Problem with GPresult /RSOP

Home Forums Microsoft Networking and Management Services GPO Problem with GPresult /RSOP

This topic contains 8 replies, has 3 voices, and was last updated by Avatar Anonymous 10 years, 3 months ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • Avatar
    paul1984
    Member
    #144865

    Hi all,

    I’m new to this forum but I have an question about GPO and RSOP.
    Few days ago we had to block for some users the Internet access.
    We created an GPO blocked, we blocked the internet of creating an policy to set the proxy at 127.0.0.1 and it worked all fine.

    I created an OU Blocked and linked the GPO to it.
    I put the users in it and all works fine. No problems till now!:smile:

    Also I moved my own username in the in the OU for testing, after I noticed all was OK, I moved my username back to the default OU which has further no policies except the default domain policy.

    When I’m now running gpresult /v I can see that the policies are not applied anymore but in the Resultant of Policy the settings still shows up?
    How come? How can I clean this. Also the firewall client still remains even also this GPO is not used anymore….

    Hopefulyl some can help me.
    Thank you.

    Hereby my GP result. I have made red what I mean.

    RSOP data for ***pven on IT-PAUL : Logging Mode


    OS Configuration: Member Workstation
    OS Version: 6.1.7100
    Site Name: Default-First-Site-Name
    Roaming Profile: [URL=”file://\fileserver01profiles$pven.V2″]fileserver01profiles$pven.V2[/URL]
    Local Profile: C:Userspven
    Connected over a slow link?: Yes

    COMPUTER SETTINGS


    CN=IT-PAUL,OU=Test,OU=BelfeldOffice,OU=***,DC=***e,DC=local
    Last time Group Policy was applied: 10/1/2009 at 9:00:22 AM
    Group Policy was applied from: ***
    Group Policy slow link threshold: 500 kbps
    Domain Name: ***
    Domain Type: Windows 2000
    Applied Group Policy Objects


    WSUS
    Default Domain Policy
    The following GPOs were not applied because they were filtered out


    Local Group Policy
    Filtering: Not Applied (Empty)
    The computer is a part of the following security groups


    BUILTINAdministrators
    Everyone
    BUILTINUsers
    NT AUTHORITYNETWORK
    NT AUTHORITYAuthenticated Users
    This Organization
    IT-PAUL$
    Domain Computers
    System Mandatory Level
    Resultant Set Of Policies for Computer


    Software Installations



    GPO: N/A
    Name: Microsoft Firewall Client
    Version: 3.0
    Deployment State: Assigned
    Source: C:Program FilesMicrosoft ISA ServerCLIENTS
    MS_FWC.MSI
    AutoInstall: True
    Origin: Applied Application
    Startup Scripts


    N/A
    Shutdown Scripts


    N/A
    Account Policies


    GPO: Default Domain Policy
    Policy: MaximumPasswordAge
    Computer Setting: 42
    GPO: Default Domain Policy
    Policy: MinimumPasswordAge
    Computer Setting: 1
    GPO: Default Domain Policy
    Policy: LockoutBadCount
    Computer Setting: N/A
    GPO: Default Domain Policy
    Policy: PasswordHistorySize
    Computer Setting: 24
    GPO: Default Domain Policy
    Policy: MinimumPasswordLength
    Computer Setting: 4
    Audit Policy


    N/A
    User Rights


    N/A
    Security Options


    GPO: Default Domain Policy
    Policy: PasswordComplexity
    Computer Setting: Not Enabled
    GPO: Default Domain Policy
    Policy: ClearTextPassword
    Computer Setting: Not Enabled
    GPO: Default Domain Policy
    Policy: ForceLogoffWhenHourExpire
    Computer Setting: Not Enabled
    GPO: Default Domain Policy
    Policy: RequireLogonToChangePassword
    Computer Setting: Not Enabled
    N/A
    Event Log Settings


