+ Reply to Thread
Results 1 to 2 of 2

Thread: Computer Security Policy not applied...sometimes

  1. 07-28-2010, 05:11 PM #1
    j_r_smith
    j_r_smith is offline Getting Started on GPanswers.com
    Join Date
    Jul 2010
    Posts
    2

    Default Computer Security Policy not applied...sometimes

    This is kind of a moving target for us. We have a firewall policy that applies to our computers which opens up the firewall for RDP sessions and ping responses etc. We have found that sometimes we cannot connect to some of the computers. A computer that presents the problem one day may not present the problem the next d but then may present the issue again in the next week.

    Running a gpupdate /force reapplys the policy of course and fixes the issue.

    This is what I have done so far:

    I have increased the userenv logging on the PC's to the highest level

    When I find a pc with the issue I go to it and first run a gpresult. This says that the policy is applied. Yet I still cannot connect remotely

    I run the gpupdate /force. This forces a logon and logoff and the issue is resolved.

    When I look at the userenv logs there are 2 things that I notice:

    1 - The computers with the issue always have "GetNetWorkName Failed with 10091".

    2 - They also have "No GPO changes and no security group membership membership change and the extension Registry has NoGPOChanges set." After this it skips processing any of the extensions - one of them being the registry adm extensions that contains the firewall settings.

    When running the force this changes to:

    1 - Network Name is domainname.com

    2 - "No GPO changes but called in force refresh flag or extension Registry needs to run force refresh in foreground processing" and all of the extensions are processed.

    On a pc that does not present the issue - if I look in the userenv log starting at the last logon (the last time that winlogon shows) I see:

    1 - Network Name is domainname.com

    2 - They also have "No GPO changes and no security group membership membership change and the extension Registry has NoGPOChanges set." After this it skips processing any of the extensions - one of them being the registry adm extensions that contains the firewall settings. Yet the policy appears to be applied and I can connect.

    What should I do next?
    Reply With Quote Reply With Quote
  2. 08-05-2010, 01:56 PM #2
    j_r_smith
    j_r_smith is offline Getting Started on GPanswers.com
    Join Date
    Jul 2010
    Posts
    2

    Default so many views

    so few replies. No ideas on this yet?
    Reply With Quote Reply With Quote
+ Reply to Thread
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules


Search Engine Friendly URLs by vBSEO