Re: Group Policy Loopback Mode not working.
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 01/10/05
- Next message: Miha Pihler [MVP]: "Re: xp home connectivity"
- Previous message: Steve Clark [MSFT]: "Re: MS Fingerprint Scanner"
- In reply to: Chad T: "Re: Group Policy Loopback Mode not working."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 10 Jan 2005 12:28:08 -0600
I misread your post in that the loopback user configuration is applying to
one user but not another. I thing RSOP will work in "planning" mode and if
it does it would be interesting what the result are for the two users. Are
the two users in the same OU? Did you run netdiag on the problem server and
if so did it pass all the tests? Since you are experiencing weird problems I
would run first netdiag and then dcdiag and gpotool on your domain
controllers. I am thinking that maybe the users were authenticated to
different domain controllers and the GPO's have not replicated for some
reason. --- Steve
"Chad T" <ChadT@discussions.microsoft.com> wrote in message
news:51518464-05C2-4D70-8A58-FED3C3DB1180@microsoft.com...
> Thanks steve, but I have done all of that. One thing that I find every
> bizare is that when I log into the machine that I have the policy problem
> with and run gpresult it is showing policies that have been deleted from
> the
> domain controllers. This is happening even after a reboot of the machine
> I
> am logging into (the one the problem policy is suppose to be applying to)
>
> GPM Console is great as I have used it, but the RSOP tool will not work
> when
> the DC is a 2003 box and the machine in qustion is a 2000 box.
>
> Still stuck.
>
>
> "Steven L Umbach" wrote:
>
>> It can take up to two hours for policy to propagate to a computer/user.
>> When
>> you change a policy refresh it with secedit for Windows 2000 [ secedit
>> /refreshpolicy machine_policy /enforce] or gpupdate [ gpupdate
>> /target:computer /force ] for Windows 2003. Do that first on the domain
>> controller and then the target computer for computer configuration. Even
>> then sometimes a reboot works better. When you use gpresult, check that
>> the
>> computer shows to be in the proper container/OU for what you expect. I
>> would
>> also suggest downloading Group Policy Management Console on to the
>> Windows
>> 2003 DC or an XP domain member. It is extremely useful in tracking down
>> Group Policy issues as is Resultant Set of Policy. If problems persist
>> check
>> the dns configuration in your domain and run the netdiag support tool on
>> the
>> problem computer and look in Event Viewer for clues. The computer must
>> have
>> read and apply permissions to the GPO. This normally is done being a
>> member
>> of authenticated users group by default , so if you changed any
>> permissions
>> verify that a group the computer is in has permissions. --- Steve
>>
>> http://www.microsoft.com/windowsserver2003/gpmc/default.mspx -- GPMC.
>>
>> "Chad T" <ChadT@discussions.microsoft.com> wrote in message
>> news:0F0FA65A-E1B7-4BC5-8AFB-166DDE7707F6@microsoft.com...
>> > When I log into a machine with Group Policy Loop back mode it does not
>> > apply
>> > the policy. I have the policy applied to an OU with the machine I am
>> > logging
>> > to in that OU with nothing else in the OU. Loop back mode is set to
>> > "replace". I have one 2000 and one 2003 domain controler. The machine
>> > that
>> > this loopback mode policy is being applied to is a 2000 server.
>> >
>> > The strange thing here is that if I create a new user, with identical
>> > group
>> > memberships as the one that does not get the loopback policy applied
>> > too
>> > when
>> > loggin on, and log on with him it works fine and loopback processing
>> > works.
>> > The only way I can get this to work for the old user is to physically
>> > move
>> > that user into the same OU that the machine is in and the one that the
>> > polciy
>> > is being applied to which kind of defeats the idea behing loopback
>> > processing.
>> >
>> > Can anybody shed some light on this? Thanks!
>>
>>
>>
- Next message: Miha Pihler [MVP]: "Re: xp home connectivity"
- Previous message: Steve Clark [MSFT]: "Re: MS Fingerprint Scanner"
- In reply to: Chad T: "Re: Group Policy Loopback Mode not working."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
