GPO not applying to workstation but applying to servers
I'm having issues with GPO's not applying to users. I have a GPO that is applied to our server team that maps drives for them. I can't figure out why the policy applies to the server when I log in but doesnt apply when I log into my workstation. The policy works when I put it in the root of the domain but not in the admin users OU that I have created and I cant seem to figure it out. I read that it might be a DNS issue (shocked to see). I moved my workstation to the server VLAN and still wasn't able to get the policy to apply. I am not sure what it would be on the workstation that would be different then the server. This is happening to more then one of our GPOs, I'm just trying to fix one at a time. Any one have ideas on this or seen it before?
It sounds like a computer vs. user setting. Have you made sure that you've set user preferences and not computer preferences?
check your OU and see if its correct
ASKER
The drive mapping are in preferences > Windows Settings > Drive Maps under User Configuration. I just dont get how it can work on my server but not work on the workstation. The GPO is under the Users and Groups OU that I have created.
ASKER
I ran the test using the group policy modeling tool and it comes back saying it is successful.
ASKER
The GPO works if I place it under the root of the domain, could it be something with the workstation accounts dont have the same access as the server accounts?
Perhaps... but it could be cause there is another policy taking precedence over it. For the policy in question, do you have it "Enforced"?
ASKER
I didnt before, I tried a this morning without any luck.
ASKER
Hope this helps a little
It works at the domain because it is applying to all users. Link it to the OU where your user account is and try it out.
Thanks
Mike
Thanks
Mike
ASKER
My account is under the privileged users OU which is where the admin configuration GPO is located and it doesnt work under the workstation, but still works under the server.
Perhaps... but it could be cause there is another policy taking precedence over it. For the policy in question, do you have it "Enforced"?
I didnt before, I tried a this morning without any luck.
If this is truly the case and you did Enforce it and it still didn't work then that leads me down the path of believing that it/you/OU/something is in the wrong location in AD/OUs.
ASKER
That is what I have been trying to figure out and why I posted the question.
Ignore this comment, answered my own question.
ASKER
I created a new OU called admins, I put my account in there made a new GPO called AdminSettings and used a VBScript to map the drives and still the workstation doesn't see it.
ASKER
Alright I got it to work just not the way i want it to. I put the script under the workstation OU and it seems to work. Its almost as if my OU structure is some how corrupt but I dont know where to begin on how to fix that.
If a *user* setting is being applied based on where the *computer* account is then that sounds as though you have Group Policy's Loopback Processing enabled in a GPO applied to your computer.
I think there's some confusion here. Are you using the SAME account to log on to the server and the workstation or are you using 2 different accounts? And where are these account(s) located? Same OU? Different OU?
You should not be worrying about applying the policy to any computer but only the user accounts.
You should not be worrying about applying the policy to any computer but only the user accounts.
ASKER
The account is mine, I use the same account to log into the server as the workstation. On the server everything works, on the workstation it doesnt see any GPOs under the users and group ou (which my account is under).
Use Resultant Set of Policy to see if you have got the Loopback Policy mode applied to that Workstation's account.
ASKER
I have checked RSOP, there are no loopback processing being done. I went through and disabled all the loopback processing that I before I made this post without luck.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am just going to use the Workstation OU since it seems to work that way even though I know its not right. This domain will be gone in 6 months anyways since our company is going through a merger.
Thanks
Mike