Group policy not working on all computers.

ZoomerZoomer Member Posts: 126
For some reason, the group policy setting we put in place does not work on some systems even though they have been placed under the proper OU. For example, I can log in one computer and GPO logon scripts, file synchronization, folder redirection, etc will work. But when I log into one of the ones having problems, it won't work and will just login without any specific settings.

Any suggestions?

Comments

  • sthomassthomas Member Posts: 1,240 ■■■□□□□□□□
    Are your GPO's setup for users or computers? If you are trying to apply user settings to computer accounts do you have loopback processing enabled? Also, make sure you have the correct accounts in the OUs you have the GPO applied to and make sure no upper level GPO's are overriding your lower level GPOs.
    Working on: MCSA 2012 R2
  • ZoomerZoomer Member Posts: 126
    Yes, our settings are under users settings, but are all under the same GPO which is currently applied to both the Users OU and the Domain Controllers OU which also holds the other computers connected to the domain. So it's possible that user settings are conflicting with computer accounts.

    Would it be easier to just create a seperate GPO with the user settings and place that in the user OU? Since those seem to be the settings that tend to not work on all of the computers. User settings include logon/logoff scripts and folder redirection.

    Also, would it be alright to apply loopback processing to all the computers currently under the domain (only 10)?
  • sthomassthomas Member Posts: 1,240 ■■■□□□□□□□
    Are you using the same user account to login to both computers, the one that you say is working and the one that is not? If you have all of the user accounts in the OU that the GPO is applied to the all should apply it to any computer in the domain. Unless you have security set to deny a certain user or group to apply that GPO.
    Working on: MCSA 2012 R2
  • NetstudentNetstudent Member Posts: 1,693 ■■■□□□□□□□
    go to the machine is question and do a gpupdate at the command prompt...Then check event viewer for any GPO related events. AFter issuing that command, you should get some policy success or failure notices in event viewer. Also check that Windows mangement instrumentation service is running on those machines.
    There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
  • AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    Running GPResult might be a bit quicker/easier than parsing logs, should give you what you're looking for.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • TechJunkyTechJunky Member Posts: 881
    +1 for GPresult
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    Your Event Viewer will give you some hints on domain GPO problems, almost all of the time.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • WorktruckWorktruck Member Posts: 15 ■□□□□□□□□□
    You can also use the Group Policy Management Console and run the Group Policy Results wizard on the PC and the account if the PC is at least running XP. This will give you all the information about what policy have been applied or denied, the settings, and any events related to GP. I used it a lot back when I dealt with roaming profiles and folder redirection it was a big help.
  • ZoomerZoomer Member Posts: 126
    Yeah, checking the event viewer helped. I found out that some computers had McAfee firewall installed and it was blocking the DC. Disabled it, ran a gpupdate /force and it worked! Thanks everyone.
  • NetstudentNetstudent Member Posts: 1,693 ■■■□□□□□□□
    And who said Microsoft sucked?
    There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    ^ Now McAfee, on the other hand...
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
Sign In or Register to comment.