Announcement

Collapse
No announcement yet.

2008 R2 GPO Questions

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • 2008 R2 GPO Questions

    Hi all. We just upgraded the domain to W2K8R2 and we wanted to implement the new GPO goodness... drive maps, printers, etc. and get away from scripts. I'm having some issues and questions in my sandbox though.

    I'm attempting to map department drives by targeting department group OU. Example: G_Administration. Things work as expected using the CREATE option and the drives show up without issue.

    Question: Joe Pencilpusher is demoted to Materials Management for updating his Facebook account too often. I remove him from the G_Administration group but the drive is still mapped on his workstation. He can't access it due to permissions but the drive still shows up. Plus the user gets the "Could not reconnect all network drives" pop-up. How do I make the removal of no longer targeted drives work without us administering it all the time? Do I remove all mapped drives first and then let the GPO map the appropriate drives?

    Question: Shared printers seemed to work hit and miss. Is there something else to consider other than the share name? Plus the same goes with printers. Joe shouldn't have access to the G_Administration printer anymore. How do we delete that via GPO.

    The sticky links do not seem to point to any new 2008 R2 materials.

  • #2
    Re: 2008 R2 GPO Questions

    Does the GPO created for mapping a drive have the 'reconnect' option checked? I believe that can leave settings behind on the profile. Furthermore, I would be tempted to use the replace option. It will replace any drives that are already present but create one, if it isn't. I don't tend to check the 'reconnect' option.

    With regards to shared printers, it may be down to printer drivers on the local workstation or print server. Are the Windows 7 drivers on the printer server? Is the intermittent printer mapping only certain machines? Is it just effecting certain users logging onto different machines? Does it just work for local administrators?

    Comment


    • #3
      Re: 2008 R2 GPO Questions

      Hi,

      You might want to check the group membership if he's inheriting it from the groups under those ou.
      Thanks & Regards
      v-2nas

      MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
      Sr. Wintel Eng. (Investment Bank)
      Independent IT Consultant and Architect
      Blog: http://www.exchadtech.blogspot.com

      Show your appreciation for my help by giving reputation points

      Comment


      • #4
        Re: 2008 R2 GPO Questions

        Thank you for the clarification on the "replace" and "reconnect" options. I'll experiment with those.

        We have mainly XP machines and a 2008 R2 machine sharing printers. We're currently using scripts to give users their printers so I don't think drivers would be an issue.

        We have an old GP from the server 2003 domain. I blocked inheritence of that policy. I think I'm going to remove the GP link anyway. The folks before me created it.

        Comment


        • #5
          Re: 2008 R2 GPO Questions

          No problem. Removing old GPOS may not necessarily mean that the settings are removed. There are various options that can be set when a GPO falls out the scope of management, so worth googling and reviewing. Testing on a fresh image that is guaranteed not to have received the old GPOs rolled out may be the way to go. Also, on a client PC, run: gpresult /h gporesults.html from a command prompt and review the GPOs and settings being rolled out.

          Comment


          • #6
            Re: 2008 R2 GPO Questions

            I'm just not having any luck. Here's a screenshot of the setup:



            I have the "Default V1.0" disabled, the user I'm logging in with is in the "Test Users" OU, "Map Drives", "Printers", and "Shortcuts" are doing nothing... even though they worked when the user was in the "GPO Test" OU. Any idea what I'm doing wrong here?

            Comment


            • #7
              Re: 2008 R2 GPO Questions

              Does it work still if they are moved back to the GPO test OU? It will be worth verifying tht the policies are actually being applied. Carry out the gpresults /h gporesults.html command and then post the results here. It will show the computer and user settings applying.

              Also, what OS is the desktops and service pack level?

              Comment


              • #8
                Re: 2008 R2 GPO Questions

                Originally posted by Virtual View Post
                Does it work still if they are moved back to the GPO test OU? It will be worth verifying tht the policies are actually being applied. Carry out the gpresults /h gporesults.html command and then post the results here. It will show the computer and user settings applying.

