Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Group Policys not being applied on upgraded network

  • Filter
  • Time
  • Show
Clear All
new posts

  • Group Policys not being applied on upgraded network

    Network was 2 2003 R2 AD DC's. Not a whole lot in the GP's changed other then WSUS server and settings and a couple things here and there. Added a new 2008 R2 AD GC and the policies correctly got applied like they should have. added a couple more 2008 R2 member servers and again policies worked. I then changed out the WSUS server. Once I did I updated the GPO from within 2008 R2 with the new server address. The changes did not replicate. I tried doing a gpupdate /force on some of the servers and again the changes did not get applied.

    So I went back to the 2003 R2 machine, right clicked my domain in ADCU and clicked properties. I went to the Group Lolicy tab and clicked edit just to make sure my changes were in there and they were. So the GPO itself (just the "Default Domain Policy") is correct from both the Group Policy Management snap in on 2008 R2 and from the editor on 2003 R2.

    At this point since I have very little in the policy I couldn't just recreate I decided to restore the defaults. On the 2008 R2 box I do a "gpfixgpo" and reset the policies back to default. Once that's done I went into both the "Default Domain Policy" and the "Default Domain Controller Policy" and added my WSUS settings back in leaving everything else alone. I go to the 2003 R2 box and check the policy and I see it's reset other then the WSUS. So I do a gpupdate /force on a couple machines then run gpedit.msc to see the changes. Again nothing changed.

    Now I'm thinking maybe just part of the policy isn't working, like jsut the database that holds WSUS and that section. So I go in and add a policy to rename the guest account to something else, save the policy, force a refresh again and still nothing get's applied.

    I've double and triple checked almost everything and I can't figure this out. The policy changes are replicating to all the DC's but none are being applied. I've verified that both the default DC and the default domain policies are enabled, the DC policy has "no override" switch on. I checked the security and the "Authenticated Users" group has both "read" and "apply group policy" on allow ("apply group policy" was NOT on allow for domain and enterprise admins so I tried adding that and forcing with no help). I've edited a policy and watched the version number in the GPT.ini file increment each time I make a edit so it knows there being changed. I even created a new GPO called "WSUS Settings" (changing only the WSUS settings...) and linked it to the domain controllers OU, removed the default DC policy, and enabled it so it was the only policy. I watched the GUID folder get created on the DC and then saw it replicate to the others. I then tried another gpupdate /force and again nothing.

    Any ideas? Everything else is working on the domain, repadmin /replsummary comes back with 0 errors, dcdiag /a comes back clean. I can't figure this out.