Solved

Can't deploy registry setting via GPP

Posted on 2011-03-03
9
1,260 Views
Last Modified: 2013-12-27
Hello all

I'm trying to create an "Auto Logon" procedure for a render farm at an animation company.  Basically I'm trying to add\update registry keys that will enable AutoLogon.  We have a Windows 2003 R2 Server (with SP2).  I have installed RSAT on a Windows 7 64bit domain member and tried configuring the Group Policy Preference from there.  I create the registry keys etc and force it to update.  I have added only 1 PC to the scope for testing purposes.  I force the test PC (also Windows 7 64bit domain member) to update the Group Policy but the changes do not update in the registry.

I have also tried with just test keys but nothing seems to be created on the test PC.

I also configured an AutoLogin ADM but still the same result... nothing on the Test PC.

No doubt I'm doing something stupid and will be stoked if someone can tell me what that something stupid is.
0
Comment
Question by:stormstar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 2
9 Comments
 
LVL 5

Accepted Solution

by:
jhill777 earned 500 total points
ID: 35028036
Run the Group Policy Results Wizard, entering the computer name of the one PC you have in that OU where the GPO is applied.  Will probably be some errors in there.  We can start there.
0
 

Author Comment

by:stormstar
ID: 35031374
Thanks mate...

Sadly I'm pretty new to this so I only googled on how to do that.

From the Server, I opened a command Window and typed "gpresult /s T1011D29 (which is the PC name)
This came back saying "Getting the domain information ...ERROR:  An unexpected error occurred."

Any suggestions?

The remote machine is on etc...
0
 

Author Comment

by:stormstar
ID: 35031594
Hello again

Thanks for your help so far jhill777.  I think you've got me heading in the right direction.

After getting the error above, I ran the gpresult /R command straight from the T1011D29 machine.  Under the section "Applied Group Policy Objects" I did not see my new GPO "Rendernode AutoLogon".  It also was not listed in the GPOs that were filtered out etc.

Anyway...  First of all a stupid mistake (as I am new to this).  I hadn't gone into the AD and linked the GPO yet.  I did this and linked it to the "3D Department" which contains the group "Rendernodes" which contains the PC "T1011D29".  In GP then when I go to this GPO, now in the Links section I have 3D Department, and in the Security Filtering below that, I have the machine T1011D29 only.  That all seemed right to me...  Please correct me if I'm wrong.

Anyway...  I forced GP to update.  I ran gpupdate at the server and gpupdate /force on T1011D29 but still no changes to the registry.

Hopefully this new info may help us come to a solution.  Thanks again for your help.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:stormstar
ID: 35031716
Sorry mate...  Another update.  I keep trying new things and just update you with what I find.

OK.  So I went to one of my Windows 7 boxes and using GPP created a new PO called TEST.  Basically I set it to create a junk key in the HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Again no key was created...  BUT... when I ran gpresult /r, my new GPO was listed in the "GPO not applied as it was filtered out".

Could you tell me where I went wrong with that one?  It seems that one is a lot closer to working than the other so if I can get that working, I'll be happy and will create the AutoLogin reg keys that way.

Thanks again
0
 

Author Comment

by:stormstar
ID: 35031777
Under the "GPO not applies as it was filtered" section...  The new TEST GPO says Denied (Security).
0
 

Author Comment

by:stormstar
ID: 35032974
Just for further info.  I played around with the security stuff and was able to get it to say it was filtered as it was empty.  I then realised I was only looking at the "User" side of the policy.  I specified /SCOPE Computer and got access denied.  Added the user as local admin and could then access the Computer side.  It too got the same "Empty" result.

Copied the same TEST registry key to the User Configuration (as opposed to Computer Configuration) and the Key creates successfully.

Hope this helps.
0
 

Author Comment

by:stormstar
ID: 35041362
In the end I dragged the GPO up to the entire domain and it seemed to work fine after that.  I will assume it was conflicting with another GPO and some inheritance was screwing up or something.  Either way it's working great now.

jhill777 got me on the right track by getting me to use gpresult etc.  I am quite new to GP so I hadn't seen this before.  That in mind I am giving him half the points.

Thanks
0
 

Author Closing Comment

by:stormstar
ID: 35041364
In the end I dragged the GPO up to the entire domain and it seemed to work fine after that.  I will assume it was conflicting with another GPO and some inheritance was screwing up or something.  Either way it's working great now.

jhill777 got me on the right track by getting me to use gpresult etc.  I am quite new to GP so I hadn't seen this before.  That in mind I am giving him the points.

Thanks
0
 
LVL 5

Expert Comment

by:jhill777
ID: 35071279
Glad to hear you got it all figured out.  I was out of town and hadn't been able to get back in here until now.  Just a side not, if ever you think that one of your GPOs is being blocked by another, you can "Enforce" it which will change the order in which the GPOs are applied thus "forcing" it to be applied by right clicking the GPO and selecting "Enforced".
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A lot of new and distinct gadgets are making their appearance every other day. The latest gadget that has wooed the attention of all gadget lovers and non gadget lovers alike is the Smartwatch. This tiny gadget is capable of offering live access to …
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question