                Also, what OS is the desktops and service pack level?
                This is a fully patched, fresh install of WinXP SP3.

                I see the GPO is hitting but it's not doing what I ask:

                Applied Group Policy Objects
                -----------------------------
                Default Policy
                Map Drives
                Printers
                Shortcuts


                I see the report says the disabled GP is being skipped. I _REALLY_ need to get the drive mappings working.

                Here's B Money's memberships!



                Thanks for the advice/help!

                Code:
                Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
                Copyright (C) Microsoft Corp. 1981-2001
                
                Created On 12/15/2010 at 12:31:35 PM
                
                
                RSOP results for TEST\bmoney on WINXP1 : Logging Mode
                ------------------------------------------------------
                
                OS Type:                     Microsoft Windows XP Professional
                OS Configuration:            Member Workstation
                OS Version:                  5.1.2600
                Domain Name:                 TEST
                Domain Type:                 Windows 2000
                Site Name:                   Default-First-Site-Name
                Roaming Profile:             
                Local Profile:               C:\Documents and Settings\bmoney
                Connected over a slow link?: No
                
                
                COMPUTER SETTINGS
                ------------------
                    CN=WINXP1,CN=Computers,DC=TEST,DC=org
                    Last time Group Policy was applied: 12/15/2010 at 12:28:12 PM
                    Group Policy was applied from:      DC2.TEST.org
                    Group Policy slow link threshold:   500 kbps
                
                    Applied Group Policy Objects
                    -----------------------------
                        N/A
                
                    The following GPOs were not applied because they were filtered out
                    -------------------------------------------------------------------
                        TEST Default Domain Policy v1.0
                            Filtering:  Disabled (Link)
                
                        Local Group Policy
                            Filtering:  Not Applied (Empty)
                
                    The computer is a part of the following security groups:
                    --------------------------------------------------------
                        BUILTIN\Administrators
                        Everyone
                        BUILTIN\Users
                        NT AUTHORITY\NETWORK
                        NT AUTHORITY\Authenticated Users
                        WINXP1$
                        Domain Computers
                        
                    Resultant Set Of Policies for Computer:
                    ----------------------------------------
                
                        Software Installations
                        ----------------------
                            N/A
                
                        Startup Scripts
                        ---------------
                            N/A
                
                        Shutdown Scripts
                        ----------------
                            N/A
                
                        Account Policies
                        ----------------
                            N/A
                
                        Audit Policy
                        ------------
                            N/A
                
                        User Rights
                        -----------
                            N/A
                
                        Security Options
                        ----------------
                            N/A
                
                        Event Log Settings
                        ------------------
                            N/A
                
                        Restricted Groups
                        -----------------
                            N/A
                
                        System Services
                        ---------------
                            N/A
                
                        Registry Settings
                        -----------------
                            N/A
                
                        File System Settings
                        --------------------
                            N/A
                
                        Public Key Policies
                        -------------------
                            N/A
                
                        Administrative Templates
                        ------------------------
                            N/A
                
                
                USER SETTINGS
                --------------
                    CN=B Money,OU=TEST Users,DC=TEST,DC=org
                    Last time Group Policy was applied: 12/15/2010 at 12:28:28 PM
                    Group Policy was applied from:      DC2.TEST.org
                    Group Policy slow link threshold:   500 kbps
                
                    Applied Group Policy Objects
                    -----------------------------
                        Default Policy
                        Map Drives
                        Printers
                        Shortcuts
                
                    The following GPOs were not applied because they were filtered out
                    -------------------------------------------------------------------
                        TEST Default Domain Policy v1.0
                            Filtering:  Disabled (Link)
                
                        Local Group Policy
                            Filtering:  Not Applied (Empty)
                
                    The user is a part of the following security groups:
                    ----------------------------------------------------
                        Domain Users
                        Everyone
                        BUILTIN\Users
                        NT AUTHORITY\INTERACTIVE
                        NT AUTHORITY\Authenticated Users
                        LOCAL
                        G_MM_SG
                        G_FS_SG
                        G_ADMINISTRATION_SG
                        