    N/A
    Restricted Groups


    N/A
    System Services


    N/A
    Registry Settings


    N/A
    File System Settings


    N/A
    Public Key Policies


    N/A
    Administrative Templates


    GPO: WSUS
    KeyName: SoftwarePoliciesMicrosoftWindowsWindowsUpdateA
    UScheduledInstallTime
    Value: 10, 0, 0, 0
    State: Enabled
    GPO: WSUS
    KeyName: SoftwarePoliciesMicrosoftWindowsWindowsUpdateA
    URebootRelaunchTimeoutEnabled
    Value: 1, 0, 0, 0
    State: Enabled
    GPO: WSUS
    KeyName: SoftwarePoliciesMicrosoftWindowsWindowsUpdateA
    UNoAutoUpdate
    Value: 0, 0, 0, 0
    State: Enabled
    GPO: WSUS
    KeyName: SoftwarePoliciesMicrosoftWindowsWindowsUpdateA
    UUseWUServer
    Value: 1, 0, 0, 0
    State: Enabled
    GPO: WSUS
    KeyName: SoftwarePoliciesMicrosoftWindowsWindowsUpdateW
    UStatusServer
    Value: 104, 0, 116, 0, 116, 0, 112, 0, 58, 0, 47, 0, 47, 0
    , 116, 0, 101, 0, 115, 0, 116, 0, 115, 0, 101, 0, 114, 0, 118, 0, 101, 0, 114, 0
    , 0, 0
    State: Enabled
    GPO: WSUS
    KeyName: SoftwarePoliciesMicrosoftWindowsWindowsUpdateA
    URebootRelaunchTimeout
    Value: 160, 5, 0, 0
    State: Enabled
    GPO: WSUS
    KeyName: SoftwarePoliciesMicrosoftWindowsWindowsUpdateA
    UAUOptions
    Value: 4, 0, 0, 0
    State: Enabled
    GPO: WSUS
    KeyName: SoftwarePoliciesMicrosoftWindowsWindowsUpdateW
    UServer
    Value: 104, 0, 116, 0, 116, 0, 112, 0, 58, 0, 47, 0, 47, 0
    , 116, 0, 101, 0, 115, 0, 116, 0, 115, 0, 101, 0, 114, 0, 118, 0, 101, 0, 114, 0
    , 0, 0
    State: Enabled
    GPO: Default Domain Policy
    KeyName: SoftwarePoliciesMicrosoftWindowsSystemAddAdmin
    GroupToRUP
    Value: 1, 0, 0, 0
    State: Enabled
    GPO: WSUS
    KeyName: SoftwarePoliciesMicrosoftWindowsWindowsUpdateA
    UNoAutoRebootWithLoggedOnUsers
    Value: 1, 0, 0, 0
    State: Enabled
    GPO: WSUS
    KeyName: SoftwarePoliciesMicrosoftWindowsWindowsUpdateA
    UScheduledInstallDay
    Value: 0, 0, 0, 0
    State: Enabled

    USER SETTINGS


    CN=Paul van de Ven,OU=Recover Policy,OU=BelfeldOffice,OU=***,DC=***e,DC=local
    Last time Group Policy was applied: 10/1/2009 at 9:00:50 AM
    Group Policy was applied from: doco01.***.local
    Group Policy slow link threshold: 500 kbps
    Domain Name: ***
    Domain Type: Windows 2000
    Applied Group Policy Objects


    Default Domain Policy
    The following GPOs were not applied because they were filtered out


    Local Group Policy
    Filtering: Not Applied (Empty)
    Restore Policy
    Filtering: Not Applied (Empty)
    The user is a part of the following security groups


    Domain Users
    Everyone
    BUILTINAdministrators
    BUILTINUsers
    NT AUTHORITYINTERACTIVE
    CONSOLE LOGON
    NT AUTHORITYAuthenticated Users
    This Organization
    LOCAL
    rsAdmin
    *** Mailusers
    Domain Admins
    ICT
    DHCP Administrators
    WebProject
    High Mandatory Level
    The user has the following security privileges


    Bypass traverse checking
    Manage auditing and security log
    Back up files and directories
    Restore files and directories
    Change the system time
    Shut down the system
    Force shutdown from a remote system
    Take ownership of files or other objects
    Debug programs
    Modify firmware environment values
    Profile system performance
    Profile single process
    Increase scheduling priority
    Load and unload device drivers
    Create a pagefile
    Adjust memory quotas for a process
    Remove computer from docking station
    Perform volume maintenance tasks
    Impersonate a client after authentication
    Create global objects
    Change the time zone
    Create symbolic links
    Increase a process working set
    Resultant Set Of Policies for User


    Software Installations


    N/A
    Logon Scripts


    N/A
    Logoff Scripts


    N/A
    Public Key Policies


    N/A
    Administrative Templates


    N/A
    Folder Redirection


    N/A
    Internet Explorer Browser User Interface



    GPO: Blocked
    Large Animated Bitmap Name: N/A
    Large Custom Logo Bitmap Name: N/A
    Title BarText: N/A
    UserAgent Text: N/A
    Delete existing toolbar buttons: No
    Internet Explorer Connection



    HTTP Proxy Server: 127.0.0.1:80
    Secure Proxy Server: N/A
    FTP Proxy Server: N/A
    Gopher Proxy Server: N/A
    Socks Proxy Server: N/A
    Auto Config Enable: No
    Enable Proxy: Yes
    Use same Proxy: Yes
    Internet Explorer URLs



    GPO: Blocked
    Home page URL: N/A
    Search page URL: N/A
    Online support page URL: N/A
    Internet Explorer Security



    Always Viewable Sites: N/A
    Password Override Enabled: False
    GPO: Blocked
    Import the current Content Ratings Settings: No
    Import the current Security Zones Settings: No
    Import current Authenticode Security Information: No
    Enable trusted publisher lockdown: No
    Internet Explorer Programs



    GPO: Blocked
    Import the current Program Settings: No

    Avatar
    ikon
    Member
    #354233

    Re: Problem with GPresult /RSOP

    Your Problem is because you Global policy setings are “Not Defined” meaning that that can be changed by the user.

    so what yo have done is moved your workstation to a GPO object OU and that policy was applied, i.e. firewall and proxy, when you move out of this container the policy you have is now not defined but you still have the setting applied as you have not changed it.

