• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

GPO Issue verify correct domain controller ?

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Windows

View previous topic :: View next topic  
Author Message
ryanlashway
Just Arrived
Just Arrived


Joined: 13 Oct 2010
Posts: 1


Offline

PostPosted: Mon Jul 25, 2011 5:51 pm    Post subject: GPO Issue verify correct domain controller ? Reply with quote

I have a GPO for folder redirection. I have made all my necessary changed and can not get them to reflect on the users workstations. When doing a gpresults it appears it is pulling from the correct server, but the values are not what I have entered, they are still from the old settings.

How can I verify the gpo is coming from the correct server, beyond the labeling on the gpresults report

how can I force the policy to the workstaions beyond gpupdate /force
Back to top
View user's profile Send private message
ryansutton
Trusted SF Member
Trusted SF Member


Joined: 25 Aug 2004
Posts: 67
Location: San Francisco, California

Offline

PostPosted: Mon Jul 25, 2011 6:49 pm    Post subject: Reply with quote

The GPO will replicate across DC's so it shouldn't matter what server it is pulling it from. If you run the set command it will show you what server the client is authenticating from and that should be the server it is getting the GPO from. You can check that server to make sure the GPO has replicated. Gpupdate/force is the only way to force GPO processing, other than that you have to reboot or wait for the normal GPO refresh which I think is 90 minutes. As far as folder redirection not working, I would check the NTFS permissions on the redirected share.
Back to top
View user's profile Send private message
ryanlashway
Just Arrived
Just Arrived


Joined: 13 Oct 2010
Posts: 1


Offline

PostPosted: Mon Jul 25, 2011 7:27 pm    Post subject: Weird Reply with quote

Ok, this is weird, I am able to apply other settings thru the same policy (ex. I am now creating a folder on the desktops). I then, in the same policy, removed the folder redirection and it still shows the old information from the first server.
I have removed all custom permissions on the directory and set it to Everyone = Full Control, with inherit on, and still no go.......any ideas ?

I even tried th change the path to make it auto create and still the same .
Back to top
View user's profile Send private message
ryansutton
Trusted SF Member
Trusted SF Member


Joined: 25 Aug 2004
Posts: 67
Location: San Francisco, California

Offline

PostPosted: Mon Jul 25, 2011 8:19 pm    Post subject: Reply with quote

You need to add the Creator Owner permission on the Users share as well. Are there any errors in the client or server event logs? What does the RSOP wizard show?
Back to top
View user's profile Send private message
ryanlashway
Just Arrived
Just Arrived


Joined: 13 Oct 2010
Posts: 1


Offline

PostPosted: Mon Jul 25, 2011 8:41 pm    Post subject: Question Reply with quote

Hey Ryan, its Ryan.

Ok, with the Create Owner what level of permissions need to be set ?

With the RSOP wizard........huh ? How do I run this ?
Back to top
View user's profile Send private message
ryansutton
Trusted SF Member
Trusted SF Member


Joined: 25 Aug 2004
Posts: 67
Location: San Francisco, California

Offline

PostPosted: Mon Jul 25, 2011 8:50 pm    Post subject: Reply with quote

Creator owner should have full control on the root and all sub folders. You can run the RSOP wizard by opening the GPO Management console and right click Results (or something similair) and there will be an option to run the wizard.
Back to top
View user's profile Send private message
ryanlashway
Just Arrived
Just Arrived


Joined: 13 Oct 2010
Posts: 1


Offline

PostPosted: Mon Jul 25, 2011 9:16 pm    Post subject: huh Reply with quote

When trying to run the wizard I recieve "The RPC Server is unavalable" ? This happens if I try to run it from the DC to another machine, if I just run it as the domain admin on the dc I get no errors and all looks like it should.
Back to top
View user's profile Send private message
ryanlashway
Just Arrived
Just Arrived


Joined: 13 Oct 2010
Posts: 1


Offline

PostPosted: Mon Jul 25, 2011 9:24 pm    Post subject: ok, got more Reply with quote

ok Ryan, its Ryan again.

The event log it flagging the following:

Failed to remove policy for "Documents" Removal options = 20009001.
The following error occured: "Failed to redirect because the destination directory \\192.168.1.51\My Documents "is offline". Error details "The network path is not found"

Do I need to bring the old system back online to move to the new one ?
Back to top
View user's profile Send private message
ryanlashway
Just Arrived
Just Arrived


Joined: 13 Oct 2010
Posts: 1


Offline

PostPosted: Mon Jul 25, 2011 10:05 pm    Post subject: Reply with quote

Ok, so I removed the policy and manually restored the location of the My documents, for some reason the GPO would not, even though the redirect to local was toggled.

Now, I have the local My Documents, and no network location for it. I do not see the policy even being applied in the Event log, where as before it would error because the old location was offline (i brought it back up to see if that would help).

I am lost on this, its a change on a redirect that is not reflecting for some reason.
Back to top
View user's profile Send private message
ryansutton
Trusted SF Member
Trusted SF Member


Joined: 25 Aug 2004
Posts: 67
Location: San Francisco, California

Offline

PostPosted: Mon Jul 25, 2011 10:58 pm    Post subject: Reply with quote

What does a gpresult show?
Back to top
View user's profile Send private message
ryanlashway
Just Arrived
Just Arrived


Joined: 13 Oct 2010
Posts: 1


Offline

PostPosted: Mon Jul 25, 2011 11:44 pm    Post subject: Reply with quote

When doing the following:

gpresult /s domaincontroller /u domainadmin /p password /scope user /v

I get what looks like the old settings for the folder redirect. It shows the old path, not the new one.
Back to top
View user's profile Send private message
ryanlashway
Just Arrived
Just Arrived


Joined: 13 Oct 2010
Posts: 1


Offline

PostPosted: Tue Jul 26, 2011 1:39 am    Post subject: Reply with quote

Ok, so on most xp machines a gpupdate. /force /sync is working. I have windows Vista & 7 machines not working but if I delete profile and log in , creating a new one profile settings and hoo work perfectly, ANY IDEA WHY?
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Windows All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register