?
Solved

Group policy not working

Posted on 2011-10-13
5
Medium Priority
?
237 Views
Last Modified: 2012-05-12
hi guys,

I've got two sites. Both sites have DCs running in a 2008 environment  and are on the same domain through VPN. Between site 1 and site 2 is a firewall.

Locally at our end (site1), I've deployed some printers using Group Policies and it works when I log to a terminal server. However, when I do the same thing at site 2 and log on to their terminal services, the printers don't load.

I ran gpresult /z at both ends. At site 2, you can see that the 'Printers for Quantiv' is denied. At site 1, it is working. Can you guys see from the results I've posted and see what could be the reason?

Thanks a lot
Yashy
gpresult-site-1.txt
gpresult-site-2.txt
0
Comment
Question by:Yashy
  • 2
  • 2
5 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36961957
Hi, make sure that all necessary ports are opened on firewall fo AD data replication
http://technet.microsoft.com/en-us/library/bb727063.aspx

Looks like something with replication between Sites

Regards,
Krzysztof
0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 36962079
Didn't you just ask this question and get a resolution?

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_27376611.html

Even iSiek participated there.
0
 
LVL 1

Author Comment

by:Yashy
ID: 36962971
Yes, I did. However, the issue was I didn't test it. We were told some ports were closed. They opened those ports, we tested it and didn't work. By that time, I had already closed the question:(.
0
 
LVL 23

Accepted Solution

by:
TheCleaner earned 2000 total points
ID: 36963291
And you have a DC in Site #2 that replicates with Site #1?  
Is replication working correctly?

If you go to \\DCname\sysvol and drill down on all of the DC's does it show the policy on all of them?

Did you verify the permissions on the GPO?  Have you tried setting the permissions to "authenticated users" if they are narrowed down beyond that?

Can you go to \\dcname\sysvol\domain.com\scripts and see the script on all DC's?  Can you run it manually from that path after logging in?  Especially try to run it from the MFN10DOM01 path.

Finally, run the Group Policy Modeling Wizard in GPMC and specify the MFN10DOM01 domain controller as the DC to use but use a computer like "Exchange" (the one you ran it on from site#1) as the computer account to model, and the same user account you used for both sites.  That should help you as well.
0
 
LVL 1

Author Comment

by:Yashy
ID: 36999448
Permissions in the sysvol folder:). Thanks man.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

750 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question