    Working as intended.

    change the Proxy settings manually and Firewall or make you global policy define the settings you want globally.

    hope this helps

    Avatar
    Anonymous
    #367233

    Re: Problem with GPresult /RSOP

    ikon;183360 wrote:
    Your Problem is because you Global policy setings are “Not Defined” meaning that that can be changed by the user.

    so what yo have done is moved your workstation to a GPO object OU and that policy was applied, i.e. firewall and proxy, when you move out of this container the policy you have is now not defined but you still have the setting applied as you have not changed it.

    Working as intended.

    change the Proxy settings manually and Firewall or make you global policy define the settings you want globally.

    hope this helps

    Hi Ikon,

    Thanks for your reply, so if I understood well I have to link the Default Domain Policy to the OU were my user account now is in?

    Please let me know.
    Thanks!

    Paul

    Avatar
    ikon
    Member
    #354235

    Re: Problem with GPresult /RSOP

    http://forums.petri.com/showthread.php?t=40473

    The post above should help you, see the last reply.

    Avatar
    Anonymous
    #367234

    Re: Problem with GPresult /RSOP

    ikon;183483 wrote:
    http://forums.petri.com/showthread.php?t=40473

    The post above should help you, see the last reply.

    Hi Ikon,

    I have tested but no result.
    I have enforfed the WSUS policy for example, it is applied.
    In the WSUS policy no software installation is in or proxy setting all is emtpy. because you cannot configure these items to enable and disable.

    Still in gpresult /v the problem exists from my first post..

    Can you help me further perhaps?

    Thanks.
    Paul

    Avatar
    ikon
    Member
    #354244

    Re: Problem with GPresult /RSOP

    Ok

    Run “gpotool” on one of your DC’s gpotool.exe is found in the windows 2003 resource kit.

    This tool will show any problems with GPO accorss your DC’s

    also your log you generated was logging mode, logging mode shows you Currently applied GPO’s

    Planning mode will show you what you should recieve from new GPO’s like a compare.

    Please post both.

    Thanks

    Avatar
    Anonymous
    #367235

    Re: Problem with GPresult /RSOP

    Hi Ikon,

    This is all information I get..

    Searching for policies…
    Found 9 policies
    ============================================================
    Policy {00D9C5F4-8C0E-43D1-8C98-AB02B9F0AE82}
    Friendly name: WSUS
    Policy OK
    ============================================================
    Policy {03861CEB-7589-461A-B349-6CADF9F696EA}
    Friendly name: GFIMAIL
    Policy OK
    ============================================================
    Policy {31B2F340-016D-11D2-945F-00C04FB984F9}
    Friendly name: Default Domain Policy
    Policy OK
    ============================================================
    Policy {6AC1786C-016F-11D2-945F-00C04FB984F9}
    Friendly name: Default Domain Controllers Policy
    Policy OK
    ============================================================
    Policy {6E033083-48B8-49DF-A755-4769A93A8888}
    Friendly name: Blocked
    Policy OK
    ============================================================
    Policy {A1AB0DFE-CFAD-4DD3-9063-1B9D5CEF941C}
    Friendly name: WSUS1
    Policy OK
    ============================================================
    Policy {C469DC60-CC06-407E-A16F-E28F070CA5FD}
    Friendly name: TS Default
    Policy OK
    ============================================================
    Policy {E26EA285-8051-4513-BE73-065DF69A0E75}
    Friendly name: TEST SSO
    Policy OK
    ============================================================
    Policy {F81A5AC0-0758-41E4-B785-186A5377A18D}
    Friendly name: New Group Policy Object
    Policy OK
    ============================================================
    Policies OK

    Can you help me?

    Regards,
    Paul

    Avatar
    ikon
    Member
    #354249

    Re: Problem with GPresult /RSOP

    Can you post you RSoP logs for Planning Mode and Logging mode?

    Thanks

    Avatar
    Anonymous
    #367236

    Re: Problem with GPresult /RSOP

    ikon;183795 wrote:
    Can you post you RSoP logs for Planning Mode and Logging mode?

    Thanks

    Hi Ikon,

    Sorry I was delayed for some time due other problems.
    Where can I find the logs, I run the logging and Planning mode but after this I see no logging?

    Can you help me, because my problem still exists?

    Best regards,

    Paul

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.