GPO applies to one user and not to another ??

G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

DC with W2k Server, All clients W2K Pro. I have had a GPO for a particular user for 1 year. A new user added to this GPO does not apply the GPO when logged.
Both users share the same roaming mandatory profile.
Event IDs logged on clients machines
Event ID 111 : Source : Folder Redirection. Unable to apply folder redirection policy, initialization failed.
Event ID 1000 : Source: Userenv. The Group Policy client-side extension Folder Redirection was passed flags (0) and returned a failure status code of (203).
Event ID 1012: Source: WinLogon. The automatic certificate enrollment subsystem could not access local resources needed for enrollment. Enrollment will not be performed. (0x80070005) Access is denied.

The Folder redirection policy is not enabled.
The tried creating a thrid user, a copy of the 1st user, but no help. The 1st user still does apply the GPO

Please help
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

First make sure that the new user is in the same container as the user that
the policy applies to. Then check your dns configuration to make sure that
your domain controller points only to itself as it's preferred dns server in
tcp/ip properties and that the domain computers point only to the domain
controller as their dns pfreferred dns server. Misconfiguration of dns is
probably the cause of ninety percent of Group Policy problems. I would also
run first netdiag and then dcdiag on the domain controller looking for any
pertinent failed tests/errors/warnings and run netdiag on the domain
computer the new user is logging onto. You can also use gpresult to help
determine what policy is applying to a computer user by running it while
loggedon as that user on their computer. Use the /v switch for more detailed
info. Those tolls are located on the install cd under support/tools where
you need to run the setup or .msi file there. The links below may be
helpful. --- Steve

http://www.microsoft.com/windowsxp/pro/using/itpro/managing/gpresults.asp -
- same for W2K
http://support.microsoft.com/default.aspx?scid=kb;en-us;810739 -- white
paper, well worth a read
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B250842


"Laddoo" <kshah@esi-solutions.ca> wrote in message
news:5C89765C-BAF6-4220-9234-9279D0CA842C@microsoft.com...
> DC with W2k Server, All clients W2K Pro. I have had a GPO for a particular
user for 1 year. A new user added to this GPO does not apply the GPO when
logged.
> Both users share the same roaming mandatory profile.
> Event IDs logged on clients machines
> Event ID 111 : Source : Folder Redirection. Unable to apply folder
redirection policy, initialization failed.
> Event ID 1000 : Source: Userenv. The Group Policy client-side extension
Folder Redirection was passed flags (0) and returned a failure status code
of (203).
> Event ID 1012: Source: WinLogon. The automatic certificate enrollment
subsystem could not access local resources needed for enrollment.
Enrollment will not be performed. (0x80070005) Access is denied.
>
> The Folder redirection policy is not enabled.
> The tried creating a thrid user, a copy of the 1st user, but no help. The
1st user still does apply the GPO
>
> Please help
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

1) Verified Pred DNS server for DC is itself and all domain members lookup to the dc for DNS
2) Ran netdiag and dcdiag on DC and netdiag on the client pc... All tests passed OK
3) Re-tested the issue, I deleted the current user and recreated a new user, added to the respective group. The group policy is applied but when the user profile is set to a romaing mandatory profile the GPO is not applied and the same error messages are logged in the EventViewer.
The user has the same read and excute access to the profile as other user.

Please assist
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Seems as there must be an issue with roaming profiles but not having much experience
with mandatory roaming profiles, I don't know what the problem could be. --- Steve


"Laddoo" <kshah@esi-solutions.ca> wrote in message
news:0F66A5F2-C7CC-4373-B0EF-8B70265BB28A@microsoft.com...
> 1) Verified Pred DNS server for DC is itself and all domain members lookup to the
dc for DNS
> 2) Ran netdiag and dcdiag on DC and netdiag on the client pc... All tests passed OK
> 3) Re-tested the issue, I deleted the current user and recreated a new user, added
to the respective group. The group policy is applied but when the user profile is set
to a romaing mandatory profile the GPO is not applied and the same error messages are
logged in the EventViewer.
> The user has the same read and excute access to the profile as other user.
>
> Please assist