Announcement

Collapse
No announcement yet.

GP issue

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • GP issue

    I have a w2k3 sp2 r2 server that is my BDC. I have Grp Policy Manager installed on it and it is my my main server i use to edit and Distribute group policys.

    I have a windows xp sp3 environment. We have created a GP to limit internet access through using a fake ratings system and a list of "allowed" sites from the Internet security GP.
    Recently, users who are normally blocked from access are now getting through and i have no idea why. The password has not been leaked to turn off that function and i run the Grouppolicy wizard and my GP's are getting applied.

    Any suggestions would be appreciated.
    Many thanks in advance

  • #2
    Re: GP issue

    there is a good chance it is b/c of the SP3, SP3 has few issues with Group Policy and DHCP issues (and few other things) , try removing on one of those workstation the SP3 and see if that solves the problem.
    if it does then there is probably a fix for that to SP3, but for isolating the problem remove the SP3 from one of the problematic WS and see if that is the cuz'

    Comment


    • #3
      Re: GP issue

      No dice on the sp3 issue. Can the desktop be reauthorized to the domain with out adding and removing them from the domain?

      Comment


      • #4
        Re: GP issue

        It can, but the best way is to remove and re-add. It dots all the i's and crosses the t's whereas other methods can miss some stuff out.

        Have you run a GPResult to make sure there is no conflicting policy being applied?

        By the way - your Windows 2k3 server is NOT a BDC - there is no such thing unless your PDC is Windows NT4? And I doubt that very much... you're using Group Policy! This server is a Domain Controller; as are all the other DC servers you run. It can do all the functions of any of the other DCs except perhaps some or all of the FSMO roles may be elsewhere.
        Last edited by Stonelaughter; 14th July 2008, 22:17.


        Tom
        For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

        Anything you say will be misquoted and used against you

        Comment


        • #5
          Re: GP issue

          another way to debug the GP is by going into the XP machine to C:\Windows\debug\userenv.log
          BTW - GPOs , when edited , they are edited on the PDCE, not from any DC or at least the DC needs connectivity to the PDCE Server.

          Comment


          • #6
            Re: GP issue

            i just find cannot process autoexe.bat error messages. Nothing that stands out.

            is there an error in event viewer i should look for? I really cannot find anything wrong. i Just remove and added a user back to my domain. no luck.
            Took a brand new machine out of the box added it to the domain. did noy gert rules.

            does anyone also know a good proxy tool that can also get the job done?
            something that allows access levels.

            Thanks for your responses and insight.

            Comment


            • #7
              Re: GP issue

              Originally posted by Akila View Post
              BTW - GPOs , when edited , they are edited on the PDCE, not from any DC or at least the DC needs connectivity to the PDCE Server.
              It's GPMC thing - it always defaults to PDCE.
              You can edit GPOs on a DC that is not PDCE even if PDC is down. All you need is to point the GPMC to a specific DC. In general you should not do that, as this increases the risk of the same GPO being edited at the same time at two different places, but in special cases (i.e.: PDCE is down and you HAVE to change a GPO) that will do the trick.
              Guy Teverovsky
              "Smith & Wesson - the original point and click interface"

              Comment


              • #8
                Re: GP issue

                heem, good to know it's a GPMC thing.

                Comment


                • #9
                  Re: GP issue

                  found message in userlog:

                  Local GPO's gpt.ini is not accessible, assuming default state

                  how do i fix ????

                  thanks

                  Comment


                  • #10
                    Re: GP issue

                    ok, can u check
                    If computer has correct DNS settings
                    try to access \\domainname\sysvol
                    Check the default userpolicy and computer policy has authenticated users to read it under GPMC.

                    Comment


                    • #11
                      Re: GP issue

                      is there a procedure on how to do that?

                      i have created my own default policy since the previous one had bad information

                      Comment

                      Working...
                      X