Group policy error
I'm having problems with our group policy on a couple of batches of machines, i've imaged them and haven't sysprepped as i believe win 7 recreates SIDs automatically and i was told i didn't need to sysprep. My issue is that on the base image i called the machine XYZ, i've then imaged them and changed the computer names to class1-1 class1-2 etc. then i do a GPUPDATE/FORCE and get the error below. If you then do the GPRESULT /H GPReport.html it says computer name : XYZ rather than what i've changed it to. Any ideas?
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
User Policy update has completed successfully.
The following warnings were encountered during user policy processing:
The Group Policy Client Side Extension Folder Redirection was unable to apply on
e or more settings because the changes must be processed before system startup o
r user logon. The system will wait for Group Policy processing to finish complet
ely before the next startup or logon for this user, and this may result in slow
startup and boot performance.
Computer policy could not be updated successfully. The following errors were enc
The processing of Group Policy failed. Windows could not resolve the computer na
me. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain co
ntroller has not replicated to the current domain controller).
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results.
From my experience, where sysprep could be avoided in XP, it's absolutely essential for a properly working domain PC on Windows 7. I had no end of problems trying to get around it with the first W7 machines, so I gave in and did it properly. It means things like Sophos, GP etc all work nicely. I still have to wipe out the WSUS settings on the imaged machines with a GPO which resets the registry settings though.
See i got told exactly the opposite, i HAD to sysprep in XP but win 7 was so advanced that i didn't need to!
Originally Posted by 3s-gtech
and now i'm being thick, can you post a link to sysprep download for W7?
Here I deploy images straight to Win 7 machines with nothing done to them. I have done about 250 machines like this and never had any issues. I did sysprep the machine that I used for the image though.
You don't need one, sysprep is located at c:\windows\system32\sysprep
Originally Posted by Pyroman
Thanks, i shall try and see if it works, the weird thing is that i have a bunch of dell machines that are set up in exactly the same way with no sysprep and they work fine, it's just these 2 batches of PCs that are weird. I must've missed something somewhere when setting them up but for the life of me i can't work out what?!
Welll..... i sysprepped the machine ans still exactly the same problem :-(
The first warning you get is related to you having either logon/startup scripts or software installation policices attached to the workstation. You cannot run these policies without restarting so that is all that means so its nothing to worry about. Not seen the second error before though?
Have you tried pinging the DNS servers? and pinging the workstation from the DCs? Could be DNS related errors, usually duplicate DNS entries in the system, or an old DNS entry taking up the IP of the current imaged workstation.
Yeah the first error i'm not too worried about as it seems to be appling the user GPO, staff & kids can get to their files/shares atc. I first noticed the problem because printers wern't deploying. if you do add printer you can see them on the server and add them no problem but they won't go in automatically like they do on the rest of the machines. I was told there was a DNS error in town but i can't see how that should affect only half the machines not all of them. I can ping the DNS server from the machine as it's our local DC and i can ping the machine from the server with both i can ping using IP address AND the computer/server name
Originally Posted by Jamo
Was the original image previously added to the domain (before you took an image of it)?
I've seen this same problem where I did it by accident, had to start over with a fresh install.
I don't think so because i have a large bit of paper above my desk saying "DO NOT ADD MACHINES TO DOMAIN IN IMAGE" but it was the 6th batch of machines, i was tired, so i could well have done.
Originally Posted by Dom_
Below is the error within the gpresult.html
Component Name Status Last Process Time
Group Policy Infrastructure Failed 06/11/2012 13:29:01
Group Policy Infrastructure failed due to the error listed below.
Access is denied.
Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.
Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 06/11/2012 13:28:57 and 06/11/2012 13:29:01.
Are you domain controllers replicating correctly?
I have always used MDT its quite a bit easier once its set up!