That makes sense. We do have users separated from computers although not as well as I now realise I'd like (we've got an "allpcs" OU, a Staff OU and a Students OU; what I think I want is those last two under an "allpeople" OU but back in 2000 when we first put this together that wasn't so obvious as it is now...) I've now removed the ISA_proxy GPO and all is back to normal. What I still don't understand is why loopback mode on one GPO appears to affect other GPOs linked elsewhere - I thought it just changed the way that that one GPO was applied??? Steve
________________________________ From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED] Sent: Wed 04/01/2006 15:50 To: [email protected] Subject: RE: [ActiveDir] Duplicate application of group policy Hi Steve... That's about the only way to apply user settings to computers, using the loopback. Not sure of your OU structure, if you had your users seperated, you could apply the actual user policies (loginscripts etc.) at the "user OU" level. As long as that was a different "scope" it would eliminate them trying to run the scripts twice, which is where I would expect these things to hang some. Or even generate errors, if trying to remap an already mapped drive. Not sure if I"m explaining it clearly enough? John "Steve Rochford" <[EMAIL PROTECTED] nwl.ac.uk> To Sent by: <[email protected]> [EMAIL PROTECTED] cc ail.activedir.org Subject RE: [ActiveDir] Duplicate 01/04/2006 09:12 application of group policy AM Please respond to [EMAIL PROTECTED] tivedir.org Thanks; I spotted that proxy_isa was only once but John's other message about loopback makes me start thinking that this is very relevant. The proxy_isa just sets a particular OU to use an ISA server as proxy (rather than Squid - we have some software which won't work with ISA so a couple of OUs link to a GPO called ISA_Squid which points them at the Squid proxy server). The policy is applied to a group of machines (because it's particular rooms which need the proxy set like this rather than particular people) but loopback processing is set because the proxy settings themselves are user specific rather than machine specific. I'm sure I've used loopback processing for actually this sort of thing before but I'd guess I'm doing something wrong! I've tried to copy the settings screen from the proxy_isa GPO below - is this where I should be looking or could something else be wrong? If necessary, I can remove the GPO and just use the login script to set proxy settings - there was just a "nice" feel to doing things with the GPO Steve Computer Configuration (Enabled) Administrative Templates System/Group Policy Policy Setting Enabled Mode: Merge User Configuration (Enabled) Windows Settings Internet Explorer Maintenance Connection/Proxy Settings Enable proxy settings Protocol Server Port HTTP witproxy 8080 Secure witproxy 8080 FTP witproxy 8080 Gopher witproxy 8080 Socks witproxy 8080 Exceptions: Do not use proxy server for addresses beginning with www.student.cnwl.ac.uk, moodle.student.cnwl.ac.uk, learnwise.student.cnwl.ac.uk, wstud3.student.cnwl.ac.uk, mail.student.cnwl.ac.uk, Do not use proxy server for local (intranet) addresses Enabled ________________________________ From: [EMAIL PROTECTED] on behalf of Al Mulnick Sent: Wed 04/01/2006 14:16 To: [email protected] Subject: Re: [ActiveDir] Duplicate application of group policy Steve, it looks like, from that list that you're not applying all GPO's twice. Some are and some aren't. That seems to me like it would be a configuration issue. allpcs Proxy_ISA <-----applied once Default Domain Policy <----- applied twice LogonLogoffScripts Local Group Policy Default Domain Policy LogonLogoffScripts Local Group Policy Some things to look for: Check to see what the GPO's are linked to. Look over recent changes to see if any of them could have affected this behavior. Verify that the slow logon is due to the application of group policy. You may have something else going on. Al On 1/4/06, Steve Rochford <[EMAIL PROTECTED]> wrote: Most group policy objects are being applied twice - what do I need to look for to fix this? Running gpresult /v shows that they're being picked up twice - eg the the start of the user section is shown below. There is only one link for each policy object but there's obviously something I'm missing. All the policies are working but it's causing problems because logging on takes twice as long and the user login script (set in the "logonlogoffscripts" group policy) runs twice. Steve USER SETTINGS -------------- CN=Administrator,CN=Users,DC=student,DC=cnwl,DC=ac,DC=uk Last time Group Policy was applied: 04/01/2006 at 08:23:52 Group Policy was applied from: pstud1.student.cnwl.ac.uk Group Policy slow link threshold: 500 kbps Applied Group Policy Objects ----------------------------- allpcs Proxy_ISA Default Domain Policy LogonLogoffScripts Local Group Policy Default Domain Policy LogonLogoffScripts Local Group Policy List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ [attachment "winmail.dat" deleted by John P Salemi/CedarRapids/RockwellCollins] List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
<<winmail.dat>>
