Windows 7 Thread, First logon doesn't load GP... in Technical; Our new Windows 7 computers seem to have a weird problem;
We built up a working Windows 7 image. When ...
6th June 2011, 03:06 PM #1
- Rep Power
First logon doesn't load GP...
Our new Windows 7 computers seem to have a weird problem;
We built up a working Windows 7 image. When we put that image onto the other computers, it all works fine. We change the name, configure one or two other little changes and reboot. Then we join the domain, and turn it off. Move the computer account into the correct GPO, and boot the PC up again.
When the PC comes back on, and we log on with any working account, it doesn't load the user group policy. Logging off and back on immediately, and it works. It then works perfectly, seemingly forever more! It's only that first time we log on.
I am to run a gpresult on the PC when I have reloaded the ghost image.
The description for Event ID 1085 from source Microsoft-Windows-GroupPolicy cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Cannot complete this function.
The handle is invalid
IDG Tech News
6th June 2011, 03:11 PM #2
Did you do any windows update before the imaging i.e. did you let them isntall first?
6th June 2011, 03:15 PM #3
- Rep Power
6th June 2011, 03:18 PM #4
Have a look here
Event ID 1085 Source Userenv
I have seen it when folder redirection is not working well.
6th June 2011, 03:18 PM #5
- Rep Power
But why is it the first time you log on only? :S
Originally Posted by ricki
6th June 2011, 03:19 PM #6
Some Gp's are only picked up at logon so wont show effect untill the second logon... Does that seem plausible for your policies?
6th June 2011, 03:24 PM #7
- Rep Power
Well, the whole profile is scrubbed at log off. The policies are applied as follows:
Default Domain Policy > Workstation policy > Staff policy
Default Domain Policy > Workstation policy > Students policy
The default domain policy has barely been touched, so isn't really doing anything.
6th June 2011, 03:26 PM #8
Have a script that forces GP Update before anything else kicks in?
6th June 2011, 07:45 PM #9
My guess is that something in the group policies is causing a delay and other policies then start being applied and the problem one times out. I used to have it with proxy settings for ie. I was using a old adm that caused a delay and it would not apply first time. I have also seen it where a script or a policy in gpo were looking at the wrong location that would time out. Dns problems can also cause delays and so can dfs.
I am not sure but the first time you get a profile it sets up a lot of things like you browser settings and if this is getting stuck on something. It could be cuasing the problem.
The list can be endless.
6th June 2011, 07:52 PM #10
I have an idea. Would you be willing to do some playing.
Could you create a test user and place then in a new ou with blocked inheritance.
Place a test computer in a test ou with blocked inheritance and then link one policy at a time and between tests delete the profile.
If the tests start to apply it might be a policy that got setting incorrect or corrupt.
Also does the computer wait for the domain before starting it can be set in group policy.
My network is not as fast as some of my newest machines and I have to put a delay in and tell them to wait for the domain.
17th June 2011, 05:57 PM #11
Do you have a Reverse DNS Zone?
This issue is commonly caused by reverse DNS pollution.
When you image the PC the Imaging Process will assign a netbios name to an IP address and register this in DHCP/DNS and more importantly create a Reverse entry if you have an RDNS zone.
Eg - minint-123456.mydomain.local = 192.168.1.123 and 192.168.1.123 = minint-123456.mydomain.local
Once the system has been renamed and joined to the domain proper, it will become PC0123.mydomain.local = 192.168.1.123
You often will end up with two different netbiosnames with the same IP address.
The inconsistency in the DNS/RDNS zones and machine names causes the GP to fail.
This also applies to any other application the relies on reverse lookups in DNS (Sophos is commonly crippled by this phenomena)
Check your DNS/RDNS Zones carefully and manually remove any erroneous or duplicated workstation records especially if you have been imaging PC's as it could take 7 days before the DNS and DHCP records fully reconcile which is when these strange issues suddenly disappear!
Reverse DNS Zones are not essential for Windows DNS to work but if it exists it has to be right.
This is a routine part of our Preventative Maintenence routines on all of the various systems we support.
By tech_guy in forum General Chat
Last Post: 26th December 2008, 09:57 AM
By SimpleSi in forum EduGeek Joomla 1.5 Package
Last Post: 25th May 2008, 11:21 AM
Last Post: 28th February 2008, 07:24 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)