Announcement

Collapse
No announcement yet.

problems with computer GPO

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • problems with computer GPO

    Hello,

    At first hand I'm gonna say that I'm new at this. I'm learning this and I'm setting up a server to test with.

    Ok so far I've set up an active directory and so far so good but I noticed my GPO fo the computers wheren't applying.
    I found this out by running gpreport under a users account.

    The strange thing is gpreport does not mention (not even that it's blocked) the GPO for the computer it's like it does not excist.
    the even stranger this is when i run gpreport under the admin account it does mention it and it even applies. I can't seem to figure out why this is because as far as I know the standard user accounts have the rights to read the computer policy.

    the active directory is set up like this:
    Code:
    domain.local
      Builtin
      Computers
      Domain Controllers
      ForeignSecurityPrincipals
      Users
      Harvin << OU I'm using.
        LAN
          Computers << all the computer accounts
          Groups << all the groups
          Users << all the users
    I have 2 GPO's 1 for users and 1 for computers seperatly. the GPO for computers is in harvin/lan/computers and the one for users in harvin/lan/users.

    for the computer GPO I configured the group LAN_computers to have read and execute rights.
    for the users GPO I configured the group LAN_users to have read and execute rights.

    now when I login with one of the lan_user accounts it finds and applies the users GPO but not the computer GPO.
    When I log on with admin account it finds and applies both.


    Could someone help me? Please let me know if you need more information and what information you need.


    thanks in advance

    ########
    EDIT
    ########
    I'm using Windows server 2003 by the way.
    Last edited by Rems; 9th March 2010, 23:23.

  • #2
    Re: problems with computer GPO

    Okay, so you have a GPO for your computers called ComputerGPO (for example).

    I assume this GPO is linked the LAN >> Computers OU?

    Have you set any Security Filtering or have you amended anything in the Delegation tab?

    In the security filtering section ensure the following is there:

    Authenticated Users

    At the very minimum in your Delegation tab you should have

    Authenticated Users (Read)
    Enterprise Admins (Edit settings, delete, modify security)
    Domain Admins (Edit settings, delete, modify security)
    SYSTEM (Edit settings, delete, modify security)

    Try this configuration and report back, also on a problem PC from a command prompt run gpresult and post the contents here as this may help

    Last edited by Hanley; 5th March 2010, 15:21.

    Comment


    • #3
      Re: problems with computer GPO

      thanks for the fast reply.


      Below there are 3 files, 1 is a screenshot of "group policy management" showing delegations and stuf. The other 2 links are 2 html outputs of gpresult /H. 1 running it as admin and 1 running it as a user.

      http://www.file-upload.net/download-...dmin.html.html
      http://www.file-upload.net/download-...user.html.html
      Last edited by marriej; 5th March 2010, 16:26.

      Comment


      • #4
        Re: problems with computer GPO

        Please repost as a graphic (jpg) file -- most readers will not download an unknowN zip file which could contain any virus or malware you could name!!!!!
        Last edited by Ossian; 5th March 2010, 16:18.
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: problems with computer GPO

          What settings are not applying from your computers GPO?

          Looking at that it appears to be applying okay.
          Last edited by Hanley; 5th March 2010, 16:18.

          Comment


          • #6
            Re: problems with computer GPO

            for the admin it does but not for the user, look where it says: "No data available."
            Last edited by marriej; 5th March 2010, 16:27.

            Comment


            • #7
              Re: problems with computer GPO

              Apologies if I'm completely missing the point here.

              There is no computer configuration information in your User GPO.

              Comment


              • #8
                Re: problems with computer GPO

                should there be?

                I have 2 different GPO's 1 with user configurations and 1 with configurations for the computers.

                ####
                edit
                ####
                Also if I put computer configuration in the user GPO is doesn't show up.

                Comment


                • #9
                  Re: problems with computer GPO

                  Okay I just re-read your intial post.

                  For the computer GPO, on the Scope tab remove LAN_Computers

                  Just add Authenticated Users back in the list and try again.

                  Comment


                  • #10
                    Re: problems with computer GPO

                    Did that, but didn't work.

                    Also I dont think that's the problem because it does apply when i log into the same computer as an admin.

                    Comment


                    • #11
                      Re: problems with computer GPO

                      Okay

                      Log into the computer as a non admin user.

                      Open a command prompt

                      Type gpresult > c:\gpresult.txt

                      Paste the results on here.

                      Comment


                      • #12
                        Re: problems with computer GPO

                        I'm guessing you mean this:

                        http://www.file-upload.net/download-...user.html.html

                        Comment


                        • #13
                          Re: problems with computer GPO

                          No you're running that from Group Policy Management Console aren't you?

                          Open a command prompt and type gpresult > c:\gpresult.txt

                          The resut will be a text file on your C drive called gpresult.txt

                          This will give details about what policies have been applied, what policies have beend enied due to security filtering etc

                          Post the results on here.

                          Comment


                          • #14
                            Re: problems with computer GPO

                            No I'm running that from CMD with:
                            gpresult /H gp.html
                            gpresult > gp.txt just gives you the reply you get when you type gpresult. (all the arguments)

                            Anyways when I use the tool group policy modeling in Group policy management and let it EMULATE the standard user account on the same computer it works as it's suppoased to.
                            This again makes me believe It's a rights problem BUT, it also work when i put all the configurations in one file. (so when i put the user and computer configuration in 1 GPO) When i do this the user configuration get read but not the computer configuration. Also I can just browse to the GPO files and open them with notepad so I have read & execute rights.

                            The problem is I just can't think of a reason why a standard account doesn't SEE the GPO and the admin account does. (This is why GPresult wont help you very much, it does NOT mention the GPO at all wen I use a non admin account)

                            Comment


                            • #15
                              Re: problems with computer GPO

                              Hey guys I just got this error running: RSOP.MSC



                              what permission could that be?

                              Comment

                              Working...
                              X