Solved

Can't deploy registry setting via GPP

Posted on 2011-03-03
9
1,248 Views
Last Modified: 2013-12-27
Hello all

I'm trying to create an "Auto Logon" procedure for a render farm at an animation company.  Basically I'm trying to add\update registry keys that will enable AutoLogon.  We have a Windows 2003 R2 Server (with SP2).  I have installed RSAT on a Windows 7 64bit domain member and tried configuring the Group Policy Preference from there.  I create the registry keys etc and force it to update.  I have added only 1 PC to the scope for testing purposes.  I force the test PC (also Windows 7 64bit domain member) to update the Group Policy but the changes do not update in the registry.

I have also tried with just test keys but nothing seems to be created on the test PC.

I also configured an AutoLogin ADM but still the same result... nothing on the Test PC.

No doubt I'm doing something stupid and will be stoked if someone can tell me what that something stupid is.
0
Comment
Question by:stormstar
  • 7
  • 2
9 Comments
 
LVL 5

Accepted Solution

by:
jhill777 earned 500 total points
ID: 35028036
Run the Group Policy Results Wizard, entering the computer name of the one PC you have in that OU where the GPO is applied.  Will probably be some errors in there.  We can start there.
0
 

Author Comment

by:stormstar
ID: 35031374
Thanks mate...

Sadly I'm pretty new to this so I only googled on how to do that.

From the Server, I opened a command Window and typed "gpresult /s T1011D29 (which is the PC name)
This came back saying "Getting the domain information ...ERROR:  An unexpected error occurred."

Any suggestions?

The remote machine is on etc...
0
 

Author Comment

by:stormstar
ID: 35031594
Hello again

Thanks for your help so far jhill777.  I think you've got me heading in the right direction.

After getting the error above, I ran the gpresult /R command straight from the T1011D29 machine.  Under the section "Applied Group Policy Objects" I did not see my new GPO "Rendernode AutoLogon".  It also was not listed in the GPOs that were filtered out etc.

Anyway...  First of all a stupid mistake (as I am new to this).  I hadn't gone into the AD and linked the GPO yet.  I did this and linked it to the "3D Department" which contains the group "Rendernodes" which contains the PC "T1011D29".  In GP then when I go to this GPO, now in the Links section I have 3D Department, and in the Security Filtering below that, I have the machine T1011D29 only.  That all seemed right to me...  Please correct me if I'm wrong.

Anyway...  I forced GP to update.  I ran gpupdate at the server and gpupdate /force on T1011D29 but still no changes to the registry.

Hopefully this new info may help us come to a solution.  Thanks again for your help.
0
How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

 

Author Comment

by:stormstar
ID: 35031716
Sorry mate...  Another update.  I keep trying new things and just update you with what I find.

OK.  So I went to one of my Windows 7 boxes and using GPP created a new PO called TEST.  Basically I set it to create a junk key in the HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Again no key was created...  BUT... when I ran gpresult /r, my new GPO was listed in the "GPO not applied as it was filtered out".

Could you tell me where I went wrong with that one?  It seems that one is a lot closer to working than the other so if I can get that working, I'll be happy and will create the AutoLogin reg keys that way.

Thanks again
0
 

Author Comment

by:stormstar
ID: 35031777
Under the "GPO not applies as it was filtered" section...  The new TEST GPO says Denied (Security).
0
 

Author Comment

by:stormstar
ID: 35032974
Just for further info.  I played around with the security stuff and was able to get it to say it was filtered as it was empty.  I then realised I was only looking at the "User" side of the policy.  I specified /SCOPE Computer and got access denied.  Added the user as local admin and could then access the Computer side.  It too got the same "Empty" result.

Copied the same TEST registry key to the User Configuration (as opposed to Computer Configuration) and the Key creates successfully.

Hope this helps.
0
 

Author Comment

by:stormstar
ID: 35041362
In the end I dragged the GPO up to the entire domain and it seemed to work fine after that.  I will assume it was conflicting with another GPO and some inheritance was screwing up or something.  Either way it's working great now.

jhill777 got me on the right track by getting me to use gpresult etc.  I am quite new to GP so I hadn't seen this before.  That in mind I am giving him half the points.

Thanks
0
 

Author Closing Comment

by:stormstar
ID: 35041364
In the end I dragged the GPO up to the entire domain and it seemed to work fine after that.  I will assume it was conflicting with another GPO and some inheritance was screwing up or something.  Either way it's working great now.

jhill777 got me on the right track by getting me to use gpresult etc.  I am quite new to GP so I hadn't seen this before.  That in mind I am giving him the points.

Thanks
0
 
LVL 5

Expert Comment

by:jhill777
ID: 35071279
Glad to hear you got it all figured out.  I was out of town and hadn't been able to get back in here until now.  Just a side not, if ever you think that one of your GPOs is being blocked by another, you can "Enforce" it which will change the order in which the GPOs are applied thus "forcing" it to be applied by right clicking the GPO and selecting "Enforced".
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
How can this article save you time AND money?  In just a few minutes you may discover something you didn't know existed that is easy enough for you to fix yourself!
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question