GPO not applied in remote sites

G

Guest

I have created a GPO that will be used to lock down workstations. I have
created a test OU, and linked the GPO to the test OU. I have copied the
default domain policy to make sure the permissions are right, and changed the
contents of the policy to my own specificaitons. I have added a few
workstations from my corp office and all is well. The policy is applied with
no problem. My problem is that the policy is not being applied to
workstations in remote sites. My remote sites all have their own DC. The
GPO has replicated to the remote site sysvol, as I see the object (named by
GUID), on the remote server. I have added the remote workstation objects to
the test OU, and this has replcated in AD......yet the policy is not applied.
Am I missing something. I have compared permissions on the GPO in my site
and they match the GPO in the remote site. Please help..... Thanks.
 
G

Glenn L

You need to look for userenv errors on the clients in the remote site.
Run gpresult in the remote site after logging on.
Does GPresult show the policy?
 
C

Cary Shultz [A.D. MVP]

Jesse,

What is the connection speed between the 'HQ' and the remote offices?

Cary
 
C

Cary Shultz [A.D. MVP]

Er, not necessarily a factor...Sorry for not reading the entire post.

But, maybe it is. Which DC is being used to authenticate?

Cary
 
G

Guest

Cary,

The link is 56K, but the sites are authenticating to thier site server.
There are userenv 1000 errors, stating that the domain cannot be found, and
the computer or user name cannot be found. I checked DNS and all looks well.
I did nslookup set type=srv and got response from DC's. I checked for
kerberos, ldap, and gc records in DNS and all exist for the sites. I ran
gpresult on workstations and the policy's are applied. Remember one policy
(computer) runs a script and is working. The user policy does not. Only
remote sites are having trouble applying GPO and most sites have userenv
errors??? what now?
 
G

Guest

Glenn,

I did not have the user accounts in the ou, but had user policy specified.
I enabled grou ppolicy loopback proccesing under computer configuration and
all is working. Although once the policy was applied it did not allow
applciation shortcuts to the desktop and i did not select clear icons in the
policy.... wierd. Also the active desktop that specifies a wallpaper is not
working. At least the computers are secure now. Thanks.
 
S

Stein Waalen

Try adding the setting:

Computer Config> Administrative templates > System > Group Policy -
Group Policy slow link detection (Enabled) Connection Speed (0 to
disable slow link detection) if you have problems with remote users
since your WAN link is too slow.

Run gpupdate from a command prompt on the clients, or reboot the
clients (the best is to boot, I have seen GPO`s not being active
unless a reboot) after changing the GPO.

Not sure if this applies to your config as you have a DC in the remote
site, but it is worth a try.

Best regards

Stein Waalen
Norway
Do not reply to personal e-mail, groups only.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

GPO not applying 1
GPO IE Zone Mapping issue on TS 2
GPO not being applied 2
remote assistance GPO not applying 3
GPO Password Policy is applied but not working 4
ou gpo not applying over domain policy 1
GPO settings are not applied 2
Some parts of Windows 2008 GPO not applied for some users 1

Top