+ Post New Thread
Results 1 to 13 of 13
Windows Thread, Strange problem with policies in Technical; Dont know if anyones going to be able to help but here goes; I came back from the holidays to ...
  1. #1


    Join Date
    Oct 2006
    Posts
    3,414
    Thank Post
    184
    Thanked 356 Times in 285 Posts
    Rep Power
    149

    Strange problem with policies

    Dont know if anyones going to be able to help but here goes;

    I came back from the holidays to a few problems, one involving a script which hasnt changed in 3years but decided to ask for a key stroke to continue

    Anyway ive sorted that, now im looking at why the users are picking up quite random internet explorer settings. In default domain policy is defined the proxy, homepage, and proxy bypass addresses.

    The kids have an OU, and the staff a separate one with separate policies relating to them. No where in these policies, or any other, have we defined any IE settings yet we are having major problems.

    The kids get the correct proxy address and homepage, but the bypass addresses are wrong or not being picked up at all (i cant tell as the config pages are blocked for kids)

    The staff get the correct homepage, but no proxy details.

    Ive also seen the homepage come up as a webserver we decommissioned years ago. We've seen this problem occasionally but not for a good while now and never on this scale (only the odd teacher here and there)




    Any ideas?
    Last edited by j17sparky; 22nd April 2008 at 10:56 AM.

  2. #2
    actech's Avatar
    Join Date
    Mar 2008
    Location
    Australia
    Posts
    198
    Thank Post
    50
    Thanked 20 Times in 17 Posts
    Rep Power
    17
    I had a similar problem in that I asked for the other tech to enable right click for students (I'm still learning about GPO's) and the nest time he came in I thanked him for doing it. Except he said that he didn't change the policy at all. Still haven't figured that one out, and yes He and I are the only ones with the password as it was only changed two weeks ago and no-one else knows it.

  3. #3

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    Have a look at the policies that are being applied to each machine with the RSoP snapin in MMC on one of the effected client pcs, this will tell you if it is being caused by a group policy and if so which one.

  4. #4


    Join Date
    Oct 2006
    Posts
    3,414
    Thank Post
    184
    Thanked 356 Times in 285 Posts
    Rep Power
    149
    Done RSoP and im no further forward, all it has done has confirmed what i already knew with no indication of whats going wrong.

    Kids RSoP - Correct homepage, proxy and bypass address's yet it still wont bypass the proxy for our intranet site, even though the addresses are the same as what i use to bypass.

    Staff RSoP - There seems to be no policies getting through at all, no homepages, proxy or bypass. No results under the presidence tab even though there was the "default domain" and "kids" polices displayed for the kids RSoP


    I believe this goes far further than a simple case of polices. Its as though theres some old polices lurking around somewhere, especially for the homepage to come back as a really old webserver which went out of use years ago.

  5. #5
    Diello's Avatar
    Join Date
    Jun 2005
    Location
    Kent, England
    Posts
    1,067
    Thank Post
    118
    Thanked 228 Times in 128 Posts
    Rep Power
    75
    Have you tried doing a remote gpresult on one of the systems to see which policies are being pulled down and/or filtered out?

    ..also use GPMC, if you're not already - Gives you a better view of the layout of the GPOs

  6. #6


    Join Date
    Oct 2006
    Posts
    3,414
    Thank Post
    184
    Thanked 356 Times in 285 Posts
    Rep Power
    149
    Quote Originally Posted by Diello View Post
    Have you tried doing a remote gpresult on one of the systems to see which policies are being pulled down and/or filtered out?

    ..also use GPMC, if you're not already - Gives you a better view of the layout of the GPOs
    Yep, gpresult shows the expected results. I already use GPMC.

    Just tested a staff account and even though RSoP shows no proxy settings i am able to access the net via the proxy, and all the bypass addresses are working as expected.


    Its really weird this. I know my way round AD/GPMC/etc etc and there is nothing obvious which could be doing this. No group policies, no scripts, nothing. The only thing im thinking now is maybe its the NTUSER file...
    Last edited by j17sparky; 22nd April 2008 at 12:26 PM.

  7. #7

    Join Date
    Mar 2007
    Posts
    307
    Thank Post
    3
    Thanked 9 Times in 8 Posts
    Rep Power
    17
    Any updates with IE?

  8. #8


    Join Date
    Oct 2006
    Posts
    3,414
    Thank Post
    184
    Thanked 356 Times in 285 Posts
    Rep Power
    149
    BRB got to take a camera to someone because photos are ever so more important than people being able to work

  9. #9

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,345
    Thank Post
    242
    Thanked 1,602 Times in 1,278 Posts
    Rep Power
    346
    Really strange problem I have to agree. I would try creating a test user and create a new profile. I've seen it happen before where I specify GPOs and they're ignored because of the user profile (such as displaying the wrong home page).

  10. #10

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    I would suggest pretty much what Michael has, my only difference would be that I would just rename the current profile folder to profile.old on the server and let it generate a new one on logon. This should then show you if it is to do with stuff in their profile or the policies. You can just remove the .old to restore it also.

  11. #11


    Join Date
    Oct 2006
    Posts
    3,414
    Thank Post
    184
    Thanked 356 Times in 285 Posts
    Rep Power
    149
    Quote Originally Posted by SYNACK View Post
    I would suggest pretty much what Michael has, my only difference would be that I would just rename the current profile folder to profile.old on the server and let it generate a new one on logon. This should then show you if it is to do with stuff in their profile or the policies. You can just remove the .old to restore it also.
    Nope, didnt help



    Ive found that its only IE6 which has the problem. I just installed IE7 on a known affected PC and away it went. Picked up all the settings correctly

    Anyone know why?

  12. #12

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,345
    Thank Post
    242
    Thanked 1,602 Times in 1,278 Posts
    Rep Power
    346
    That's even more strange. IE6 and IE7 GPOs do work together. Is there a reason you can't deploy IE7 everywhere (unless you're still running Windows 2000).

    Could it be, if a user logs onto a machine with IE7 and then a machine with IE6 the problems happen?

  13. #13

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,682
    Thank Post
    49
    Thanked 484 Times in 351 Posts
    Rep Power
    144
    I would check and confirm that your reverse dns is configured and working correctly, by pinging an affected workstation from a policy holding server first by name and then by ip -a
    You must be able to ping both forwards and reverse for some GP's to work correctly especially computer based ones.


    If you have had them shutdown whilst you have been away they may now all have different IP addresses.

    The server will need to identify each machine through a reverse lookup to ensure that the appropriate polices are applied.

    If the reverse lookup table exists in DNS it will use it, if the entries are all stale the policies will fail because the server cannot confirm the machine/ip name!

    The reason you are getting old stuff appearing is because the policy fails to apply and the only settings available are the default user settings which are inherited probably from your origional image!

    The tweak of your login script is a bit worrying though!



SHARE:
+ Post New Thread

Similar Threads

  1. Strange Excel Problem
    By Jon in forum Windows
    Replies: 14
    Last Post: 14th July 2011, 05:55 PM
  2. Strange AD Problem
    By Michael in forum Windows
    Replies: 3
    Last Post: 25th February 2008, 03:05 PM
  3. Strange Email Problem
    By richard in forum Windows
    Replies: 4
    Last Post: 15th June 2007, 07:58 AM
  4. Very strange problem...
    By Maxell in forum Windows
    Replies: 7
    Last Post: 5th February 2007, 05:01 PM
  5. Strange Word problem
    By richard in forum Windows
    Replies: 0
    Last Post: 21st February 2006, 01:47 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •