Re: Domain Users into Local Admins
From: Judith Herman \(MSFT\) (judithh_at_online.microsoft.com)
Date: 04/22/05
- Next message: roadie: "Re: after installation of the SP1 on Win2003 server I can't see the server computer on the network"
- Previous message: roadie: "Windows Firewall and 2003 SP1 Domain Controllers"
- In reply to: Ben: "Re: Domain Users into Local Admins"
- Next in thread: Ben: "Re: Domain Users into Local Admins"
- Reply: Ben: "Re: Domain Users into Local Admins"
- Reply: Ben: "Re: Domain Users into Local Admins"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 22 Apr 2005 10:35:14 -0700
Was your RSoP error "Invalid Namespace"? Usually, if group policy can't
process even once then the RSoP namespace won't be created to even track the
problem. Can you look to see if you have any errors mentioned in the
application event log for the userenv process? Also, check for error
messages in the %windir%\debug\usermode\userenv.log file?
-- Judith Herman Microsoft Corporation Server User Assistance - Group Policy ====================== This posting is provided "AS IS" with no warranties, and confers no rights. ====================== "Ben" <bjblackmore@xyz.hotmail.com> wrote in message news:u58QOozRFHA.1396@TK2MSFTNGP10.phx.gbl... > Hi Todd, > > Thanks for the reply. > > I've just rebooted 4 times, checked the DNS is correct and made sure both > user and computer is correctly authenticated in the domain, and there is > no filtering going on. > Still no Local Admins > One thing I noticed was when I ran gpresult I get an error something about > user not having any RSoP data? No idea what that means, I looked up RSoP > and its Resultant Set of Policy but I have no idea why its not working! > It could be ICMP being blocked, I'm running symantec client firewall, so > I'm just about to check now. > > Any idea why the RSoP error means? > > Ben > > "Todd J Heron" <todd_heron_no_spam@hotmail.com> wrote in message > news:%231vvtzyRFHA.2788@TK2MSFTNGP09.phx.gbl... >> Sometimes two reboots are needed. Failing that, see below. >> >> The following are common reasons why GPO settings are failing to apply to >> a >> user or computer (8-point check): >> >> 1) Machine or user must be a domain member and authenticate with the >> domain >> 2) DNS client configuration problem. Is the client's preferred DNS >> server >> setting pointing to a DNS server that handles the zone for AD domain >> 3) User or machine is not in the container to which the GPO is linked. >> Run >> rsop.msc or gpresult.exe /v on the users workstation to check that the >> policy is actually being applied or not. >> 4) User or machine is under a hierarchy which is blocking the GPO >> 5) There is group filtering which is preventing the user or machine from >> reading the GPO >> 6) The user is a member of a group which is being filtered from the >> effect >> of Group Policy. For example, the 'Authenticated Users' has "Deny" >> selected >> for 'Appy Group Policy'. >> 7) If ICMP is blocked for administrative reasons, group policies will not >> apply. (Clients test the link speed by sending an IMCP packet of 2048 >> bytes.) >> 8) Check to see if the user is a member of too many groups. >> >> Quoted from: >> Kerberos authentication may not work if user is a member of many groups: >> http://support.microsoft.com/default.aspx?scid=kb;en-us;280830 >> >> If a user is a member of many groups either directly or because of group >> nesting, Kerberos authentication may not work. The Group Policy object >> (GPO) >> may not be applied to the user and the user may not be validated to use >> network resources. >> >> -- >> Todd J Heron, MCSE >> Windows Server 2003/2000/NT; CCA >> ---------------------------------------------------------------------------- >> This posting is provided "as is" with no warranties and confers no rights >> > >
- Next message: roadie: "Re: after installation of the SP1 on Win2003 server I can't see the server computer on the network"
- Previous message: roadie: "Windows Firewall and 2003 SP1 Domain Controllers"
- In reply to: Ben: "Re: Domain Users into Local Admins"
- Next in thread: Ben: "Re: Domain Users into Local Admins"
- Reply: Ben: "Re: Domain Users into Local Admins"
- Reply: Ben: "Re: Domain Users into Local Admins"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
