Solved

Can't deploy registry setting via GPP

Posted on 2011-03-03
9
1,239 Views
Last Modified: 2013-12-27
Hello all

I'm trying to create an "Auto Logon" procedure for a render farm at an animation company.  Basically I'm trying to add\update registry keys that will enable AutoLogon.  We have a Windows 2003 R2 Server (with SP2).  I have installed RSAT on a Windows 7 64bit domain member and tried configuring the Group Policy Preference from there.  I create the registry keys etc and force it to update.  I have added only 1 PC to the scope for testing purposes.  I force the test PC (also Windows 7 64bit domain member) to update the Group Policy but the changes do not update in the registry.

I have also tried with just test keys but nothing seems to be created on the test PC.

I also configured an AutoLogin ADM but still the same result... nothing on the Test PC.

No doubt I'm doing something stupid and will be stoked if someone can tell me what that something stupid is.
0
Comment
Question by:stormstar
  • 7
  • 2
9 Comments
 
LVL 5

Accepted Solution

by:
jhill777 earned 500 total points
ID: 35028036
Run the Group Policy Results Wizard, entering the computer name of the one PC you have in that OU where the GPO is applied.  Will probably be some errors in there.  We can start there.
0
 

Author Comment

by:stormstar
ID: 35031374
Thanks mate...

Sadly I'm pretty new to this so I only googled on how to do that.

From the Server, I opened a command Window and typed "gpresult /s T1011D29 (which is the PC name)
This came back saying "Getting the domain information ...ERROR:  An unexpected error occurred."

Any suggestions?

The remote machine is on etc...
0
 

Author Comment

by:stormstar
ID: 35031594
Hello again

Thanks for your help so far jhill777.  I think you've got me heading in the right direction.

After getting the error above, I ran the gpresult /R command straight from the T1011D29 machine.  Under the section "Applied Group Policy Objects" I did not see my new GPO "Rendernode AutoLogon".  It also was not listed in the GPOs that were filtered out etc.

Anyway...  First of all a stupid mistake (as I am new to this).  I hadn't gone into the AD and linked the GPO yet.  I did this and linked it to the "3D Department" which contains the group "Rendernodes" which contains the PC "T1011D29".  In GP then when I go to this GPO, now in the Links section I have 3D Department, and in the Security Filtering below that, I have the machine T1011D29 only.  That all seemed right to me...  Please correct me if I'm wrong.

Anyway...  I forced GP to update.  I ran gpupdate at the server and gpupdate /force on T1011D29 but still no changes to the registry.

Hopefully this new info may help us come to a solution.  Thanks again for your help.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:stormstar
ID: 35031716
Sorry mate...  Another update.  I keep trying new things and just update you with what I find.

OK.  So I went to one of my Windows 7 boxes and using GPP created a new PO called TEST.  Basically I set it to create a junk key in the HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Again no key was created...  BUT... when I ran gpresult /r, my new GPO was listed in the "GPO not applied as it was filtered out".

Could you tell me where I went wrong with that one?  It seems that one is a lot closer to working than the other so if I can get that working, I'll be happy and will create the AutoLogin reg keys that way.

Thanks again
0
 

Author Comment

by:stormstar
ID: 35031777
Under the "GPO not applies as it was filtered" section...  The new TEST GPO says Denied (Security).
0
 

Author Comment

by:stormstar
ID: 35032974
Just for further info.  I played around with the security stuff and was able to get it to say it was filtered as it was empty.  I then realised I was only looking at the "User" side of the policy.  I specified /SCOPE Computer and got access denied.  Added the user as local admin and could then access the Computer side.  It too got the same "Empty" result.

Copied the same TEST registry key to the User Configuration (as opposed to Computer Configuration) and the Key creates successfully.

Hope this helps.
0
 

Author Comment

by:stormstar
ID: 35041362
In the end I dragged the GPO up to the entire domain and it seemed to work fine after that.  I will assume it was conflicting with another GPO and some inheritance was screwing up or something.  Either way it's working great now.

jhill777 got me on the right track by getting me to use gpresult etc.  I am quite new to GP so I hadn't seen this before.  That in mind I am giving him half the points.

Thanks
0
 

Author Closing Comment

by:stormstar
ID: 35041364
In the end I dragged the GPO up to the entire domain and it seemed to work fine after that.  I will assume it was conflicting with another GPO and some inheritance was screwing up or something.  Either way it's working great now.

jhill777 got me on the right track by getting me to use gpresult etc.  I am quite new to GP so I hadn't seen this before.  That in mind I am giving him the points.

Thanks
0
 
LVL 5

Expert Comment

by:jhill777
ID: 35071279
Glad to hear you got it all figured out.  I was out of town and hadn't been able to get back in here until now.  Just a side not, if ever you think that one of your GPOs is being blocked by another, you can "Enforce" it which will change the order in which the GPOs are applied thus "forcing" it to be applied by right clicking the GPO and selecting "Enforced".
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Back in July, I blogged about how Microsoft's new server pricing model, combined with the end of the Small Business Server package, would result in significant cost increases for many small businesses (see SBS End of Life: Microsoft Punishes Small B…
Smartwatches: just a fashion accessory or a useful device for all? The Apple Watch (http://www.apple.com/watch/) was launched in April of 2015 and has become a new way for iPhone users to stay connected. Ranging from $349 to $17,000, the Apple Watch…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now