GPO applies to one user and not to another ??

Archived from groups: microsoft.public.win2000.group_policy (More info?)

DC with W2k Server, All clients W2K Pro. I have had a GPO for a particular user for 1 year. A new user added to this GPO does not apply the GPO when logged.
Both users share the same roaming mandatory profile.
Event IDs logged on clients machines
Event ID 111 : Source : Folder Redirection. Unable to apply folder redirection policy, initialization failed.
Event ID 1000 : Source: Userenv. The Group Policy client-side extension Folder Redirection was passed flags (0) and returned a failure status code of (203).
Event ID 1012: Source: WinLogon. The automatic certificate enrollment subsystem could not access local resources needed for enrollment. Enrollment will not be performed. (0x80070005) Access is denied.

The Folder redirection policy is not enabled.
The tried creating a thrid user, a copy of the 1st user, but no help. The 1st user still does apply the GPO

Please help
3 answers Last reply
More about applies user
  1. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    First make sure that the new user is in the same container as the user that
    the policy applies to. Then check your dns configuration to make sure that
    your domain controller points only to itself as it's preferred dns server in
    tcp/ip properties and that the domain computers point only to the domain
    controller as their dns pfreferred dns server. Misconfiguration of dns is
    probably the cause of ninety percent of Group Policy problems. I would also
    run first netdiag and then dcdiag on the domain controller looking for any
    pertinent failed tests/errors/warnings and run netdiag on the domain
    computer the new user is logging onto. You can also use gpresult to help
    determine what policy is applying to a computer user by running it while
    loggedon as that user on their computer. Use the /v switch for more detailed
    info. Those tolls are located on the install cd under support/tools where
    you need to run the setup or .msi file there. The links below may be
    helpful. --- Steve

    http://www.microsoft.com/windowsxp/pro/using/itpro/managing/gpresults.asp -
    - same for W2K
    http://support.microsoft.com/default.aspx?scid=kb;en-us;810739 -- white
    paper, well worth a read
    http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B250842


    "Laddoo" <kshah@esi-solutions.ca> wrote in message
    news:5C89765C-BAF6-4220-9234-9279D0CA842C@microsoft.com...
    > DC with W2k Server, All clients W2K Pro. I have had a GPO for a particular
    user for 1 year. A new user added to this GPO does not apply the GPO when
    logged.
    > Both users share the same roaming mandatory profile.
    > Event IDs logged on clients machines
    > Event ID 111 : Source : Folder Redirection. Unable to apply folder
    redirection policy, initialization failed.
    > Event ID 1000 : Source: Userenv. The Group Policy client-side extension
    Folder Redirection was passed flags (0) and returned a failure status code
    of (203).
    > Event ID 1012: Source: WinLogon. The automatic certificate enrollment
    subsystem could not access local resources needed for enrollment.
    Enrollment will not be performed. (0x80070005) Access is denied.
    >
    > The Folder redirection policy is not enabled.
    > The tried creating a thrid user, a copy of the 1st user, but no help. The
    1st user still does apply the GPO
    >
    > Please help
    >
  2. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    1) Verified Pred DNS server for DC is itself and all domain members lookup to the dc for DNS
    2) Ran netdiag and dcdiag on DC and netdiag on the client pc... All tests passed OK
    3) Re-tested the issue, I deleted the current user and recreated a new user, added to the respective group. The group policy is applied but when the user profile is set to a romaing mandatory profile the GPO is not applied and the same error messages are logged in the EventViewer.
    The user has the same read and excute access to the profile as other user.

    Please assist
  3. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Seems as there must be an issue with roaming profiles but not having much experience
    with mandatory roaming profiles, I don't know what the problem could be. --- Steve


    "Laddoo" <kshah@esi-solutions.ca> wrote in message
    news:0F66A5F2-C7CC-4373-B0EF-8B70265BB28A@microsoft.com...
    > 1) Verified Pred DNS server for DC is itself and all domain members lookup to the
    dc for DNS
    > 2) Ran netdiag and dcdiag on DC and netdiag on the client pc... All tests passed OK
    > 3) Re-tested the issue, I deleted the current user and recreated a new user, added
    to the respective group. The group policy is applied but when the user profile is set
    to a romaing mandatory profile the GPO is not applied and the same error messages are
    logged in the EventViewer.
    > The user has the same read and excute access to the profile as other user.
    >
    > Please assist
Ask a new question

Read More

Policy Event Id Windows