Group Policy Problems
Hi all, This is my first post but it's confusing the hell out of me, so here goes.
We have just installed a new server as the old one is, well, old, and have set up the new server as primary domain, dhcp and dns server.
Our clients are either windows 2000 or XP. Everything is ok with the XP machine, they are now looking to the new server for group policy. The problem is with the 2000 machines, they are just not picking up the group policy so apart from students having full access to machines the main issue is the desktops which are now stored under \\newserver\desktop$ for some reason some of the 2000 machines are still pointing to \\oldserver\desktop$.
Now here's the strange thing, sometimes is will point to the new location and sometimes it points to the old location, it seems to be very intermittent.
I have checked the DNS all seems fine, active directory replication all seems fine.
I have flushed DNS and the machines, deleted the local profiles.
Sometimes simply restarting the computer works, but then later on in the day when a student / teacher logs on it loses all the permissions again.
Sorry for the long and probebly senseless post but any help would be trully aprretiated,
P.S. if anyone needs more information, just ask, thanks. Also the servers are Server 2003.
Have you taken the old server IP address out of the equation or is it still there? You could check the Options in DHCP is one of them pointing to the old server address. I mention this as I had the same issue not long ago when I installed a new server.
Have you delprof'd all the systems so they arent using old profiles on the computers?
Unfortuantely I can not yet take the old server out of action as it is currently acting as a fileserver until we can find a suitable time to copy everything across and set up new shares etc. The eventual plan is to remove the server alltogether, but untill then the server, unfortunatly has to stay. I'll have a look in dchp, but I believe everything is pointing to the new sever.
Originally Posted by leco
Yes all local profiles have been deleted. This was done via VBS script.
Originally Posted by siuko
You might want to check the settings on the new server under your domain controllers policy and default domain policy for the digitally encrypt and digitally sign settings under
windows settings, security settings, security options to make sure they are the same as the old server as these can sometimes get changed when loading service packs and can then cause problems with older os's
Have you got multiple domain controllers. If you have check the replication. Also check the same thing if you have more than one dns server. Dont forget to flush the dns on on all your dns servers as well as the clients with a problem.
You might also think of running group policy update on the windows 2000 machines by
* To refresh the group policy for the local computer, enter: secedit /refreshpolicy machine_policy
* To refresh the group policy for the user currently logged in, enter: secedit /refreshpolicy user_policy
By the book group policy is mean to refresh every 90 mins but from experience and noting that some machines are not always turned on it can take days for all machines to get it.