They are all in the same OU and tried with the GPresult
but results it gives I am not sure how to interpret for
example:
When users gets all the setting which I have set the
result is:
Local profile: C:\Documents and Settings\netid
The user is a member of the following security groups:
YALE\Domain Users
\Everyone
BUILTIN\Users
YALE\Workstation Support Staff
YALE\pcaw-UNIPRINT
YALE\Group Policy Creator Owners
\LOCAL
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
In my case when the user only logs in there is nothing
blow:
The user is a member of the following security groups:
The same goes for registry settings. When it works
properly it gives
The user received "Registry" settings from these GPOs:
YALE Group Policy
In my problematic case it YALE Group Policy dose not
appear:
The user received "Registry" settings from these GPOs:
More or less it looks like that:
Operating System Information:
Operating System Type: Professional
Operating System Version: 5.0.2195.Service Pack 2
Terminal Server Mode: Not supported
##########################################################
#####
User Group Policy results for:
CN=netid,CN=Users,DC=yu,DC=yale,DC=edu
Domain Name: YALE
Domain Type: Windows 2000
Site Name: Default-site-name
Roaming profile: (None)
Local profile: C:\Documents and Settings\netid
The user is a member of the following security groups:
##########################################################
#####
Last time Group Policy was applied: Wednesday, August 12,
2003 at 10:39:44 AM
Group Policy was applied from: PCLAB2.PCLABD2
==========================================================
=====
The user received "Registry" settings from these GPOs:
##########################################################
#####
Computer Group Policy results for:
CN=COMPUTERNAME,OU=Workstation Support
Services,OU=Information Technology
Services,DC=yu,DC=yale,DC=edu
Domain Name: YALE
Domain Type: Windows 2000
Site Name:
The computer is a member of the following security groups:
BUILTIN\Administrators
\Everyone
BUILTIN\Users
YALE\BABYLON$
YALE\Domain Computers
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
##########################################################
#####
Last time Group Policy was applied: Wednesday, August 12,
2003 at 10:39:44 AM
Group Policy was applied from: PCLAB2.PCLABD2
==========================================================
=====
The computer received "Registry" settings from these GPOs:
Local Group Policy
==========================================================
=====
The computer received "Security" settings from these GPOs:
Local Group Policy
==========================================================
=====
The computer received "EFS recovery" settings from these
GPOs:
Local Group Policy
Microsoft (R) Windows (R) 2000 Operating System Group
Policy Result tool
Copyright (C) Microsoft Corp. 1981-1999
-----Original Message-----
Hi Dimitre,
You can also run the "set L" command from the command prompt to see if the
DC is even authenticating the client. You will need to ensure both
connectivity and name resolution work.
Depending on what policies are applying, you will also need to make sure
that your workstations and users are in the same OU as the ones located on
LAN1. The userenv.log, which can be enabled following article 221833 or the
gpresult.exe utility that comes in the 2k Resource kit can be used for
diagnosis.
--
Eric Burke [MSFT]
Microsoft Directory Services
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
Simon Geary said:
Is ICMP being dropped on either of the firewalls at
the sites? If the
client
in LAN 2 cannot ping the DC in LAN 1 then Group Policy
would not be
applied.
Also, how fast is the link between the two? If there is a slow connection
then the Group Policy slow link detection setting may need to be altered.
I would have a look through userenv.log as well to see if it offers any
hints if neither of the above helps.
Hi there,
I have two LANs which are connected with a VPN connection
using IPSec tunnel. In LAN1 I have a domain controller/DC1
and the workstations and users in that LAN login as they
are suppose to. In LAN2 however when user logs in the
domain controller/domain from LAN1 the group policy is not
being applied and all the restrictions, which I have
setup, disappear.
In LAN1 my IP range is from 192.168.1.1 -to 254 the IP
address of the DC1 is 192.168.1.54
In LAN2 my IP range is from 192.168.0.1 - to 254 and in
the IP settings for Primary DNS I have set 192.168.1.54
Everything works as intended apart from receiving and
applying the group policy in LAN2
Any help will be highly appreciated, as it is the 3rd day
that I am trying to solve this problem
Thanks
.
