FW: I'm falling my hairs with this domain gpo problem

From: Alberto Mujica (amujica@trymyweb.com)
Date: 09/23/02 

From: "Alberto Mujica" <amujica@trymyweb.com>
To: <focus-ms@securityfocus.com>
Date: Mon, 23 Sep 2002 12:44:42 -0400

Where is the GPO linked?
Is it at the domain or a specific OU?
Do Authenticated users and Domain Computers have permissions to "Apply
GPO" in the GPO?

More info would be helpful helping you....

Hope this helps.

Alberto Mujica

-----Original Message-----
From: Gerson Brunhara Guimaraes [mailto:gersongui@uol.com.br]
Sent: Saturday, September 21, 2002 7:21 PM
To: focus-ms@securityfocus.com
Subject: I'm falling my hairs with this domain gpo problem

Hi all,
I'm having problem with a domain policy. It doesn't arriving at w2k
workstations.

configuration: 2 DCīs W2K Server for Domain1 and 2 DC's W2K Server for
Domain2, both with sp3.
I deployed a domain policy (account policies for computer and adm
templates
for user). I have tested domain1 policy in several ways and all seemed
well.
After one week, I did the same for the 2nd domain, but it was
unsucessfull.
I didnīt undertand. I checked domain1 and it unhealth too. The gpresult
log
indicated that the domain gpo had been applied, but it wasn't true. I
changed domain gpo, but nothing happened. All alternatives failed.
Then I decided to restart the servers. After this, I saw gpresult log
and
only local security policy was explicitly applied. After restart the
servers, only local security policy was showed in the gpresult log (for
both
domains). Account policy, age, complexity password are on and ok.
Computer
domain policy is going well even nothing more than local policy is
showed
into gpresult log.

What I tried?

1. Replmon: ok for all DCīs
2. Gpotool: ok for all policies.
3. Several unsucessfull combinations, disabling the current domain
policy
and creating new ones.
4. Two new different user accounts on four different network computers
for
each domain.
5. I changed computers name. I removed them from domain and added them
again. Failed too.
6. All event logs are cleaning. No problems related...

When domain1 gpo has been deployed I remember W2K Prof were SP1. Domain2
gpo
was deployed after w2k computers have been elevated to sp3. I donīt know
whether itīs a problem or not.

Any help will be apreciated.

Thanks

Gerson

Relevant Pages

  • Re: GPO Problems
    ... The computer configuration part belongs to computers and the user configuration part to the user, so depending on the settings you must have the accounts located there. ... If rsop.msc or gpresult /v logged on with a user account doesn't give any output there can be additional problems with GPO applying belomging to DNS confgiruration or slow links between sites. ... Only the password policy an account lockout policy have to bet set on ...
    (microsoft.public.windows.server.active_directory)
  • Re: Applying user object policy (filtering based on computer location)
    ... should have the GPO applied via loopback when logging into ... the computers in NY Desktops OU, ... I have a OU called "NY DESKTOPS" - I created a new policy and enabled Loopback processing mode. ...
    (microsoft.public.win2000.group_policy)
  • RE: Im falling my hairs with this domain gpo problem
    ... Where is the GPO linked? ... Do Authenticated users and Domain Computers have permissions to "Apply ... I'm having problem with a domain policy. ... only local security policy was showed in the gpresult log (for ...
    (Focus-Microsoft)
  • Re: cant override screen saver policy
    ... > Settings in the User Configuration part of a GPO always apply to User ... > users log on to specific computers, then enable Loopback processing in a GPO ... >> don't get this policy setting. ...
    (microsoft.public.win2000.group_policy)
  • Re: SBS2K Offline File Question
    ... When I rename one group policy, ... > caching for client computers using GPO. ... > all the policy in this folder is related to the offline files. ...
    (microsoft.public.windows.server.sbs)