                    Resultant Set Of Policies for User:
                    ------------------------------------
                
                        Software Installations
                        ----------------------
                            N/A
                
                        Public Key Policies
                        -------------------
                            N/A
                
                        Administrative Templates
                        ------------------------
                            GPO: Default Policy
                                Setting: Software\Policies\Microsoft\Windows NT\Printers\Wizard
                                State:   Enabled
                
                            GPO: Default Policy
                                Setting: Software\Microsoft\Windows\CurrentVersion\Policies\System
                                State:   Enabled
                
                            GPO: Default Policy
                                Setting: Software\Policies\Microsoft\Messenger\Client
                                State:   Enabled
                
                            GPO: Default Policy
                                Setting: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
                                State:   Enabled
                
                            GPO: Default Policy
                                Setting: Software\Policies\Microsoft\Messenger\Client
                                State:   Enabled
                
                        Folder Redirection
                        ------------------
                            N/A
                
                        Internet Explorer Browser User Interface
                        ----------------------------------------
                            GPO: TEST Default Domain Policy v1.0
                                Large Animated Bitmap Name:      N/A
                                Large Custom Logo Bitmap Name:   N/A
                                Title BarText:                   N/A
                                UserAgent Text:                  N/A
                                Delete existing toolbar buttons: No
                
                        Internet Explorer Connection
                        ----------------------------
                            HTTP Proxy Server:   192.168.0.240:8080
                            Secure Proxy Server: 192.168.0.240:8080
                            FTP Proxy Server:    192.168.0.240:8080
                            Gopher Proxy Server: 192.168.0.240:8080
                            Socks Proxy Server:  192.168.0.240:8080
                            Auto Config Enable:  No
                            Enable Proxy:        No
                            Use same Proxy:      Yes
                
                        Internet Explorer URLs
                        ----------------------
                            GPO: TEST Default Domain Policy v1.0
                                Home page URL:           N/A
                                Search page URL:         N/A
                                Online support page URL: N/A
                
                        Internet Explorer Security
                        --------------------------
                            Always Viewable Sites:     N/A
                            Password Override Enabled: False
                
                            GPO: TEST Default Domain Policy v1.0
                                Import the current Content Ratings Settings:      No
                                Import the current Security Zones Settings:       No
                                Import current Authenticode Security Information: No
                                Enable trusted publisher lockdown:                No
                
                        Internet Explorer Programs
                        --------------------------
                            GPO: TEST Default Domain Policy v1.0
                                Import the current Program Settings: No
                Last edited by Griminal; 15th December 2010, 18:48. Reason: Added pic

                Comment


                • #9
                  Re: 2008 R2 GPO Questions

                  Hi,

                  Please install client side extension since you are running win xp. First test on one machine

                  Here is the article
                  http://exchadtech.blogspot.com/2010/...rver-2008.html

                  Information about new Group Policy preferences in Windows Server 2008
                  http://support.microsoft.com/kb/943729
                  Thanks & Regards
                  v-2nas

                  MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
                  Sr. Wintel Eng. (Investment Bank)
                  Independent IT Consultant and Architect
                  Blog: http://www.exchadtech.blogspot.com

                  Show your appreciation for my help by giving reputation points

                  Comment


                  • #10
                    Re: 2008 R2 GPO Questions

                    Originally posted by v-2nas View Post
                    Hi,

                    Please install client side extension since you are running win xp. First test on one machine

                    Here is the article
                    http://exchadtech.blogspot.com/2010/...rver-2008.html

                    Information about new Group Policy preferences in Windows Server 2008
                    http://support.microsoft.com/kb/943729

                    CRAP!!!

                    This is a clean machine and I forgot that! I can't believe I did that. Senility is hard to deal with!!

                    Thanks guys.... I'll install and post back my results!

                    Comment


                    • #11
                      Re: 2008 R2 GPO Questions

                      Good luck!

                      Comment

                      Working...
                      X