Archived from groups: microsoft.public.win2000.group_policy (
More info?)
Perhaps you have already done some of these steps, but here's how I would
investigate this problem:
1. verify that you have the correct computer name and that the computer
account for that computer is in the OU that has the GPO(s) linked (or
inherited) to it
a. logon at the problem computer with a Domain User's account
b. open a Command Prompt
c. key set computername; make a note of the name displayed
d. key set logonserver - this should be the name of one of the domain
controllers
e. in Active Directory Users and Computers, find out what OU that
computer account is in
i .right click on the top OU
ii. select Find
iii. from the Find: drop down list, select Computers, key the name
from step c in the Computer name: text box; click Find Now
iv. select View, Choose Columns
v. if Published At is not in the right pane, select it from the left
pane and click Add; click OK
vi. make a note of which OU the computer name is "Published At"
f. using GPMC, ensure that the GPOs with the missing settings are linked
or inherited into the OU determined from e. vi.
2. use the Group Policy Results tool in the Group Policy Management Console
(bottom item in the tree in the left pane) to get a report of what's going
on with those two computers.
3. logon to one of the problem computers as an administrator and use the
gpresult /v command to see what settings in what GPOs are being applied.
4. look for any Warning or Error entries in the System and Application Event
Logs that are related to domain connectivity, Group Policy processing,
w32tm, Userenv or userint.
5. verify that any settings you are applying can be applied to whatever OS
is running on the problem computers. Some GP settings are only available on
Windows XP or Windows 2003 server.
--
Bruce Sanderson MVP
It's perfectly useless to know the right answer to the wrong question.
"Ken B" <none@microsoft.com> wrote in message
news:eMJ9yLsNFHA.3356@TK2MSFTNGP12.phx.gbl...
> Hey Bruce-
>
> I tried doing what you suggested (in addition to adding a policy to always
> wait for the network before logon), to no avail. I still have 2 new
> computers that aren't receiving the machine policy correctly (particularly
> the software deployment policy). Do you have any other suggestions?
>
> Tks
>
> Ken
>
>
> "Bruce Sanderson" <Bruce.Sanderson@junk.junk> wrote in message
> news:unq70yWNFHA.2704@TK2MSFTNGP15.phx.gbl...
>> To add to what lforbes has said, I've found some Windows XP computers get
>> Application Event Log entries with Source = UserEnv 1053 ("Windows cannot
>> determine the computer name. (An internal error occurrred.) Group Policy
>> processing aborted.") or Userint 1000 (Could not execute the following
>> script [logon script name]. The system cannot find the file specified".).
>> You might also see System Event Log entries with Source = LsaSrv 40961
>> ("The Security System could not establish a secured connection with the
>> server cifs/DomainControllerName.DomainName. No authentication protocol
>> was available.").
>>
>> In some cases, what appears to be happening is that the NetLogon service
>> is starting and attempting to communicate with the Domain Controller
>> before the DNS Client service has been able to communicate with a DNS
>> server; this causes the attempt to resolve the domain name via DNS to
>> fail and thus other startup processing doesn't get done. Making the
>> NetLogon service dependent on the Dnscache service appears to fix this
>> issue, at least in some cases
>>
>> To make the NetLogon service dependent on the Dnscache service:
>> 1. open regedit
>> 2. navigate to
>> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon
>> 3. double click on DependOnService in the right pane
>> 4. click on the end of the line that reads "LanmanWorkstation" (to remove
>> the highlighting/selection)
>> 5. press Enter to get a new line
>> 6. key Dnscache
>> 7. click OK
>> 8. restart the computer
>>
>> See if this fixes this problem.
>>
>> One way to automate this change is using the sc command:
>>
>> sc config netlogon depend= LanmanWorkstation/Dnscache
>>
>> (Note the space between the "=" sign and "LanmanWorkstation".)
>>
>> --
>> Bruce Sanderson MVP
>>
>> It's perfectly useless to know the right answer to the wrong question.
>>
>>
>> "Rosello M. Bagundol" <algernon24@gmail.com> wrote in message
>> news:%2396VdMTNFHA.3560@TK2MSFTNGP14.phx.gbl...
>>>
>>>
>>> I have a GP set on a group of users. I'm using Windows 2000 AS.
>>> Recently, I
>>> have joined a new computer to the domain but the policy settings are not
>>> propagating to that pc when I used an existing user account (to which
>>> the
>>> user account the GP is applied). Any ideas why is this happening?
>>>
>>>
>>
>>
>
>
Facebook
Twitter
Instagram