I'm falling my hairs with this domain gpo problem

From: Gerson Brunhara Guimaraes (gersongui@uol.com.br)
Date: 09/22/02


From: "Gerson Brunhara Guimaraes" <gersongui@uol.com.br>
To: <focus-ms@securityfocus.com>
Date: Sat, 21 Sep 2002 20:20:54 -0300

Hi all,
I'm having problem with a domain policy. It doesn't arriving at w2k
workstations.

configuration: 2 DCīs W2K Server for Domain1 and 2 DC's W2K Server for
Domain2, both with sp3.
I deployed a domain policy (account policies for computer and adm templates
for user). I have tested domain1 policy in several ways and all seemed well.
After one week, I did the same for the 2nd domain, but it was unsucessfull.
I didnīt undertand. I checked domain1 and it unhealth too. The gpresult log
indicated that the domain gpo had been applied, but it wasn't true. I
changed domain gpo, but nothing happened. All alternatives failed.
Then I decided to restart the servers. After this, I saw gpresult log and
only local security policy was explicitly applied. After restart the
servers, only local security policy was showed in the gpresult log (for both
domains). Account policy, age, complexity password are on and ok. Computer
domain policy is going well even nothing more than local policy is showed
into gpresult log.

What I tried?

1. Replmon: ok for all DCīs
2. Gpotool: ok for all policies.
3. Several unsucessfull combinations, disabling the current domain policy
and creating new ones.
4. Two new different user accounts on four different network computers for
each domain.
5. I changed computers name. I removed them from domain and added them
again. Failed too.
6. All event logs are cleaning. No problems related...

When domain1 gpo has been deployed I remember W2K Prof were SP1. Domain2 gpo
was deployed after w2k computers have been elevated to sp3. I donīt know
whether itīs a problem or not.

Any help will be apreciated.

Thanks

Gerson



Relevant Pages

  • Re: AD issues
    ... Did you join the computers to the domain? ... Default Domain Policy ... Roaming - I created ... Junior - I created ...
    (microsoft.public.windows.server.active_directory)
  • Re: Domain Policy heritance mismatch
    ... I've defined in my OU some groups to sort my computers. ... have a domain policy. ... XP Firewall and WSUS settings. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Adding a computer to a security group
    ... >> I'm still trying to get the Loopback working. ... >> The default domain policy is being applied at th PrimaryOU. ... >> At the LocationOU there is a NoGPO Policy which is the loopback. ... >> security group is I have several computers across multiple departments ...
    (microsoft.public.win2000.active_directory)
  • Re: Password Reminder - where to change?
    ... Default Domain policy. ... Go into Active Directory Users and computers, ... domain name and go to properties and then the GPO tab. ... Computer configuration, Windows Settings, Security Settings, Account ...
    (microsoft.public.windows.server.sbs)
  • Re: Problem running a script
    ... ' UserAccountControl .vbs ... ' Here is where we set the value to enable the account ... ' The heart of this script - Enable users ... how do I determine which part of domain policy is stopping this from running so that I can disable it. ...
    (microsoft.public.windows.server.active_directory)