[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1020
  • Last Modified:

Unable to apply group policies to remote sites

Hi all,

We have an environment whereby we have many sites around the globe. Our main PDC is based in UK and policies set to machines within UK are working great.

Issue is for remote sites, I am unable to apply any group policies, infact the only ones that apply are the default domain policy and any enforced policies.

I have created a custom gpo that adds local machine policies at the top level, it shows within the machine using gpresult but always shows as empty.

Sysvol is showing my custom policies however they are not applied,

PDC is on windows 2008 but the domain type is still running Windows 2000.

Here is an extract of a gpresult from an XP workstation at a remote site in Australia


Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\user>gpresult

Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 24/08/2012 at 12:12:50 AM


RSOP results for domainname\user on machinename : Logging Mode
-----------------------------------------------------------

OS Type:                     Microsoft Windows XP Professional
OS Configuration:            Member Workstation
OS Version:                  5.1.2600
Domain Name:                 DomainName
Domain Type:                 Windows 2000
Site Name:                   Sydney
Roaming Profile:
Local Profile:               C:\Documents and Settings\Username
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
    CN=OPTIPLEX,CN=Computers,DC=domain,DC=co,DC=uk
    Last time Group Policy was applied: 24/08/2012 at 12:09:07 AM
    Group Policy was applied from:      Server.fqdn.co.uk
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
     
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The computer is a part of the following security groups:
    --------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        Debugger Users
        BUILTIN\Users
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        MACHINENAME
        Domain Computers


USER SETTINGS
--------------
    CN=User Name,OU=Australiaou,OU=customgroup,DC=domain,DC=co,DC=uk
    Last time Group Policy was applied: 24/08/2012 at 12:09:07 AM
    Group Policy was applied from:      Server.fqdn.co.uk
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy    

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups:
    ----------------------------------------------------
        Domain Users
        Everyone
        Debugger Users
        BUILTIN\Administrators
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        LOCAL
       
Any ideas where I am going wrong?
0
Mikoyan_2010
Asked:
Mikoyan_2010
1 Solution
 
Will SzymkowskiSenior Solution ArchitectCommented:
On one of the machines that you having this issue with have you done a rsop.msc and taken a look to see if there are any error messages? Also check the Event Viewer to see if there are any policies processing issues.

Also take a look at top 10 reason's why GPO's do not apply..
http://www.windowsnetworking.com/articles_tutorials/Top-10-Reasons-Why-Group-Policy-Fails-to-Apply-Part1.html

Also see parts 2 and 3.
0
 
Mikoyan_2010Author Commented:
Great link thanks, I managed to get this working using the rsop, it eventually worked as I had the incorrect security group assigned
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now