RE: Group policy help needed!!!

From: Hitesh Wadhwani (hwadhwani_at_sapient.com)
Date: 12/15/04

  • Next message: Wim_Remes_at_msp.be: "RE: Group policy help needed!!!" 
    Date: Wed, 15 Dec 2004 09:22:40 +0530
To: "Ken Hoover" <ken.hoover@yale.edu>, "Peter Rodger" <prodger2008@yahoo.com>

    We had the same problem and Ken's suggestion is right on the money - you
    must be able to ping the domain controller to get the GPO settings.

    To verify connectivity with the domain controller use DCDIAG -
    http://www.microsoft.com/resources/documentation/Windows/2000/server/res
    kit/en-us/Default.asp?url=/resources/documentation/Windows/2000/server/r
    eskit/en-us/distrib/dsbi_add_oywa.asp

    - Hitesh

    -----Original Message-----
    From: Ken Hoover [mailto:ken.hoover@yale.edu]
    Sent: Wednesday, December 15, 2004 2:09 AM
    To: Peter Rodger
    Cc: focus-ms@securityfocus.com
    Subject: Re: Group policy help needed!!!

       Make sure that the clients can successfully ping a domain controller
    because the clients will do this as a test to verify connectivity before

    attempting to update group policy. If the ping fails for any reason
    (even though other traffic flows freely) then group policy will not be
    updated on the client.

       We discovered this after we tried blocking ICMP ping last year.

                                                    - Ken Hoover

    Peter Rodger wrote:
    > Hi, all
    >
    > I pushed out audit policy and event log policy through
    > group policy to all our servers (70). All server in
    > the Servers OU.
    > None of them got policy. I ran secedit many times.
    >
    > Can anyone point me why and the right direction?
    >
    > We are in windows 2K and XP environment.
    >
    > Thanks,
    >
    > Peter
    >
    > 

    -- 
Kenneth J. Hoover
Systems Programmer
Yale University ITS AM&T x2-1260
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------
  • Next message: Wim_Remes_at_msp.be: "RE: Group policy help needed!!!"

    Relevant Pages

    • Re: Prevent Domain Users from logging on to specific PCs w/ Group Policies
      ... This user right is defined in the Default Domain Controller Group Policy object and in the local security policy of workstations and servers. ...
      (microsoft.public.windows.server.security)
    • Problems with PDC Emulator FSMO role
      ... One of the servers had all the fsmo roles. ... "the domain controller for group policy operations is not available. ... El diri diri kalafala ...
      (microsoft.public.windows.server.general)
    • Re: Group Policy issue and Solution?
      ... domain controllers was not properly registered in dns or dns was not working ... Normally you want the first domain controller ... and then itself in it's list of preferred dns servers. ... I don't know of a way to prevent a user to logon if Group Policy is not ...
      (microsoft.public.windows.group_policy)
    • Re: Directory Service Referral interface failed errors and Group policy errors
      ... ping tcl.local. ... > If I'm not mistaken Netlogon uses DFS to point clients to GPOs. ... >> when the server came backup nobody could send emails, ... >> Group policy you get a Group Policy Error Saying " You do not have ...
      (microsoft.public.windows.server.sbs)
    • Re: gpt.ini file
      ... If Domain Controller ... Half my servers were pointing to 0B26CFE5-40AF-49A1- ... B382-0Z5CA836A2E2} in the sysvol folder. ... correct group policy file but I couldn't figure out where that was. ...
      (microsoft.public.windows.server.active_directory)