Group policy not working on all computers.

Zoomer

For some reason, the group policy setting we put in place does not work on some systems even though they have been placed under the proper OU. For example, I can log in one computer and GPO logon scripts, file synchronization, folder redirection, etc will work. But when I log into one of the ones having problems, it won't work and will just login without any specific settings.

Any suggestions?

sthomas

Are your GPO's setup for users or computers? If you are trying to apply user settings to computer accounts do you have loopback processing enabled? Also, make sure you have the correct accounts in the OUs you have the GPO applied to and make sure no upper level GPO's are overriding your lower level GPOs.

Zoomer

Yes, our settings are under users settings, but are all under the same GPO which is currently applied to both the Users OU and the Domain Controllers OU which also holds the other computers connected to the domain. So it's possible that user settings are conflicting with computer accounts.

Would it be easier to just create a seperate GPO with the user settings and place that in the user OU? Since those seem to be the settings that tend to not work on all of the computers. User settings include logon/logoff scripts and folder redirection.

Also, would it be alright to apply loopback processing to all the computers currently under the domain (only 10)?

sthomas

Are you using the same user account to login to both computers, the one that you say is working and the one that is not? If you have all of the user accounts in the OU that the GPO is applied to the all should apply it to any computer in the domain. Unless you have security set to deny a certain user or group to apply that GPO.

Netstudent

go to the machine is question and do a gpupdate at the command prompt...Then check event viewer for any GPO related events. AFter issuing that command, you should get some policy success or failure notices in event viewer. Also check that Windows mangement instrumentation service is running on those machines.

Ahriakin

Running GPResult might be a bit quicker/easier than parsing logs, should give you what you're looking for.

TechJunky

+1 for GPresult

blargoe

Your Event Viewer will give you some hints on domain GPO problems, almost all of the time.

Worktruck

You can also use the Group Policy Management Console and run the Group Policy Results wizard on the PC and the account if the PC is at least running XP. This will give you all the information about what policy have been applied or denied, the settings, and any events related to GP. I used it a lot back when I dealt with roaming profiles and folder redirection it was a big help.

Zoomer

Yeah, checking the event viewer helped. I found out that some computers had McAfee firewall installed and it was blocking the DC. Disabled it, ran a gpupdate /force and it worked! Thanks everyone.

Netstudent

And who said Microsoft sucked?

blargoe

^ Now McAfee, on the other hand...