Re: group policy does not effect

From: Buz [MSFT] (buzb_at_online.microsoft.com)
Date: 12/29/03 

Date: Mon, 29 Dec 2003 16:10:06 -0500

Most common cause for group policy failure would be that DNS is not setup
correctly. You need to have DNS installed on the DC and the DC should point
to itself for DNS. You should setup forwarders within DNS to point to the
ISP.

237675 Setting Up the Domain Name System for Active Directory
http://support.microsoft.com/?id=237675

If third party DNS server:

- Must support SRV RR (RFC 2052).

- Supports dynamic update protocol (RFC 2136).

Clients should only point to the DC for DNS.

Then refresh DNS on the server:

Net Stop Dns
Net Start Dns
Net Stop Netlogon
Ipconfig /flushdns
Net Start Netlogon
Ipconfig /registerdns

Then refresh on the client:

Net Stop Netlogon
Ipconfig /flushdns
Net Start Netlogon
Ipconfig /registerdns

See if the policies are applying, if not go further......

Are there errors in the application log in regards to userenv and scecli?
Please provide the exact details within the errors if so and let us know the
polices that you are trying to push.

250842 Troubleshooting Group Policy Application Problems
http://support.microsoft.com/?id=250842

If the above does not help enable Userenv logging on the client, log in
verify you did not get the policies. Repost with that Userenv.log and the
name of the user
account you are testing with.

221833 How to Enable User Environment Debug Logging in Retail Builds of
Windows
http://support.microsoft.com/?id=221833

Buz Brodin
MCSE NT4 / Win2K
Microsoft Enterprise Domain Support

Get Secure! - www.microsoft.com/security

This posting is provided "as is" with no warranties and confers no rights.

Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.

"blade" <zzz@tkethechallenge.it> wrote in message
news:J5%Hb.22769$_P.1008856@news4.tin.it...
> Hi all,
> I have this problem,
> On my domain controller I have setted up several group policies but on
some
> accounts these policies does not effect, all users are in the same OU and
> all users are created using the same templates.
> Is there any way to force policy to start ??
> thank for any help
>
>

Relevant Pages

  • Re: After enabling GPO, client pc needs synchronization
    ... correct DNS configuration. ... Server 2003 domain controllers dynamically register information about ... As far as Group Policy troubleshooting you can use rsop.msc on the client ...
    (microsoft.public.windowsxp.security_admin)
  • Re: 1030 and 1058 Errors on 2K3 domain controller
    ... Here is the relevant ipconfig ... Connection-specific DNS Suffix. ... Windows cannot query for the list of Group Policy objects. ... itself as the Preferred DNS server and another DC as the alternate DNS ...
    (microsoft.public.windows.group_policy)
  • RE: Please Help With Using Restricted Groups
    ... I tried one of your suggestions, of adding the DNS suffix. ... a GPO for the OU I am targeting for the restricted groups. ... An additional step I took was to make the group policy users and computers ... > check the DNS settings on the machine and ensure its DNS suffix and DNS ...
    (microsoft.public.win2000.active_directory)
  • Re: DNSClient registry key
    ... I will gladly post the ipconfig /all... ... DNS request timed out. ... Just as a check of DNS, I ran "nslookup yahoo.com 192.168.1.5" and it worked ... So we looked thru all of our group policy objects and can't find ...
    (microsoft.public.win2000.dns)
  • AD replication with DNS config problem
    ... Group Policy Infrastructure failed due to the error listed below. ... Domain Controller functions like joining a domain, logging onto a ... and Active Directory replication will not be available until the DNS ... The wizard encountered an error while trying to determine if the DNS server ...
    (microsoft.public.cert.exam.mcsa)