Try deploying settings via GPP as well as GPO, like the example here.
I'm having some problems working out exactly whats going wrong with group policy application in one of our ICT rooms and i hope someone can help!
We have a new filtering system that is set to apply different filters depending on which port you route traffic through. Student users have a user group policy set to route traffic through a particular port, thereby getting the correct level of filtering. This works fine all over site apart from one room where the old settings continue to apply irrespective of what I do. The old settings in question point directly to our cachepilot proxy server, by-passing the new filter, and referring internet traffic out to our broadband conection - since taking on our new filter our connection is no longer filtered at LA level, so this means that students are getting unfiltered access to the internet!
I've run an RSOP test on a real student on a real computer in that room and the result gives what i'd expect to see - the proxy address set to our filter. This behaviour is not what happens for real, however. I've been through the policies and can't see any discrepancies; the settings are identical for all intents and purposes to a student logging on in one of our other rooms and getting the right proxy.
I made sure that the Internet settings in group policy were tidied up when i first rolled out the proxy changes; so browser customisations on all policies apart from the one containing the proxy setting were reset. I've tried this again, with no effect. I've cleared all profiles from the PCs in question, so no old settings can be effecting behaviour; i've also edited the student mandatory profile to include the correct proxy address. Nothing yet has worked.
I get the impression that something is blocking the computers from receiving the relevant user policy but can see no errors or behaviour that would explain whats going on or indeed give me any hints as to how to fix.
Any ideas, please?
Thanks for the hint - i've added the extra settings but to no avail. A student logging in on the computers in question still sees the old settings. Feels like the computer just isn't applying the policy at all!
We've a mix of 2003 and 2008R2 servers - the main DC is 2003. I've made the GPP changes on a 2008R2 DC and i'm assuming this will still work?
Yes it should still work correctly.
Hmm.. Getting an error on the 2k8 server when running the RSOP on this with the registry settings enabled - have applied a hotfix, but needs a restart over night to activate it. Think i'll revisit this tomorrow!
I suppose another thing to check is whether or not there's a conflicting policy within your policy structure.
Going mad with this. Pushing registry settings out with a GPP appears not to work; checking it with an RSOP gives a 'group policy registry' failure. Can't see any conflicts. I can delete the particular registry key that holds the proxy setting and run a gpupdate and it then works, but not much help...
Are you sure there isnt a rogue policy somewhere which just sets the proxy on this one room?
Or, conversely, can you create a new policy setting the correct proxy just for this one room?
I had to do the latter the other day - one set of computers would NOT pick up the new home page settings. I couldnt see ANYTHING in any policy stopping it but in the end creating a new policy was the only thing that worked. I still dont know what was going on
TBH I found the most effective way was to push out the registry settings using GPP.
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\ProxyEnable - REG_DWORD - 0x0 (Disabled) / 0x1 (Enabled)
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\ProxyServer - REG_SZ - proxy server address
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\ProxyOverride - REG_SZ - <local>
Hmm... Think i have this resolved - or rather i've got a work around, but no closer to finding out why it was happening. I could not get the GPP thing to work - it throws up an error on our 2k3 domain controller when you run the GP modelling tool against it, and never works on the client machine. Wierd. In the end i saw that the correct policy would be applied if i ran gpupdate whilst the user was logged in (students don't have the rights to do this, so was done remotely using Impero). Soooooo i added the gpupdate command to the end of the login script and it works now.
Thanks for the help!
There are currently 1 users browsing this thread. (0 members and 1 guests)