Still need help with GPO's

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

WinXP SP1 clients, Win server 2003 SP1.

I am having problems still with certain users not getting their group
policies. It seems to be isolated to one OU. If I move them out of
the OU into a known working one it is ok. But I'm having trouble
figuring out the cause. DNS is ok (again it works in another OU). I
do not have any filtering and am not blocking inheritance. I have just
one user policy which is on the OU above which is applying fine to
other OU's. If I run gpresult it says the user does not have rsop
data. If I run rsop.msc I get invalid namespace. I loaded GPMC on the
machine and the user can see all the policies and I can get to the
appropriate sysvol directories.

Any ideas where to go from here? The policy is a simple one just
setting the user proxy name and port and homepage. Thanks in advance
for any help.

Dawn

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

"dbouton" wrote:
> WinXP SP1 clients, Win server 2003 SP1.
>
> I am having problems still with certain users not getting
> their group
> policies. It seems to be isolated to one OU. If I move them
> out of
> the OU into a known working one it is ok. But I'm having
> trouble
> figuring out the cause. DNS is ok (again it works in another
> OU). I
> do not have any filtering and am not blocking inheritance. I
> have just
> one user policy which is on the OU above which is applying
> fine to
> other OU's. If I run gpresult it says the user does not have
> rsop
> data. If I run rsop.msc I get invalid namespace. I loaded
> GPMC on the
> machine and the user can see all the policies and I can get to
> the
> appropriate sysvol directories.
>
> Any ideas where to go from here? The policy is a simple one
> just
> setting the user proxy name and port and homepage. Thanks in
> advance
> for any help.
>
> Dawn

Hi,

Have you tried just moving your users out, deleting the OU. Creating a
new one and moving your users back in?

Cheers,

Lara

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Group-Policy-help-GPO-ftopict365281.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1177715

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

lforbes wrote:
> "dbouton" wrote:
> > WinXP SP1 clients, Win server 2003 SP1.
> >
> > I am having problems still with certain users not getting
> > their group
> > policies. It seems to be isolated to one OU. If I move them
> > out of
> > the OU into a known working one it is ok. But I'm having
> > trouble
> > figuring out the cause. DNS is ok (again it works in another
> > OU). I
> > do not have any filtering and am not blocking inheritance. I
> > have just
> > one user policy which is on the OU above which is applying
> > fine to
> > other OU's. If I run gpresult it says the user does not have
> > rsop
> > data. If I run rsop.msc I get invalid namespace. I loaded
> > GPMC on the
> > machine and the user can see all the policies and I can get to
> > the
> > appropriate sysvol directories.
> >
> > Any ideas where to go from here? The policy is a simple one
> > just
> > setting the user proxy name and port and homepage. Thanks in
> > advance
> > for any help.
> >
> > Dawn
>
> Hi,
>
> Have you tried just moving your users out, deleting the OU. Creating
a
> new one and moving your users back in?
>
> Cheers,
>
> Lara
>
> --
> Posted using the http://www.windowsforumz.com interface, at author's
request
> Articles individually checked for conformance to usenet standards
> Topic URL:
http://www.windowsforumz.com/Group-Policy-help-GPO-ftopict365281.html
> Visit Topic URL to contact author (reg. req'd). Report abuse:
http://www.windowsforumz.com/eform.php?p=1177715

Hi Lara - I found my own problem so thought I would share in case
someone else makes the same mistake. There was security set on the OU
that denied too much access. I had to give read and all works fine
now. Not sure how it originally got set so restrictive but I'm
assuming when it was trying to secure as much as possible and we got a
little too secure. Thank you for the helpful suggestion though.

Dawn

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

"dbouton" wrote:
> lforbes wrote:
> > "dbouton" wrote:
>  > > WinXP SP1 clients, Win server 2003 SP1.
>  > >
>  > > I am having problems still with certain users not
> getting
>  > > their group
>  > > policies. It seems to be isolated to one OU. If I
> move them
>  > > out of
>  > > the OU into a known working one it is ok. But I'm
> having
>  > > trouble
>  > > figuring out the cause. DNS is ok (again it works
> in another
>  > > OU). I
>  > > do not have any filtering and am not blocking
> inheritance. I
>  > > have just
>  > > one user policy which is on the OU above which is
> applying
>  > > fine to
>  > > other OU's. If I run gpresult it says the user
> does not have
>  > > rsop
>  > > data. If I run rsop.msc I get invalid namespace.
> I loaded
>  > > GPMC on the
>  > > machine and the user can see all the policies and I
> can get to
>  > > the
>  > > appropriate sysvol directories.
>  > >
>  > > Any ideas where to go from here? The policy is a
> simple one
>  > > just
>  > > setting the user proxy name and port and homepage.
> Thanks in
>  > > advance
>  > > for any help.
>  > >
>  > > Dawn
> >
> > Hi,
> >
> > Have you tried just moving your users out, deleting the OU.
> Creating
> a
> > new one and moving your users back in?
> >
> > Cheers,
> >
> > Lara
> >
> > --
> > Posted using the http://www.windowsforumz.com interface, at author's
> request
> > Articles individually checked for conformance to usenet
> standards
> > Topic URL:
> http://www.windowsforumz.com/Group-Policy-help-GPO-ftopict365281.html
> > Visit Topic URL to contact author (reg. req'd). Report
> abuse:
> http://www.windowsforumz.com/eform.php?p=1177715
>
> Hi Lara - I found my own problem so thought I would share in
> case
> someone else makes the same mistake. There was security set
> on the OU
> that denied too much access. I had to give read and all works
> fine
> now. Not sure how it originally got set so restrictive but
> I'm
> assuming when it was trying to secure as much as possible and
> we got a
> little too secure. Thank you for the helpful suggestion
> though.
>
> Dawn

Hi,

I am glad you figured it out. Personally I don’t set security on OU’s
at all except with "delegation" of control and then I use the
wizard. Basically unless you have lots of different people accessing
AD there is no reason to restrict it with permissions.

Cheers,

Lara

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi Lara,

Actually what happened in this case was the wizard was used to delegate
control for a small set of "technicians" that needed very limited
control for the whole domain. There is an administrative OU that they
are not allowed access so they were given deny access. At some point
these users were moved to a sub OU of the administrative OU basically
denying access to themselves which would not allow them to read the
policies. I agree that if it can be avoided setting security on OU's
can get you in trouble! Especially when more then one person
administrates the domain. Thanks again.

Dawn