Windows Thread, Strange problem with policies in Technical; Dont know if anyones going to be able to help but here goes;
I came back from the holidays to ...
22nd April 2008, 10:52 AM #1
Strange problem with policies
Dont know if anyones going to be able to help but here goes;
I came back from the holidays to a few problems, one involving a script which hasnt changed in 3years but decided to ask for a key stroke to continue
Anyway ive sorted that, now im looking at why the users are picking up quite random internet explorer settings. In default domain policy is defined the proxy, homepage, and proxy bypass addresses.
The kids have an OU, and the staff a separate one with separate policies relating to them. No where in these policies, or any other, have we defined any IE settings yet we are having major problems.
The kids get the correct proxy address and homepage, but the bypass addresses are wrong or not being picked up at all (i cant tell as the config pages are blocked for kids)
The staff get the correct homepage, but no proxy details.
Ive also seen the homepage come up as a webserver we decommissioned years ago. We've seen this problem occasionally but not for a good while now and never on this scale (only the odd teacher here and there)
Last edited by j17sparky; 22nd April 2008 at 10:56 AM.
IDG Tech News
22nd April 2008, 11:00 AM #2
I had a similar problem in that I asked for the other tech to enable right click for students (I'm still learning about GPO's) and the nest time he came in I thanked him for doing it. Except he said that he didn't change the policy at all. Still haven't figured that one out, and yes He and I are the only ones with the password as it was only changed two weeks ago and no-one else knows it.
22nd April 2008, 11:27 AM #3
Have a look at the policies that are being applied to each machine with the RSoP snapin in MMC on one of the effected client pcs, this will tell you if it is being caused by a group policy and if so which one.
22nd April 2008, 12:08 PM #4
Done RSoP and im no further forward, all it has done has confirmed what i already knew with no indication of whats going wrong.
Kids RSoP - Correct homepage, proxy and bypass address's yet it still wont bypass the proxy for our intranet site, even though the addresses are the same as what i use to bypass.
Staff RSoP - There seems to be no policies getting through at all, no homepages, proxy or bypass. No results under the presidence tab even though there was the "default domain" and "kids" polices displayed for the kids RSoP
I believe this goes far further than a simple case of polices. Its as though theres some old polices lurking around somewhere, especially for the homepage to come back as a really old webserver which went out of use years ago.
22nd April 2008, 12:16 PM #5
Have you tried doing a remote gpresult on one of the systems to see which policies are being pulled down and/or filtered out?
..also use GPMC, if you're not already - Gives you a better view of the layout of the GPOs
22nd April 2008, 12:22 PM #6
Yep, gpresult shows the expected results. I already use GPMC.
Originally Posted by Diello
Just tested a staff account and even though RSoP shows no proxy settings i am able to access the net via the proxy, and all the bypass addresses are working as expected.
Its really weird this. I know my way round AD/GPMC/etc etc and there is nothing obvious which could be doing this. No group policies, no scripts, nothing. The only thing im thinking now is maybe its the NTUSER file...
Last edited by j17sparky; 22nd April 2008 at 12:26 PM.
22nd April 2008, 12:24 PM #7
- Rep Power
22nd April 2008, 12:27 PM #8
BRB got to take a camera to someone because photos are ever so more important than people being able to work
22nd April 2008, 12:45 PM #9
Really strange problem I have to agree. I would try creating a test user and create a new profile. I've seen it happen before where I specify GPOs and they're ignored because of the user profile (such as displaying the wrong home page).
22nd April 2008, 01:08 PM #10
I would suggest pretty much what Michael has, my only difference would be that I would just rename the current profile folder to profile.old on the server and let it generate a new one on logon. This should then show you if it is to do with stuff in their profile or the policies. You can just remove the .old to restore it also.
22nd April 2008, 02:25 PM #11
22nd April 2008, 02:30 PM #12
That's even more strange. IE6 and IE7 GPOs do work together. Is there a reason you can't deploy IE7 everywhere (unless you're still running Windows 2000).
Could it be, if a user logs onto a machine with IE7 and then a machine with IE6 the problems happen?
22nd April 2008, 03:57 PM #13
I would check and confirm that your reverse dns is configured and working correctly, by pinging an affected workstation from a policy holding server first by name and then by ip -a
You must be able to ping both forwards and reverse for some GP's to work correctly especially computer based ones.
If you have had them shutdown whilst you have been away they may now all have different IP addresses.
The server will need to identify each machine through a reverse lookup to ensure that the appropriate polices are applied.
If the reverse lookup table exists in DNS it will use it, if the entries are all stale the policies will fail because the server cannot confirm the machine/ip name!
The reason you are getting old stuff appearing is because the policy fails to apply and the only settings available are the default user settings which are inherited probably from your origional image!
The tweak of your login script is a bit worrying though!
Last Post: 14th July 2011, 05:55 PM
By Michael in forum Windows
Last Post: 25th February 2008, 03:05 PM
By richard in forum Windows
Last Post: 15th June 2007, 07:58 AM
By Maxell in forum Windows
Last Post: 5th February 2007, 05:01 PM
By richard in forum Windows
Last Post: 21st February 2006, 01:47 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)