GPO Issue verify correct domain controller ?

Networking/Security Forums -> Windows

Author: ryanlashway PostPosted: Mon Jul 25, 2011 5:51 pm    Post subject: GPO Issue verify correct domain controller ?
    ----
I have a GPO for folder redirection. I have made all my necessary changed and can not get them to reflect on the users workstations. When doing a gpresults it appears it is pulling from the correct server, but the values are not what I have entered, they are still from the old settings.

How can I verify the gpo is coming from the correct server, beyond the labeling on the gpresults report

how can I force the policy to the workstaions beyond gpupdate /force

Author: ryansuttonLocation: San Francisco, California PostPosted: Mon Jul 25, 2011 6:49 pm    Post subject:
    ----
The GPO will replicate across DC's so it shouldn't matter what server it is pulling it from. If you run the set command it will show you what server the client is authenticating from and that should be the server it is getting the GPO from. You can check that server to make sure the GPO has replicated. Gpupdate/force is the only way to force GPO processing, other than that you have to reboot or wait for the normal GPO refresh which I think is 90 minutes. As far as folder redirection not working, I would check the NTFS permissions on the redirected share.

Author: ryanlashway PostPosted: Mon Jul 25, 2011 7:27 pm    Post subject: Weird
    ----
Ok, this is weird, I am able to apply other settings thru the same policy (ex. I am now creating a folder on the desktops). I then, in the same policy, removed the folder redirection and it still shows the old information from the first server.
I have removed all custom permissions on the directory and set it to Everyone = Full Control, with inherit on, and still no go.......any ideas ?

I even tried th change the path to make it auto create and still the same .

Author: ryansuttonLocation: San Francisco, California PostPosted: Mon Jul 25, 2011 8:19 pm    Post subject:
    ----
You need to add the Creator Owner permission on the Users share as well. Are there any errors in the client or server event logs? What does the RSOP wizard show?

Author: ryanlashway PostPosted: Mon Jul 25, 2011 8:41 pm    Post subject: Question
    ----
Hey Ryan, its Ryan.

Ok, with the Create Owner what level of permissions need to be set ?

With the RSOP wizard........huh ? How do I run this ?

Author: ryansuttonLocation: San Francisco, California PostPosted: Mon Jul 25, 2011 8:50 pm    Post subject:
    ----
Creator owner should have full control on the root and all sub folders. You can run the RSOP wizard by opening the GPO Management console and right click Results (or something similair) and there will be an option to run the wizard.

Author: ryanlashway PostPosted: Mon Jul 25, 2011 9:16 pm    Post subject: huh
    ----
When trying to run the wizard I recieve "The RPC Server is unavalable" ? This happens if I try to run it from the DC to another machine, if I just run it as the domain admin on the dc I get no errors and all looks like it should.

Author: ryanlashway PostPosted: Mon Jul 25, 2011 9:24 pm    Post subject: ok, got more
    ----
ok Ryan, its Ryan again.

The event log it flagging the following:

Failed to remove policy for "Documents" Removal options = 20009001.
The following error occured: "Failed to redirect because the destination directory \\192.168.1.51\My Documents "is offline". Error details "The network path is not found"

Do I need to bring the old system back online to move to the new one ?

Author: ryanlashway PostPosted: Mon Jul 25, 2011 10:05 pm    Post subject:
    ----
Ok, so I removed the policy and manually restored the location of the My documents, for some reason the GPO would not, even though the redirect to local was toggled.

Now, I have the local My Documents, and no network location for it. I do not see the policy even being applied in the Event log, where as before it would error because the old location was offline (i brought it back up to see if that would help).

I am lost on this, its a change on a redirect that is not reflecting for some reason.

Author: ryansuttonLocation: San Francisco, California PostPosted: Mon Jul 25, 2011 10:58 pm    Post subject:
    ----
What does a gpresult show?

Author: ryanlashway PostPosted: Mon Jul 25, 2011 11:44 pm    Post subject:
    ----
When doing the following:

gpresult /s domaincontroller /u domainadmin /p password /scope user /v

I get what looks like the old settings for the folder redirect. It shows the old path, not the new one.

Author: ryanlashway PostPosted: Tue Jul 26, 2011 1:39 am    Post subject:
    ----
Ok, so on most xp machines a gpupdate. /force /sync is working. I have windows Vista & 7 machines not working but if I delete profile and log in , creating a new one profile settings and hoo work perfectly, ANY IDEA WHY?



Networking/Security Forums -> Windows


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group