RE: I'm falling my hairs with this domain gpo problem

From: Dallas Hindle (dallash@optushome.com.au)
Date: 09/23/02


From: "Dallas Hindle" <dallash@optushome.com.au>
To: "'Gerson Brunhara Guimaraes'" <gersongui@uol.com.br>, <focus-ms@securityfocus.com>
Date: Tue, 24 Sep 2002 07:58:05 +1000

I've had a problem with almost the exact same symptoms as this after, We
eventually were told by Microsoft that the problem was a corruption in
the AD and a rebuild was necessary, Although we got around the problem
by going to a single DC, this meant that the GPO's got applied from the
DC1 and there was no replication with the second DC which allowed the
policies to roll out again.

I'd try going to a single DC by taking the second one down and see what
happens, but be advised that we can no longer ADD DC's to the domain

Dallas Hindle

-----Original Message-----
From: Gerson Brunhara Guimaraes [mailto:gersongui@uol.com.br]
Sent: Sunday, 22 September 2002 9:21 AM
To: focus-ms@securityfocus.com
Subject: I'm falling my hairs with this domain gpo problem

Hi all,
I'm having problem with a domain policy. It doesn't arriving at w2k
workstations.

configuration: 2 DCīs W2K Server for Domain1 and 2 DC's W2K Server for
Domain2, both with sp3.
I deployed a domain policy (account policies for computer and adm
templates
for user). I have tested domain1 policy in several ways and all seemed
well.
After one week, I did the same for the 2nd domain, but it was
unsucessfull.
I didnīt undertand. I checked domain1 and it unhealth too. The gpresult
log
indicated that the domain gpo had been applied, but it wasn't true. I
changed domain gpo, but nothing happened. All alternatives failed.
Then I decided to restart the servers. After this, I saw gpresult log
and
only local security policy was explicitly applied. After restart the
servers, only local security policy was showed in the gpresult log (for
both
domains). Account policy, age, complexity password are on and ok.
Computer
domain policy is going well even nothing more than local policy is
showed
into gpresult log.

What I tried?

1. Replmon: ok for all DCīs
2. Gpotool: ok for all policies.
3. Several unsucessfull combinations, disabling the current domain
policy
and creating new ones.
4. Two new different user accounts on four different network computers
for
each domain.
5. I changed computers name. I removed them from domain and added them
again. Failed too.
6. All event logs are cleaning. No problems related...

When domain1 gpo has been deployed I remember W2K Prof were SP1. Domain2
gpo
was deployed after w2k computers have been elevated to sp3. I donīt know
whether itīs a problem or not.

Any help will be apreciated.

Thanks

Gerson



Relevant Pages

  • RE: Im falling my hairs with this domain gpo problem
    ... Where is the GPO linked? ... Do Authenticated users and Domain Computers have permissions to "Apply ... I'm having problem with a domain policy. ... only local security policy was showed in the gpresult log (for ...
    (Focus-Microsoft)
  • FW: Im falling my hairs with this domain gpo problem
    ... Where is the GPO linked? ... Do Authenticated users and Domain Computers have permissions to "Apply ... I'm having problem with a domain policy. ... only local security policy was showed in the gpresult log (for ...
    (Focus-Microsoft)
  • Re: Local Computers on Domains Can not Shut Down
    ... > I created a new OU called Local Computers. ... I created a new policy and clicked Options to check No Override. ... >>> even if I set the Server OU to not shutdown, won't the Domain GPO ...
    (microsoft.public.win2000.security)
  • Re: Local Computers on Domains Can not Shut Down
    ... I created a new OU called Local Computers. ... I moved the desktop computers ... I created a new policy and clicked Options to check No Override. ... >> even if I set the Server OU to not shutdown, won't the Domain GPO ...
    (microsoft.public.win2000.security)
  • Re: Reinstall everytime assigned applications through GPO on start
    ... Software installation extension has been called for background policy refresh ... Stations - R&D Software (EMEA computers). ... Stations - R&D Software (EMEA computers) is set for installation because it ... The assignment of application Remote Administrator v2.1 from policy Software ...
    (microsoft.public.windows.group_policy)