I
Isaac Morton
Hi there,
I'm officially defeated by this problem. Microsoft closed the case I
phoned in and refunded my money, so I'm pretty sure I'm screwed, but I
thought I'd trouble you all
.
I'm trying to use a group policy to set a proxy (Squid/Linux) server
for an OU with users in it. For any given user, the policy will work
on some machines and not on others (machine-specific, not
user-specific). The other elements of the group policy, other than the
proxy in IE Maintenance settings, will apply successfully. All servers
are win2k SP4 / IE 6 SP1. Workstations are win2k pro SP4 / IE 6 SP1.
However, users will log on to both workstations and onto servers at
times. The machines that don't work are the servers which are
multihomed DCs with direct connections to the internet. The
workstations have only one NIC on our private network and work fine
with the same policy.
- I've tried using GPResult and found that the policy is getting
applied on the non-working computers and the working computers alike.
- I've verified the %logonserver% and I've checked to see where the
group policy is being applied from.
- I've run the repadmin /syncall tool to synchronize the entire Domain
- I've used replmon to verify the versions of the GPOs on all my DCs
(all good)
- I've tried secedit /refreshpolicy machine_policy /enforce And
secedit /refreshpolicy user_policy /enforce followed by reboots an
hour later
- Tried rebooting all the machines / DCs
- Manually checked every SYSVOL share and it's corresponding folder
for my troublesome proxy GPO for the correct version, to see if there
was a rogue in the mix
- I've deleted the local profiles of the users on the non-working
computers and regenerated them
- I wrote a registry hack logon script for the GPO to replace the IE
Maintenance / proxy server settings. It's as good as the old way
though: works on the same machines it worked on and doesn't work on
the others. (watch for word-wrapping):
<beginning of my script>
Dim WSHShell, Title
Set WSHShell = WScript.CreateObject("WScript.Shell")
WSHShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ProxyEnable", 1, "REG_DWORD"
WSHShell.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ProxyServer", "10.0.15.33:3128", "REG_SZ"
WSHShell.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ProxyOverride", "10.*;*.splat.com;*.rubyriver.com;<local>",
"REG_SZ"
<end of my script>
- checked DNS, done DCDiags, verified connectivity.
- Ripped out every one of my hairs (almost)
So I'm going to go pull out more hair.
Thanks in advance,
-Isaac
I'm officially defeated by this problem. Microsoft closed the case I
phoned in and refunded my money, so I'm pretty sure I'm screwed, but I
thought I'd trouble you all
.I'm trying to use a group policy to set a proxy (Squid/Linux) server
for an OU with users in it. For any given user, the policy will work
on some machines and not on others (machine-specific, not
user-specific). The other elements of the group policy, other than the
proxy in IE Maintenance settings, will apply successfully. All servers
are win2k SP4 / IE 6 SP1. Workstations are win2k pro SP4 / IE 6 SP1.
However, users will log on to both workstations and onto servers at
times. The machines that don't work are the servers which are
multihomed DCs with direct connections to the internet. The
workstations have only one NIC on our private network and work fine
with the same policy.
- I've tried using GPResult and found that the policy is getting
applied on the non-working computers and the working computers alike.
- I've verified the %logonserver% and I've checked to see where the
group policy is being applied from.
- I've run the repadmin /syncall tool to synchronize the entire Domain
- I've used replmon to verify the versions of the GPOs on all my DCs
(all good)
- I've tried secedit /refreshpolicy machine_policy /enforce And
secedit /refreshpolicy user_policy /enforce followed by reboots an
hour later
- Tried rebooting all the machines / DCs
- Manually checked every SYSVOL share and it's corresponding folder
for my troublesome proxy GPO for the correct version, to see if there
was a rogue in the mix
- I've deleted the local profiles of the users on the non-working
computers and regenerated them
- I wrote a registry hack logon script for the GPO to replace the IE
Maintenance / proxy server settings. It's as good as the old way
though: works on the same machines it worked on and doesn't work on
the others. (watch for word-wrapping):
<beginning of my script>
Dim WSHShell, Title
Set WSHShell = WScript.CreateObject("WScript.Shell")
WSHShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ProxyEnable", 1, "REG_DWORD"
WSHShell.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ProxyServer", "10.0.15.33:3128", "REG_SZ"
WSHShell.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ProxyOverride", "10.*;*.splat.com;*.rubyriver.com;<local>",
"REG_SZ"
<end of my script>
- checked DNS, done DCDiags, verified connectivity.
- Ripped out every one of my hairs (almost)
So I'm going to go pull out more hair.
Thanks in advance,
-Isaac