No announcement yet.

GPO not applying

  • Filter
  • Time
  • Show
Clear All
new posts

  • GPO not applying

    I've a bit of a wierd issue and was wondering if anyone can help point me in the right direction.

    I have a number of computers across our domains and subdomainds which do not apply group policies.

    In GPResult the group policies are shown as being applied, but it doesn't show as being a member of the security groups to apply the group policies.

    Windows XP SP3 32bit normally, Windows 2000/2003 domain

    Attempted Resolutions:

    Disabled Media Sense - didn't make a difference
    Rejoined machine to the domain - no change
    Gpupdate /force - no change
    set the computer to static IP - machines starts to deploy software/apply settings

    Error logs:

    Error reports keep saying that userenv can't be applied as the domain can't be contected and other errors along these lines...

  • #2
    Re: GPO not applying

    The errors you mention at the end sound like your problems started during the domain join. When you re-joined, did you reset the computer account in AD before the re-join?

    And was the join/re-join across a WAN link? Other discussions here talk about joins across WAN links like VPNs. To see if that's the issue, can you try physically bringing 1 PC to the same subnet as a DC and do a rejoin, thus:
    *-separate from domain
    *-reset computer account name in AD
    *-re-join computer

    Then see if your policies apply correctly. If that works, then Layer 2 traffic is your problem. Assuming you've got Cisco or Cisco-like managed equipment for your WAN links, try including an 'ip helper-address' entry where the PCs reside, and that points to your DC ip address (one entry for each DC IP address you have).
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **


    • #3
      Re: GPO not applying

      Thanks for the reply to this.

      The domain join was done across a WAN link and I did reset the domain account. The same errors were happening prior to the rejoin to the domain.

      I'll have a look on the DC's to see if theres any errors popping up there thoguh :


      • #4
        Re: GPO not applying

        Have you enabled Always wait for the network at computer startup and logon to the computer. This setting is located under Computer Configuration\Administrative Templates\System\Logon. Also, is slow link detection kicking in?

        MCITP sa, ea & va, [email protected]