
                Import the current Program Settings: No
0
 

Author Comment

by:CCNPwanabe
ID: 35001556
I dont know how that proxy setting is being filtered, its the only policy I have linked to the OU that the user is in, and have it mapped to the user???? W T H????
0
 
LVL 11

Expert Comment

by:Renato Montenegro Rustice
ID: 35002274
For the "The system cannot find the path specified" try running adprep in your domain controller with the following command line:

adprep /domainprep /gpprep

Use http://technet.microsoft.com/en-us/library/dd464018(WS.10).aspx for further reference.

You should run this command from the Windows CD. Run this command only in the server that's holding the infrastructure operation master. To find out which server is running the role, just use this command:

netdom query fsmo

There's no problem running this adprep command, even if you already did it. It will fix the ACEs (Access Control Entries) for the group policy structure. After running it, make sure to force a full replication on the domain controllers and try everything again. See if we make any advance.
0
 
LVL 7

Expert Comment

by:holthd
ID: 35002690
To add to @rmrustice's advice;
* find the guid of the gpo trough you gpo management app, open \\GRF-LW.INTERNAL\sysvol\GRF-LW.INTERNAL\<guid>\user and make sure all files are present and identical on all dc's. Replace GRF-LW.INTERNAL with the dc hostname to target a specific dc.
* run dcdiag /v to see if reports replication issues
-Daniel
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 35002712
Hi,

GPO could be filtered due to security filtering if you have in place
Just create a new test GPO with loopbackup processing enabled.Create a test user, test ou.

Apply there. It may take a while for it come in effect.

Run GPUpdate /force on client and PDC emulator role holding DC. If that doesn't work upload client side GPO user mode log. Also it's good practice to upload the log, makes ur post easy to read.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 12

Expert Comment

by:Navdeep
ID: 35002720
you can run repadmin /replsummary to check if you are running into replication issues as suggested by other Experts
0
 

Author Comment

by:CCNPwanabe
ID: 35009393
Sorry for the delay on this, I am being put to another task right now at the office, and Ill get back to this question asap
thanks to all who are helping me figure this out.
more later.
0
 

Author Comment

by:CCNPwanabe
ID: 35071094
Sorry it has taken so long to get back to this, been pretty crazy around here...
V2NAS---->I ran the replsummary and all the DC's are fine, and there were no errors.

I recreated a fresh GPO, and made a bunch of settings like not to open the internet tools or options menus, hide favorites,  ect ect... I also set up the connections to use a proxy and to not automatically detect the internet connection...
strangely enough... for what ever reasaon, all the settings work EXCEPT the settings to setup the proxy....
this is insane!!!!, making me insane anyway...
Any thoughts???
0
 

Author Comment

by:CCNPwanabe
ID: 35085753
Ok I think I have something here....
Im looking at the permissions in  ADUC for the System>policy OU and the "domain controlers" is not listed in the security tab... Also I see that "enterprise Domain controllers are listed with read, read permissions, and list contents... BUT I lookin the OU that has our 3 dc's and none of them are members of the "Enterprise Domain Comtrollers"... could this  be the issue???
0
 
LVL 11

Accepted Solution

by:
Renato Montenegro Rustice earned 500 total points
ID: 35089218
Have you ran the adprep?

Another thing I was thinking is a case I saw before in a costumer. We have an issue were the proxy GPO was not working correctly. In that case, we found two problems:

1) There were competing GPOs with conflicting proxy settings (several of them).

2) In the list of addresses exclusions, there was invalid characters. That was causing the proxy settings to fail. Remove all of your exclusions and see if the proxy settings apply correctly. If so, add them one by one until you find the culprit.
0
 

Author Comment

by:CCNPwanabe
ID: 35089526
thats a pretty good plan... we ran the ad prep when we installed 2 2008 servers about 6 months ago,.... we still have a single 03 dc left in the forest. I will try running it again tomorrow, Im not holding out too much hope though...
I did go thru the other gpos in the mix ( default domain ect ect ) and got rid of the  'automatically configure" settingin the connections in the internet explorer maint section of the user windows settings area...
Ill try your idea now. and let you know...
0
 

Author Comment

by:CCNPwanabe
ID: 35089545
that was it!
T H A N K Y O U ! ! ! ! ! !
just for the info, how does one add multiple sites in the exclusion list for sites to bypass the proxy???? I thought it was a semi colon.....  http://sitename.com;http://anothersite.com;https://securesite.com
am I wrong?
0
 

Author Comment

by:CCNPwanabe
ID: 35089615
seems like i cant add more than two
0
 
LVL 11

Expert Comment

by:Renato Montenegro Rustice
ID: 35090062
I dont know how many exclusions you can add, but I it's certainly more than two. I think the problem is the http://. I am not sure about that. But you don't need to inform the protocol anyway. Use things like that:

*.sitename.com;hostname1;192.168.*

And so on. That will work for sure.

Try to stay shorter than 1000 characters. I dont think you can add more than that in the list.
0
 
LVL 11

Expert Comment

by:Renato Montenegro Rustice
ID: 35090100
Just for curiosity sake. Have the event IDs 1085, 4098 and 8194 gone after you fixed the exclusion lists?
0
 

Author Comment

by:CCNPwanabe
ID: 35095741
All except for on drive mapping policy, that I really dont care about... Im as happy as a clam( not i dea about the happiness that are able to achieve, but rather happy indeed! ) and everything works  perfect...  Looks like it turned out to be the combinations of IPs and Http and https's that we had in the exclution lists....
all is functioning and cleaned up... points awarded to RMRUSTICE
but I need to make a shout out to all who helped with this!

thanks every one!
0
 

Author Closing Comment

by:CCNPwanabe
ID: 35095754
the key is adding one exclusion at a time and retesting the settings.
0
 

Expert Comment

by:MonyMony
ID: 38793550
For me I was getting this same error but only on one server.  All other servers were processing the GPOs correctly.  Removing the one server having the issue from the domain and then re-adding it resolved my issue.
0

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now