Quickest way to check replication of both GPT (sysvol component replicated by FRS) and GPC (AD component replicated by normal AD replication) is gpotool.exe.
IME, most problems with GPO's not replicating consistently is due to FRS issues. If gpotool reports inconsistencies, look at the FRS logs on the offending DC. From: Kevan Dickinson [mailto:[email protected]] Sent: Tuesday, March 31, 2009 10:20 AM To: NT System Admin Issues Subject: RE: Group Policy updates Problem Hi I have found out why I believe that some PC's were getting different Group Policies to the others. I always update the policies on the same DC. However for some reason the Internet explorer settings that I had set had not been replicated to the other DC. How can I check that replication of policies is happening correctly or force the correct policy onto the other DC. I have not resolved why after looking at Group policies some people get there default connection for IE changed from Never Dial a Connection to always Dial my Default Connection. Any advice appreciated. Regards Kevan Dickinson Network Manager NSF-CMI 23 Lodge Road Hanborough Business Park, Long Hanborough, Oxford, OX29 8SJ, UK T:+44 01993 885661 E:[email protected] W:www.nsf-cmi.com ________________________________ From: Kevan Dickinson [mailto:[email protected]] Sent: 31 March 2009 14:06 To: NT System Admin Issues Subject: Group Policy updates Problem All I have a couple of questions regarding Group Policy Updates. We are in a Windows 2003 Domain with Mostly windows XP clients. My questions revolve around Group Policy settings for Internet Explorer 7. 1) Whenever I edit something to do with Internet Explorer in Group Policies something happens to the setting on the connections Tab where you set. Never "Dial a connection", "Dial whenever a network connection is not present" and "Always Dial my Default Connection". Even if I do not touch this setting as soon as I close the Group Policy Editor I start to receive calls from mostly laptop users who have dial up connections or VPN settings listed in the "Dial-up and Virtual Private Network Settings" box on the connections Tab as IE has changed to "Always dial my default connection." Therefore when opening IE they get a pop up window asking them to connect to there default dial up connection Desktop users tend not to be affected as they have nothing listed here. What is causing this to happen? How can I stop it. 2) Some Internet Explorer settings that are applied by Group Policy are not being applied to some people / machines. If I go to the client machine and run gpupdate /force then the policy gets updated. If I just run gpupdate then no update happens. I thought that policies were updated every time someone logs onto the Network and every 90 minutes after that. How can I track why some people are having the correct policy applied and some are not. I am thinking of adding gpupdate /force to our login script to ensure that everyone's Group policies are updated when they log in. But I would prefer them to update properly. Does any one have any suggestions? Regards Kevan Dickinson Network Manager NSF-CMI 23 Lodge Road Hanborough Business Park, Long Hanborough, Oxford, OX29 8SJ, UK T:+44 01993 885661 E:[email protected] W:www.nsf-cmi.com ************************************************************************ ******** ***Disclaimer*** The contents of this Email may be privileged and are confidential. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Should you wish to use Email as a mode of communication, NSF-CMi Ltd and its subsidiaries are unable to guarantee the security of Email content outside of our own computer systems. This footnote also confirms that this Email message has been checked by MailMarshal for the presence of computer viruses. Whilst we run anti-virus software, you are solely responsible for ensuring that any Email or attachment you receive is virus free. We disclaim any liability for any damage you suffer as a consequence of receiving any virus. NSF-CMi Ltd Registered in England No: 1899857 Registered Office 4th Floor, 35 New Bridge Street, London, EC4V 6BW ************************************************************************ ********** ************************************************************************ ******** ***Disclaimer*** The contents of this Email may be privileged and are confidential. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Should you wish to use Email as a mode of communication, NSF-CMi Ltd and its subsidiaries are unable to guarantee the security of Email content outside of our own computer systems. This footnote also confirms that this Email message has been checked by MailMarshal for the presence of computer viruses. Whilst we run anti-virus software, you are solely responsible for ensuring that any Email or attachment you receive is virus free. We disclaim any liability for any damage you suffer as a consequence of receiving any virus. NSF-CMi Ltd Registered in England No: 1899857 Registered Office 4th Floor, 35 New Bridge Street, London, EC4V 6BW ************************************************************************ ********** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
