Windows 7 Thread, GPO Problems in Technical; Hi Guys,
I have had Windows 2008r2 and Windows 7 setup and running fine for the past year, but two ...
31st January 2012, 11:32 AM #1
I have had Windows 2008r2 and Windows 7 setup and running fine for the past year, but two days I noticed some users have the full GPO pulled over and some users dont have it at all. The Home Drives come up fine.
I took one machine and tested it with two users, one user has a fully locked down PC which is good but another user in the same group has full accsess to the machine.
I have rebooted the DC's, when I done a gpupdate /force on the DC it did come back with an error but this has been fixed now. I have also put a new image onto the PC just to see if this was the cause but still no luck.
Any help on this would be great.
31st January 2012, 12:12 PM #2
From a command line, run
gpresult /v > result.txt
Then view the result.txt file in Notepad.
This will show you if any policies have been filtered out (maybe by mistake)
If this sheds no light, you could run a GPO simulation through the Group Policy Management tool against the user and machine for both cases, see if there's any differences in the simulation results between the two machines/users.
Last edited by jinnantonnixx; 31st January 2012 at 12:15 PM.
Thanks to jinnantonnixx from:
Obzen (31st January 2012)
31st January 2012, 01:03 PM #3
I redone the GPO and its all good now . Cheers
1st February 2012, 08:36 AM #4
Thought this was fixed but no luck. When I type in \\domain.local sometimes it asks for a username and password and sometimes it will come straight up and even when I enter the administrator one it doesnt work. It seems to be a intermittent problem
1st February 2012, 09:00 AM #5
Just to explain abit more. We have about 3-4 students in each class that logon with no GPO loaded or what appears to be. They have the default Windows 7 wallpaper and full local admin rights. I have made a note of the user details and tested on another PC and the GPO will pull accross, this seems like a really weird problem we have never experienced before. The affected account seems completely random, I have taken one user account and logged in with it to 30 classroom computers and between 5 and 10 logons will not pull the GPO accross.
Our Domain Controllers are pretty much just maintained as we don't like to mess about with em (Ruuning 2008 R2, fully updated)
Something that might be related to the problem is when I type \\domain.local\ in run I get a logon box instead of explorer showing the domain controllers sysvol folder. Any details I enter in this box will not allow me access the sysvol (even the domain administrator account)
Here is the troubleshooting we have done so far;
Image the PC/PC's
Check the user account in AD for membership
Reboot Domain Controllers
Reboot the core switch
Restored a backup of the student GPO
Checked the services on the servers
Pretty much at a loss right now, any help is much appreciated.
1st February 2012, 09:12 AM #6
What does Event Viewer say? Compare a working with a non-working machine, see what the differences are.
I must say this is ringing a bell; I think I had something similar when I set up a Windows 7 system. I'll see if I've made any notes (I often do!)
1st February 2012, 09:20 AM #7
I had something odd like this. I fixed it by applying ALL Microsoft updates. The reason I say ALL is we had chosen not to apply all windows updates due to a software conflict.
1st February 2012, 09:44 AM #8
Doing updates now. I have just replaced the Default Domain Policy as I think this was the cause.
1st February 2012, 11:33 AM #9
Getting this error now
1st February 2012, 11:35 AM #10
How many domain controllers do you have? Are they talking to each other? Check the FRS entries in Event Viewer.
1st February 2012, 11:44 AM #11
We have 2 domain controllers, FRS went up and down all day yesterday but there is nothing in there for today.
One frequent error is
"The File Replication Service is no longer preventing the computer DC01 from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.
Type "net share" to check for the SYSVOL share."
1st February 2012, 03:48 PM #12
dcdiag /test:netlogons passes on both domain controllers, if that helps any?
2nd February 2012, 11:39 AM #13
Found the root problem, rogue DNS entries that were conflicting with domain controllers, removed them now I'm able to access the sysvol consistently thus GPO's are applied 100% of logons.
Thanks for all of your replies.
Thanks to Edwardjr from:
RobBaxter (2nd February 2012)
2nd February 2012, 11:52 AM #14
2nd February 2012, 02:29 PM #15
Wow... what ya know ... i found that i had some DNS screwups also... *facepalms* thanks for that!
By Techdw in forum Windows Server 2008 R2
Last Post: 9th September 2011, 12:43 PM
By edsa in forum Windows Server 2000/2003
Last Post: 23rd January 2010, 09:07 PM
By MNHughes in forum O/S Deployment
Last Post: 15th December 2009, 03:46 PM
By irsprint in forum Windows Server 2000/2003
Last Post: 11th September 2009, 11:41 AM
By z4ydi in forum Network and Classroom Management
Last Post: 11th February 2008, 03:12 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)