GPO not being applied to Citrix login

G

Guest

Hi there, hoping someone can shed some light on this. We are running a
VBScript login script thru group policy. Works fine as long as users are not
using Citrix. thought it was an issue with MetaFrame XP. Finally was able
(today) to run RSoP on a specific user and machine, and the GPO does not show
as being applied. There are 2 others (the default domain, and another one
that only has a computer configuration setting configured to run a little
batch file at startup) that DO show as being applied. The login script has
the computer configs setting disabled and just uses the user/windows settings
to run the script. Any clues as to what I can check next?

I am going bald trying to figure this out.....

Thanks,

Suzanne
 
M

Mark Renoden [MSFT]

Hi Suzanne

I gather the login script is applied to an OU to which the users are
members?

Is there any chance that a GPO applied to the Citrix server has policy
loopback in replace mode turned on? If so, the GPO's that would normally
apply to the users will be ignored an instead, the user configuration
portion of GPO's applying to the server will be used instead.

HTH
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.
 
G

Guest

Mark,

Yes the user is a member of an OU to which the GPO is applied. My
understanding of loopback is that you must be in AD native mode to enable
this feature. But I checked anyway, and my version of admin templates don't
have that option. But something seems to be blocking it only on the citrix
server only. (When I run the user name and machine thru the script, it maps
perfectly (and it uses the machine name to validate the running of certain
functions) for the user).

Thanks for the help!

Mark Renoden said:
Hi Suzanne

I gather the login script is applied to an OU to which the users are
members?

Is there any chance that a GPO applied to the Citrix server has policy
loopback in replace mode turned on? If so, the GPO's that would normally
apply to the users will be ignored an instead, the user configuration
portion of GPO's applying to the server will be used instead.

HTH
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

Suzanne said:
Hi there, hoping someone can shed some light on this. We are running a
VBScript login script thru group policy. Works fine as long as users are
not
using Citrix. thought it was an issue with MetaFrame XP. Finally was
able
(today) to run RSoP on a specific user and machine, and the GPO does not
show
as being applied. There are 2 others (the default domain, and another one
that only has a computer configuration setting configured to run a little
batch file at startup) that DO show as being applied. The login script
has
the computer configs setting disabled and just uses the user/windows
settings
to run the script. Any clues as to what I can check next?

I am going bald trying to figure this out.....

Thanks,

Suzanne
Click to expand...
Click to expand...
 
M

Mark Renoden [MSFT]

Hi Suzanne

I guess my next suggestion would be to enable user environment debug logging
and look for answers there. You'll want to do this at a time when only one
user is logging onto the Citrix server to minimize the data you're looking
at:

221833 How to enable user environment debug logging in retail builds of
Windows
http://support.microsoft.com/?id=221833

HTH
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

Suzanne said:
Mark,

Yes the user is a member of an OU to which the GPO is applied. My
understanding of loopback is that you must be in AD native mode to enable
this feature. But I checked anyway, and my version of admin templates
don't
have that option. But something seems to be blocking it only on the
citrix
server only. (When I run the user name and machine thru the script, it
maps
perfectly (and it uses the machine name to validate the running of certain
functions) for the user).

Thanks for the help!

Mark Renoden said:
Hi Suzanne

I gather the login script is applied to an OU to which the users are
members?

Is there any chance that a GPO applied to the Citrix server has policy
loopback in replace mode turned on? If so, the GPO's that would normally
apply to the users will be ignored an instead, the user configuration
portion of GPO's applying to the server will be used instead.

HTH
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no
rights.

Suzanne said:
Hi there, hoping someone can shed some light on this. We are running a
VBScript login script thru group policy. Works fine as long as users
are
not
using Citrix. thought it was an issue with MetaFrame XP. Finally was
able
(today) to run RSoP on a specific user and machine, and the GPO does
not
show
as being applied. There are 2 others (the default domain, and another
one
that only has a computer configuration setting configured to run a
little
batch file at startup) that DO show as being applied. The login script
has
the computer configs setting disabled and just uses the user/windows
settings
to run the script. Any clues as to what I can check next?

I am going bald trying to figure this out.....

Thanks,

Suzanne
Click to expand...
Click to expand...
Click to expand...
 
R

Ryan Hanisco

Suzanne,

Not to second guess anything here... but the behavior you've described does
sound like the users aren't in the OU to which the GPO has been applied.
You need to make sure that this is not simply applied to a sub-OU or that
GPO filtering is not preventing the User Policy from being applied to the
Users.

You've also mentioned some scripting behavior that looks to the username and
machine name for its application. Depending on the version of Citrix
(especially presentation server 3.0 with its new handling of anonymous
connection types) and when the script fires off (Before or after the HKCU
hive is instantiated) there can be different values for user values than you
might expect.

Can you give us more info about the versions of windows and Citrix you are
running and maybe post your script? Do other User GPOs other than the
script apply?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Internet Explorer Maintenance Settings Not Being Applied 7
GPO, TS & Citrix 1
GPO not being applied 2
login Scripts not running 9
GPO not applied - migration from ldap to AD 4
GPO no longer being applied to user 4
TS, Citrix and GPOs 1
Loopback policy partly applied after restart. GPUPDATE /FORCE requ 3

Top