The registry settings warning may have something to do with it and I don't
know all the innards of Group Policy to determine exactly what happened to
your user account on your computer. Out of interest I would try to logon
with your account to another domain computer that is in the same OU as your
computer to see what happens and/or logon to your computer with another
equivalent account [in same OU and same group membership] to see what
happens to see if it is an isolated problem which I suspect it is from your
results of RSOP.
I would not worry too much about your domain controllers. The support tools
netdiag, dcdiag, and gpotool can be used to evaluate their health easily
enough. Support tools are in the support/tools folder of the install disk
for the appropriate operating system and you will need to run the setup in
that folder to install them. I would run netdiag on your computer also to
make sure no problems are reported for dc discovery, dns, kerberos, or
trust/secure channel and check Event Viewer also for any pertinent clues.
If the problem seems to be isolated just to your account on the one computer
I am not sure what the best plan of action would be but what may work is to
delete your user profile from that computer via System
Properties/advanced/user profiles. Of course you would have to logon as
another administrator for your computer to do such and if your profile does
not roam you would want to copy the profile to another user on the computer
and then copy it back after a new profile for your account was created when
you logged on. Profiles can be copied by an administrator that is not the
source or destination user for the profile copy and you need to make sure
that you give the target user permissions to the copied profile. This is all
done also via System Properties/advanced/user profiles. If you attempt such
I would also do a full backup of your profile before deleting it just in
case. There may be an easier way to deal with the problem but I don't know
what it is offhand [such as registry keys to delete, etc.] You might find
the link below helpful. --- Steve
http://www.oreilly.com/catalog/mwin2reg/chapter/ch07.html
"Ageing Brilliantine Stick Insect"
Hi Steve,
Thanks for that. I did a gpupdate on my PC and restarted a few times. I'm
afraid I chickened out of running a secedit on the Domain Controllers - if
've broken something I don't want it to apply to the DCs!! I ran RSOP on
my
PC for my userID and it said that the only policy being applied to me was
the
policy applied at the site level (password policy)....none of the OU level
policies were being applied - all blocked or unlinked.
I still can't run GPMC from my Windows XP PC unless I start a fresh MMC
and
add GP Management to it - then it runs OK. There are still some GP
settings
that seem to be applying to my PC eg for various reasons we have had to
remove the 'Add new printer' icon from the printers folder for the average
user, and I have no 'Add new printer' available to me - so I assume some
of
the GP settings are still applied.
I noticed an error in the Events tab of the GPMC that said my registry
couldn't be unloaded when I restarted - I assume this may be causing some
of
the settings to not be 'unapplied'?
Steven L Umbach said:
It sounds like the changes just have not propagated yet. Try running
secedit
/refreshpolicy user_policy /enforce on the domain controller [gpupdate
/force for Windows 2003] and then running gpupdate /force on your XP
computer and it may help to logoff and logon one more time. If still no
go
try running the gpresult support tool on your XP Pro computer to see what
it
reports as OU that the computer and user are shown as being in and the
Group
Policies that are being applied to it. The Resultant Set of Policy in
logging mode may also be helpful. --- Steve
"Ageing Brilliantine Stick Insect"
message
I realise this is the Windows 2000 forum, and this is probably a Windows
XP
question, so apologies if this causes offence.......
I moved my PC to an OU in AD that had a GP linked to it (my
fault.......in
the old version of GP management it was easy to 'deny group policy
application'). Anyway, after a reboot I was unable to launch the GPMC -
kept
getting error message 'windows cannot find blahblahblah\gpmc.msc......'
followed by some stuff that said it was either not an MMC, or I didn't
have
permission to access it.
I logged off my PC and back on as Domain Admin, and got the same
problem.
Logged back on as myself - still the same problem. Moved my PC to an OU
that
doesn't have GP applied to it - rebooted - same problem. Moved my user
account to an OU that didn't have GP applied - restarted - same
problem.
Restarted again, logged on as myself (have admin privs) - same problem.
However, I can Start, Run, MMC and add the GPMC to the MMC and work
with
GP.
I can see from various changes in my Windows environment that GP is
still
being applied to my PC, even though I have now moved it to yet another
OU
that has 'block inheritance' set.
Does anyone have any idea what I have done wrong, and how I might go
about
getting my PC (and user account) back to a state where GP is NOT
applied
to
it?
