Group policy not working

Posted on 2011-10-13
Last Modified: 2012-05-12
hi guys,

I've got two sites. Both sites have DCs running in a 2008 environment  and are on the same domain through VPN. Between site 1 and site 2 is a firewall.

Locally at our end (site1), I've deployed some printers using Group Policies and it works when I log to a terminal server. However, when I do the same thing at site 2 and log on to their terminal services, the printers don't load.

I ran gpresult /z at both ends. At site 2, you can see that the 'Printers for Quantiv' is denied. At site 1, it is working. Can you guys see from the results I've posted and see what could be the reason?

Thanks a lot
Question by:Yashy
    LVL 39

    Expert Comment

    by:Krzysztof Pytko
    Hi, make sure that all necessary ports are opened on firewall fo AD data replication

    Looks like something with replication between Sites

    LVL 23

    Expert Comment

    Didn't you just ask this question and get a resolution?

    Even iSiek participated there.
    LVL 1

    Author Comment

    Yes, I did. However, the issue was I didn't test it. We were told some ports were closed. They opened those ports, we tested it and didn't work. By that time, I had already closed the question:(.
    LVL 23

    Accepted Solution

    And you have a DC in Site #2 that replicates with Site #1?  
    Is replication working correctly?

    If you go to \\DCname\sysvol and drill down on all of the DC's does it show the policy on all of them?

    Did you verify the permissions on the GPO?  Have you tried setting the permissions to "authenticated users" if they are narrowed down beyond that?

    Can you go to \\dcname\sysvol\\scripts and see the script on all DC's?  Can you run it manually from that path after logging in?  Especially try to run it from the MFN10DOM01 path.

    Finally, run the Group Policy Modeling Wizard in GPMC and specify the MFN10DOM01 domain controller as the DC to use but use a computer like "Exchange" (the one you ran it on from site#1) as the computer account to model, and the same user account you used for both sites.  That should help you as well.
    LVL 1

    Author Comment

    Permissions in the sysvol folder:). Thanks man.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Suggested Solutions

    Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
    [b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now