Archived from groups: microsoft.public.win2000.active_directory (
More info?)
Thanks. I'll try that.
Jack B.
"Pablo E. Colazurdo" <rael@singularidad.com.ar> wrote in message
news:OBpCbEg3EHA.2012@TK2MSFTNGP15.phx.gbl...
> Have you checked for errors on the event viewer? most probably problems
> with
> the SYSVOL share.
>
> You can turn on Debugging on a PC and see what is going on:
>
> 1.. If you encounter problems after making changes to the Default Domain
> and/or Default Domain Controller group policies, you can enable GPO debug
> logging on your server. To enable the logging:
> 1.. Use Regedt32 to navigate to:
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SecEdit
> 2.. On the Edit menu, Add Value name PolicyDebugLevel, as a REG_DWORD
> data type. Set the data value to 2.
> 3.. The log file will be generated as:
> %SystemRoot%\security\logs\Scepol.log
> 2.. Enable Verbose logging by editing the registry. You are telling the
> system to create a USERENV.LOG in winnt\debug directory. You can then
> examine the file for errors.
> 1.. Run Regedit.
> 2.. Navigate to Hkey_Local_Machine - Software - Microsoft - Windows
> NT -
> CurrentVersion - Winlogon.
> 3.. Add a REG_DWORD value called UserEnvDebugLevel and type in a Hex
> value of 30002.
> 4.. Close Regedit.
> 5.. Log off and log back on.
> 3.. All the following changes should be done at:
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
> NT\CurrentVersion\Diagnostics
> 1.. RunDiagnosticLoggingGroupPolicy. Adding this value and setting it
> as
> a REG_DWORD with value 1 will affect the logging of GPO processing by
> turning it on in verbose mode. After you make that change and restart the
> system, you will see a lot more information reported, especially during
> errors. In many cases, this will be enough to get the information you
> need.
> 2.. RunDiagnosticLoggingApplicationDeployment. Adding this value as a
> REG_DWORD with value 1 will turn on verbose logging specifically for GPO
> application deployments. In the case of an administrator who is trying to
> deploy antivirus files via GPO, this key would definitely be helpful in
> improving logging.
> 3.. RunDiagnosticLoggingGlobal, which, when added as REG_DWORD with
> value 1, will turn on verbose logging for all GPO processing events,
> including those listed above. It's basically a catch-all value, but the
> downside is that it may confuse you when you examine the logs because it
> will log lots of events that may not have anything to do with your
> specific
> problem. Think carefully before turning this one on-it could increase your
> workload.
> Hope it helps,
> P.
>
>
> "Jack Black" <JackBlack@hat.com> wrote in message
> news:uW4QM8f3EHA.1152@TK2MSFTNGP14.phx.gbl...
>> Greetings AD Guru's
>>
>> Suddenly, my GPO (single site, single domain) is no longer being applied
> to
>> my 200 users.
>> So, I can't change password expiration, lockout threshold, etc.
>>
>> I've check DNS, etc. but still no luck.
>>
>> Any ideas?
>>
>> Thank you, Jack
>>
>>
>
>