P
Phil
Hi All,
I have a single server machine running Windows 2000 Server and a bunch of
Windows XP SP1 client machines. I set up three Group Policy Objects on our
single domain and use Security Filtering to apply them to different users,
which appeared to be happily working. However, it has recently stopped
applying the Computer Configuration nodes but successfully applies the User
Configuration settings.
Using GPMC on one of the XP machines, the appropriate Computer Configuration
is not applied and under Denied GPO's it lists one of the GPO's that it
legitimately shouldn't apply. However, it also lists the two other GPO's by
their GUID's, not their 'friendly names' and the reason denied is given as
'Inaccessible'. Under User Configuration, all GPO's are correctly listed and
applied / denied.
If I then do the following:
a.. Right click on one of the Group Policy Results for a user (in GPMC).
b.. Select Advanced View (which appears to bring up Resultant Set of
Policy).
c.. Right click on Computer Configuration.
d.. Select Properties.
e.. Tick 'Display All GPO's and Filtering Status'.
....the inaccessible GUID's appear with 'Not Applied (Unknown)' under
filtering and 'AD (0) , Sysvol (0)' under Revision. Next to a successfully
applied policy, it reports something like 'AD(102), Sysvol (102)'.
There is also a 'rogue' GPO which the system wouldn't let me delete. In the
end, rightly or wrongly, I deleted its folder in Sysvol. However, it still
displays in Group Policy.
These are some of the things I can remember trying over the last few days:
a.. made sure Authenticated Users have rights to access GPO's in Sysvol (I
assume Authenticated Users would do it).
b.. Run GPOTOOL which reports all GPO's OK (except the rogue one, which it
can't find as I deleted it!).
c.. Checked my DNS which appears to work fine. I have a single DNS Server
on the Windows 2000 Server platform which all clients (and the server) point
to. I have a DNS Forwarder set up for my Internet ISP DNS Servers and the
clients have only the server DNS entered.
d.. I have deleted all my old GPO's and recreated them from scratch.
I have been all over the Web looking for solutions but nobody seems to have
the issue where Computer Configuration doesn't get applied but User
Configuration does.
Any help would be greatly appreciated.
Phil.
PS I'm relatively new to Newsgroup postings and I cannot figure how to post
a reply into an existing thread. I'm using Outlook Express so any pointers
gratefully received!
I have a single server machine running Windows 2000 Server and a bunch of
Windows XP SP1 client machines. I set up three Group Policy Objects on our
single domain and use Security Filtering to apply them to different users,
which appeared to be happily working. However, it has recently stopped
applying the Computer Configuration nodes but successfully applies the User
Configuration settings.
Using GPMC on one of the XP machines, the appropriate Computer Configuration
is not applied and under Denied GPO's it lists one of the GPO's that it
legitimately shouldn't apply. However, it also lists the two other GPO's by
their GUID's, not their 'friendly names' and the reason denied is given as
'Inaccessible'. Under User Configuration, all GPO's are correctly listed and
applied / denied.
If I then do the following:
a.. Right click on one of the Group Policy Results for a user (in GPMC).
b.. Select Advanced View (which appears to bring up Resultant Set of
Policy).
c.. Right click on Computer Configuration.
d.. Select Properties.
e.. Tick 'Display All GPO's and Filtering Status'.
....the inaccessible GUID's appear with 'Not Applied (Unknown)' under
filtering and 'AD (0) , Sysvol (0)' under Revision. Next to a successfully
applied policy, it reports something like 'AD(102), Sysvol (102)'.
There is also a 'rogue' GPO which the system wouldn't let me delete. In the
end, rightly or wrongly, I deleted its folder in Sysvol. However, it still
displays in Group Policy.
These are some of the things I can remember trying over the last few days:
a.. made sure Authenticated Users have rights to access GPO's in Sysvol (I
assume Authenticated Users would do it).
b.. Run GPOTOOL which reports all GPO's OK (except the rogue one, which it
can't find as I deleted it!).
c.. Checked my DNS which appears to work fine. I have a single DNS Server
on the Windows 2000 Server platform which all clients (and the server) point
to. I have a DNS Forwarder set up for my Internet ISP DNS Servers and the
clients have only the server DNS entered.
d.. I have deleted all my old GPO's and recreated them from scratch.
I have been all over the Web looking for solutions but nobody seems to have
the issue where Computer Configuration doesn't get applied but User
Configuration does.
Any help would be greatly appreciated.
Phil.
PS I'm relatively new to Newsgroup postings and I cannot figure how to post
a reply into an existing thread. I'm using Outlook Express so any pointers
gratefully received!