Group Policy not applying .. well .. actually .. [read on]
Right, ok so an interesting one that I've been trying to trouble shoot.
We changed school status / class names / staff / pupils over the summer so I took the opportunity to streamline the GPOs on my network as such. I had a lot of legacy things in place still from when I took over the network (and it's 15 min / user setup time! I know .. madness!).
Anyway, random things are happening. There are a couple of scenarios through the school:
- New Member of Staff + Freshly Imaged Machine = everything deploys as it should do
- New Member of Staff + Used machine but same image = things mainly deploy as they should do, but every so often they get a random drive crop up
- Old Member of Staff + Freshly Imaged or Used Image Machine = sometimes they get the new settings, sometimes they get the old settings
- The same set of things can be applied for the new students too
So, I've tried forcing a GPUpdate on the various machines, to no avail, hence the trying a freshly imaged machine with an old user account, but I can't for the life of me figure out what's going on.
There used to be a number of Logon / Startup Scripts used, but I've stripped these right back, in fact, pretty much the only script to run now is check the AV is installed (using a script provided by county technicians) and also check that the registration file is in place for TextEase as it doesn't always deploy correctly. There is then a couple of scripts that run to set Espresso Icons, Internet Icons (following the EU ruling for MS to remove all shortcuts for IE!) and a shortcut to our helpdesk.
At logoff, the only thing to be run now is a force delete of all mapped drives hoping that by doing so that it would force the system to pick up the new settings.
The only other thing to run at logon is the PC-Client for PaperCut.
Now, to check things further I logged onto the servers with my own credentials (which I do normally anyway to avoid using the admin account unless I really need to as I've locked myself down slightly too). This is where it gets a bit more interesting and leads me to a couple of conclusions:
If I log onto server-001 I get everything as I should get, new drive maps (despite the fact I've logged on previously with old drive maps), shortcuts, printers, etc. This is the server I edited the GPO settings on.
If I log onto server-002 then I get all the old stuff in terms of drives, and I only get 1 of the shortcuts (Espresso) that was there previously. Printers deploy, but on the old settings.
Now, this makes me think that somewhere along the lines, my SYSVOL has gone a bit funny, but I'm a bit at a loss on how to reset it sensibly. I've found a couple of howtos on MS technet, but wanted to see if there was something else that could be done or an easier solution instead of going through the whole SYSVOL reset procedure on a live network.
Many thanks in advance