?
Solved

GPO not applying

Posted on 2012-08-16
13
Medium Priority
?
644 Views
Last Modified: 2012-08-26
Hi all,

I have a standalone 2003 server which is a DC & I have joined 15 PCs to its Domain successfully.
I have implemented a GPO to lockdown those PCs, but the GPO isnt applying to any of the PCs.
The Link is Enabled & Enforced.
I have ran gpresult on the PCs which states that the gpo is not found.
I have made sure the securities are right i.e. Authenticated Users = Read priveleges.
I have it on the right OU, which contains accounts, Computers are in another OU.
I have only used User settings.
I dont have loopback processing enabled.
I have ran Windows Server 2003 Resource Kit Tools using gpotools cmd which says the GPO is ok.

Has anyone else got any other suggestions?
0
Comment
Question by:craigaddison
  • 5
  • 2
  • 2
  • +4
13 Comments
 
LVL 1

Expert Comment

by:Andrew_Ellis
ID: 38300748
I've had issues like this before, and came back a day later to find it working. Computer settings sometimes take a day or two to kick in, no idea why.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 38300759
What is the operating system of the workstations? Are the users logging on with domain user accounts(not local user accounts)? Check in the event logs on some of the workstations and see if there are any GPO-related errors. The source of the errors would be Userenv or SceCli.
0
 
LVL 6

Expert Comment

by:arroryn
ID: 38300787
What are you trying to lock down? Does the GPO apply to computer or user objects? If user objects, have you tried applying the GPO as a domain administrator?

Have you checked the event logs on an affected machine to see if there are any events relating to group policies (specifically failures)?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:craigaddison
ID: 38300852
GPO applies to User settings.
It has been a few days since I set it and still nothing.
Operating system = XP
0
 
LVL 11

Expert Comment

by:Venugopal N
ID: 38301047
1.Is the OU contains Users to which the GPO is linked ( user setting GPO)?
2.Login as the user and run the gpupdate /force and check if the GPO applies to the client.
3.Is the GPO not applying to any client?
4.Make sure that the user ( Authenticated) have  Read and Apply Group policy permission for the GPO.
0
 
LVL 30

Accepted Solution

by:
Sudeep Sharma earned 2000 total points
ID: 38301687
Do you have correct DNS settings?

Further as suggested by arroryn did you check event viewer for any error message related to GPO?

Further what is the result from gpresult.exe /R from the command prompt?
0
 

Author Comment

by:craigaddison
ID: 38302031
I have not had a chance to do the checks from above, I will complete these tomorrow. I will post the results here then.

My DNS is primarily pointed at the DC server, then secondarily pointed at the router gateway. i.e  192.168.1.5
      192.168.1.1
Is that correct?
0
 

Author Comment

by:craigaddison
ID: 38303940
Yes the Users are in the right OU that has the GPO applied.
The Users are logging in with Domain Accounts.
There are no entries in the Event Log of Userenv or SceCli type or of any logon nature.
I'm just trying to lockdown basic things like no Run command etc... & I'm trying to repoint the Docs & Desktop folders to the server & I have a logon script in the gpo to map a shared drive, so nothing out of the ordinary.
I have ran gpupdate /force on the clients & server & it still hasn't made a difference.
The GPO is not applying to any client.
Authenticated User has Read & Apply group policy set to allow.
Gpresult states that 'INFO: The policy object does not exist'
0
 
LVL 7

Expert Comment

by:joensw
ID: 38304398
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 38304763
What OU are the users in? Where did you create and link the GPO (i.e., at the domain level or at the OU level)? Please describe how this is configured.  I know that you said it was in the right OU, but by your description of the GPResult message, it sounds as though the group policy is not being applied to the OU that contains your user accounts. In the group policy management console, click on your GPO and then do a screen capture of the Scope information.  Then click on the Settings tab. When the report appears, right-click and print it to a file and post that screen capture and file here for analysis.

You should remove the secondary DNS server (your router IP address) from the server and all workstations.  It's not doing anything useful.
0
 
LVL 11

Expert Comment

by:Venugopal N
ID: 38311817
Check if any GPO has been set to Nooveride ( which is applied on parent level or at the same level).To get the list of GPo applied to the user, Run gpresult and check the Nooverride setting of each GPO.

http://technet.microsoft.com/en-us/library/cc978255.aspx
0
 

Author Comment

by:craigaddison
ID: 38333993
All sorted. Thanks for the help
0
 

Author Closing Comment

by:craigaddison
ID: 38333994
Thanks
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question