Windows Server 2003 GPO overwriting 2008 GPO
Posted on 2011-03-17
Basic problem: The old 2003 GPO is still applying even though I've created a new GPO in 2008
Server1 = Windows 2003 with 2003 AD acting as BDC. Up until 3 months ago it was the only server in the domain. It also supplied all DNS and DHCP services as well. It was recently demoted from PDC when the second server was installed.
Server2 = Windows 2008 R2. Recently added because Server1 was failing drives and having intermitten problems. We added it to the domain and promoted it (after upgrading the schema on the 2003 server) to PDC. All was running well until today.
Users = From the beginning (3 years ago), I've always authenticated users on the domain and redirected their My Documents and Desktop to a share on Server1. Total computers are 15 - all Windows 7 Pro but 3 are still XP.
GPO = I've been using a GPO called "User GPO Default Policy" that I made and this is where all the policies came from for Folder Redirection. This policy was created on the 2003 server and worked just fine until today. Today I tried to change one of the Folder Redirection settings (Start Menu) from the 2008 server Group Policy Manager to point from the old share on the 2003 server to a new share on the 2008 server. After a "gpupdate /force" and also a reboot of both servers (a couple of times), the settings would not apply. I would go to one of the user computers, log out / log in and nothing changed on the new share. I keep looking in the new share to see the new folders that should be automatically created upon login, but nothing. So, I created a brand new GPO in the 2008 GPM, link it to the OU and then delete the old GPO completely (probably shouldn't have done that). Now, when the users login, their Documents are not available.
One more thing to note, when I would try and create or change the Folder Redirection from the 2003 GPM, it would tell me I didn't have access to that directory located on the 2008 server. However, I could browse to that share on Server2 just fine from Server1. The share on Server2 is "User Redirection" and I want the policy to do basic redirection and create each users folder under this share (remember I've already done this on Server1 before). Permissions for the share on Server1 are:
CREATOR OWNER = Full Control (Subdirectory and files)
SYSTEM = Full Control
Administrators = Full Control
Authenticated Users = Full Control (Subdirectory and files)
When I do a "gpresult", it still show the policy coming from Server1.