RE: [ActiveDir] GPO's not always applied.

Mon, 04 Oct 2004 11:37:37 -0700

We had problems processing the machine policies and logon scripts till we made changes in our Cisco switches and turned on Fast Port.  Here's a link to an article.
 
http://www.cisco.com/warp/public/473/12.html
 
I read Dell switches also show the same symptoms.
 
Robert

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Orlando
Sent: Monday, October 04, 2004 1:26 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] GPO's not always applied.

Yes, thanks Eric. I think that is the approach I will go with for lack a better one. Thanks for the input.

Mark

On Oct 4, 2004, at 12:50 PM, [EMAIL PROTECTED] wrote:


I've had a similar problem.  In digging through the problem, I found some of the following, usually by tracing through the eventlog on the respective machine.

Computer account had a problem in the domain - just needed to be removed and put back in
GPO policy processing - changed respective templates to always apply even if no changes had occurred
NIC/Switch Port config - Found that there were cases that the computer would come up for login before the network connection was fully initialized.  Once discovered it was simple to test.  Simply boot up, logon..wait for everything to settle down.  Then unplug the NIC and plug it back in.  The network connection should come back immediately.  If it doesn't then its possible that the computer may also be starting up before there's an available connection to a DC.  This would cause inconsistent processing of user policies and prevent application of computer policies, other than those that had already been applied
Local Policies on the computer - Local policies seem inert and possibly unimportant once on the AD domain, but....not in our environment.  It was a 'twisted' implementation of local policies...scripts...and other things to ensure that local polices applied, reapplied...and couldn't be unapplied.  So when we migrated the machines to AD, we experienced an unbelievable series of unpredictable results.  Needless to say, one of which, was the lack of consistent GPO application - One of the permanent fixes was to automate the application of "Setup Security.inf" to all the respective clients upon their migration of AD

The biggest problem by far was simply getting consistent failures to troubleshoot or getting the exact details of the respective occurrence from the desktop people in the field.  


When all else fails...turn up GPO and Winlogon logging, turn on failure auditing...get a fine tooth comb and settle in for a nice long debug session...

Hope this helps.



Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com




<[EMAIL PROTECTED]>

Sent by: [EMAIL PROTECTED]

10/04/2004 11:52 AM

Please respond to

[EMAIL PROTECTED]




To

[EMAIL PROTECTED]

cc


Subject

Re: [ActiveDir] GPO's not always applied.








Hey Mark...

You can try /computer configuration/administrative templates/system/group
policy/scripts policy processing

You can set to always process over slow connections, and even if the GPO
hasn't changed.

HTH
John




                                                                         
            Mark Orlando                                                  
            <[EMAIL PROTECTED]                                            
            com>                                                       To
            Sent by:                  Active Directory Mailing List      
            [EMAIL PROTECTED]         <[EMAIL PROTECTED]>      
            ail.activedir.org                                          cc
                                                                         
                                                                  Subject
            10/04/2004 10:46          [ActiveDir] GPO's not always        
            AM                        applied.                            
                                                                         
                                                                         
            Please respond to                                            
            [EMAIL PROTECTED]                                            
               tivedir.org                                                
                                                                         
                                                                         




I am having issues with GPO's not being fully applied at every login.
I need to change this.  I know it might have something to do with the
volume of LAN traffic but I need to find away around this.
I also have some add printer login scripts that don't always work
either.  I have the scripts running synchronously and slow link
detection set to 0.  Does anyone have any ideas?

Mark Orlando
Systems Administrator
I.T. Department
Linden Public Schools

List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Mark Orlando
Systems Administrator
I.T. Department
Linden Public Schools
---- The information contained in this e-mail transmittal, including any attached document(s) is confidential. The information is intended only for the use of the named recipient. If you are not the named recipient, you are hereby notified that any use, disclosure, copying, or distribution of the contents hereof is strictly prohibited.

Reply via email to