GPO is applied, according to gpresult, but folders aren't redirecting

As the title says, GPOs on Server 2008 R2 are applied on Win 7 x86 machines according to gpresult, but the folders are not being redirected.

Help appreciated.
LVL 9
VampireofdarknessAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

VampireofdarknessAuthor Commented:
To clarify, SOME users on the Win 7 machines are receiving the GPO fine. Some are not. All are set in the scope.
0
ncollingsCommented:
Folder redirection posts very informative entries in the event log on the client machine. Please could you see if anything is logged and post the event
0
VampireofdarknessAuthor Commented:
Failed to apply policy and redirect folder "Documents" to "\\server\User Profiles$\sfranklin\My Documents".
Redirection options=0x80009231.
The following error occurred: "Can not create folder "\\server\User Profiles$\sfranklin\My Documents"".
Error details: "Access is denied.
".

Share Permissions: Everyone (Change, Read)
Security Permissions: Everyone (Full), SYSTEM (Full), Administrator (Full), Administrators (Full), CREATOR OWNER (Full)
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

ncollingsCommented:
Are these the permissions on the Profiles$ folder?
Did the sfranklin folder already exist?
0
VampireofdarknessAuthor Commented:
Those permissions are on the User Profiles$ folder. sfranklin does already exist (folders created by policy!), but the redirection is only working on some of the machines and not all machines.

Some documents locations are \\server\...\, others are C:\Users\sfranklin

All users in ADUC have a folder under User Profiles$ share, all created by policy, which says the policy is working fine... but it isn't!
0
VampireofdarknessAuthor Commented:
The same thing is happening for a proxy settings GPO. Gpresult shows the policy has been applied, but the proxy settings aren't there.

Again, scope has authenticated users. Tried with domain users and all security groups associated with the account.
0
ncollingsCommented:
So is this problem with specific machines or specific users?
0
VampireofdarknessAuthor Commented:
I am assuming machines are the cause.

I can log on to one machine and the policies are applied. I then log on to another and the policies are not applied (in the case of proxy at least).

The computer to my left has not received proxy settings. The computer to my right has received proxy settings. Neither have received folder redirection.

Owner of \\server\User Profiles$\sfranklin\ is sfranklin@domain.local. Everyone has Full NTFS Permissions on folder and all subfolders. Same permissions apply to My Documents and Desktop folders within.
0
VampireofdarknessAuthor Commented:
I have six machines in a row. 4 have applied folder redirection for the Desktop, 2 have not. Same user on all machines. All logged on sequentially after the last had finished logging in. Numbers that failed are 3 and 6.
0
VampireofdarknessAuthor Commented:
Logged onto another 7, without waiting between logons and machines 1, 3, 4, 5, 6, 7 all had the desktop redirection policy applied. Machine 2 did not.
0
VampireofdarknessAuthor Commented:
Out of all 13, none applied the documents redirect. All but 1 applied the proxy settings (no. 2 of the original 6)
0
johnb6767Commented:
Ok, so same user fails on 1 machine but he succeeds on another... Rules out permissions....

Least I think they do....

I was goi to suggest to grant ownership of this user's folder on the server, but shouldn't matter in this case.

Might need to look at Process Monitor's Boot Logging to see if we can capture EXACTLY where the denial is coming from....

Http://live.sysinternals.com/procmon.exe

Options/Enable Boot Loging, then reboot, and launch it again to process the logs...

Additionally, gpo debug logging might shed some light..... Need a link to enable it though for you...
0
VampireofdarknessAuthor Commented:
I will be at this site again either tomorrow, Thursday or Friday so will check then. In addition, I'll be using the steps from a combination of these:

  1. http://www.windows7library.com/blog/problems/troubleshooting-group-policy/
  2. http://social.technet.microsoft.com/Forums/en/winserverGP/thread/a9b36648-aa9f-4ff7-b23f-c1123b7984e9
  3. http://blogs.technet.com/b/askds/archive/2008/07/18/enabling-group-policy-preferences-debug-logging-using-the-rsat.aspx

What I don't particularly want to do is rebuild machines to see if there is just a conflict somewhere, as this isn't an isolated case. Different machines do and do not receive different policies correctly for different users. I'd have to rebuild them all and keep my fingers crossed.

Perhaps re-adding the machines to the domain will kick-start policies again? Remove from domain, delete any domain related profiles, add to domain? I don't suppose you'd know where the Group Policy cache is on a Win 7 machine?
0
johnb6767Commented:
C:\Windows\System32\GroupPolicy
0
VampireofdarknessAuthor Commented:
Apologies for the delay.

- Rejoined to domain, no change.
- Ran Procmon
- Re-created GPOs
- Forced updates of GPOs
- Deleted and re-created users
- Took ownership of and deleted user folder
- GPO cache is empty

Tests on PC1 using user1, user2, user3. All users are members of the same groups. Policy scope is set to 'Everyone' and 'Domain Computers'.

user1: Desktop redirects, Proxy Settings OK, Documents redirect
user2: Desktop redirects, Proxy Settings OK, Documents redirect
user3: none

PC2, same users

user1: Desktop redirects, Proxy Settings OK, Documents redirect
user2: Desktop redirects, Proxy Settings OK, Documents redirect
user3: Desktop redirects, Proxy Settings OK, Documents redirect

PC3, same users

user1: Desktop redirects, Proxy Settings OK, Documents redirect
user2: Desktop redirects, Proxy Settings OK, Documents redirect
user2: Proxy Settings OK

PC4, same users

user1: Desktop redirects, Proxy Settings OK
user2: Desktop redirects, Proxy Settings OK, Documents redirect
user2: Proxy Settings OK
0
VampireofdarknessAuthor Commented:
Changed from \\server\User Profiles$\ to \\server\User Profiles\ and removed exclusive rights on the FOLDER REDIRECTION and it appears to have also solved issues with proxy settings, folder redirection, etc... Not ideal as now no privacy...although the folders are already created, so perhaps it won't matter for existing users.

Believe this customer is a PITA though, as not two days after demonstrating it all working they're claiming all files are deleted from their redirected folders (policies are set to return documents to original locations). Folders/files were all in place at the time I left, tested on 8 different users.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
VampireofdarknessAuthor Commented:
See comment.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.