LinkBack URL
About LinkBacks
Reply With QuoteCould I clarify
Your computer is in an OU
You have a GPO at the OU level that isn't applying
You have a GPO at the domain level that is applying
You have defined user settings in the GPO
Is your user in the same OU?
Getting Started on GPanswers.com
user policy not applying
I've got a GPO that is only half applying to my computer but it applies to other machines fine. I've tested this by running GPRESULT against my computer as well as others specifying the scope as user. Another GPO with a user policy applies fine but it is linked to the domain level and the problem policy is linked to an OU. I've also tried creating a new GPO and it won't apply either.
In delegation I've got users and authenticated users with read and apply permissions.
Does anybody have any ideas? This is on XP SP3.
Thanks
Doug
Getting Started on GPanswers.com
Could I clarify
Your computer is in an OU
You have a GPO at the OU level that isn't applying
You have a GPO at the domain level that is applying
You have defined user settings in the GPO
Is your user in the same OU?
Getting Started on GPanswers.com
My computer in a OUOriginally Posted by Mike_Courtney
My user is in a different OU
A GPO at the domain level and another linked to the computer OU have computer and user settings.
User and computer settings are applying from the GPO linked to the domain.
Only computer settings are applying from the GPO linked to the computer OU.
Loopback processing - Merge is enabled in the GPO linked to the computer OU.
GPresult for my user on my computer shows that the user settings are not applying.
GPresult for my user on another computer,same OU, shows that the user settings do apply.
Modeling in GPMC shows that the user settings should apply for my user on both.
As far as I know this should work but it's not. I've been getting some feedback on the technet forums and I've nearly resolved to drop loopback processing and apply the GPOs differently. If I link the GPO that I'm not getting to the domain level then it applies since it's hitting my actual user and not relying on loopback processing to apply the user settings to computer objects.
Feedback on the issue is still very much welcome though. I may not be understanding Loopback processing fully.
Thanks,
Doug
Getting Started on GPanswers.com
Well sounds like you've done everything I'd normally expect - interestingly is that it applies to one PC and not the other.
Is the PC working OK on the domain, any userenv errors?
Can you set a new policy setting something obvious and confirm it takes effect just to remove that from being a possibility
Is there any WMI or group filtering on the policy itself?
If you can run an RsOP from the GPMC and look at policy events
Where is the policy setting the loopback method?
At this stage it may be worth increasing userenv logging
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
UserEnvDebugLevel to DWORD 30002
This will create a userenv.log in
c:\windows\debug\usermode that may shed more light on it
Getting Started on GPanswers.com
Hi
I think you have this same one on Technet forum if so:
This error - Windows cannot access the registry policy file, \\domain.local\SysVol\domain.local\Policies\{0207E ACD-F96C-4C5B-89B0-1400AB4937FE}\Machine\registry.pol. (The parameter is incorrect. ).
Can you detemine which polciy that is - the GUId can be found from the properties of the policy)
Also in the second gpresult (computer without the issue) the computer CN is missing - could you provide that please - just for comparison
Getting Started on GPanswers.com
Yes, that ID number belongs to the non-applying GPO. I've created a new GPO to replace that one and after testing it there are no new errors in the application log. The user settings still won't apply to my computer however. It's fine though when linked high enough to filter down to the users container. To resolve the issue at hand it seems advantageous to sidestep loopback processing and reorganize some of my GPOs and or their settings in order to simplify it some. I'm still going to play with loopback processing to try and identify what's going on.
As far as the computer CN, I'm not sure what you want. I've edited the text outputs from gpresult. I'm just not sure what difference it makes if the machine name is present in the logs or not. I'm just trying to minimize the specific information that's posted.
Doug
Getting Started on GPanswers.com
Hey Mike,
The reference PC has the same userenv events in it's app log. As noted in my other reply my PC no longer has them as I'm using a new GPO created with the same settings as the other.
I've tested changing a setting and seeing if the changes happens as expected on the PC but it just backs up what gpresult says.
Here's what I see for policy events but not since changing GPOS:
---------
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
---------------
Windows cannot access the registry policy file, \\Altamaha.local\SysVol\Altamaha.local\Policies\{0 207EACD-F96C-4C5B-89B0-1400AB4937FE}\Machine\registry.pol. (The parameter is incorrect. ).
---------------------------------
Windows XP Starter Edition: Unsupported state (detail: The parameter is incorrect. ).
---------------------------------------
The second one is sorted out I know but I'm not sure what the first and third indicate. I thought XP starter edition was a version for developing countries.
Loopback processing is enabled in computer/admin templates/system/group policy
I'll look into the logging option. I'm going to get my GPOs set back up first though.
Thanks,
Doug
Posting Permissions