Problems with Group Policy

[Guest]

I am dealing with a Group Policy issue in a small, single DC network
environment.

In short, the client machines will not apply group policy settings.

Here's what I know:

Domain authentication is working.
DNS is working.
I believe my Integrated Active Directory Zone is working
No error messages are being generated
NTFS ACLs work for domain users, just not group policy refresh.
GPO refresh is set to synchronous during login and startup

There might be a simple solution, but I'm just not seeing it. I just
reinstalled Windows 2000 Professional on the client machines today and the
group policy is still not acting properly.

Thanks

 

[Guest]

On your W2k clients, run

secedit /refreshpolicy machine_policy /enforce
secedit /refreshpolicy user_policy /enforce

to force Group Policy to apply (Event Viewer will reveal status). Typically
it
take ~ 90 min for clients and member servers to refresh GP (default).

Check the Event Viewer on W2k clients as well, since logs can give pointers
to where problems could be. Running "gpresult /v" will give you a report on
all GPs applied (on machine and currently logged in user).

HTH.

 

[Guest]

Desmond,

Thank you for the advice. It didn't fix the problem, but it did shed some
light on the problem.

When I ran secedit, there was no problem, but something did appear in the
event viewer: "Windows cannot determine the user or computer name. Error 1722"

This leads me to believe I have improperly configured DNS for Active
Directory, and all authentication is happening via MAC Address, not any form
of network layer translation.

So, if you have any advice on setting up the proper DNS configuration, I'd
be much obliged.

Jeff

 

[Guest]

You are welcome, Jeff.

Check that clients receive correct DNS addresses (internal Servers setup to
support AD) if they are using DHCP; otherwise manually configure them in the
TCP/IP properties.

Verify also that the clients are indeed properly joined to the AD domain. If
the problem persists, un-join then re-join may be helpful.

Since you mentioned only Win 2000, it does not 'suffer' from the fast GP
processing in XP (where GP seem to behave intermittently).

One more point - authentication does not happen via MAC Address; at least
not in AD like what you could do in a WiFi setup.

 

[lforbes]

You are welcome, Jeff.

Check that clients receive correct DNS addresses (internal
Servers setup to
support AD) if they are using DHCP; otherwise manually
configure them in the
TCP/IP properties.

Verify also that the clients are indeed properly joined to the
AD domain. If
the problem persists, un-join then re-join may be helpful.

Since you mentioned only Win 2000, it does not 'suffer' from
the fast GP
processing in XP (where GP seem to behave intermittently).

One more point - authentication does not happen via MAC
Address; at least
not in AD like what you could do in a WiFi setup.

Hi,

DNS always seems to be the issue with Group Policy Problems. I have
detailed info on my website on how to correctly setup DNS to avoid
these issues. http://www.sd61.bc.ca/windows2000/dns.htm

Cheers,

Lara