Gpresult /v shows something odd. Below is an edited version of the results. The
"TCHS SMART Sync 2010 Student Computer Assignment Policy" is the policy that
pushes down the app. But it only does so to machines that are members of a
group called "TCHS SMART Sync 2010 Student Computers." Now, the computer in
question (TCHS-115-S02) *is* a member of that group, as confirmed by looking in
ADUC. Yet gpresult says it's not.
So if the machine doesn't know it's a member of the group, why is it trying to
apply the software assignment policy at all? I don't get that.
And the assignment is failing with event IDs 101, 102, and 108.
Applied Group Policy Objects
-----------------------------
TCHS SMART Sync 2010 Student Computer Assignment Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
The computer is a part of the following security groups
-------------------------------------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
This Organization
TCHS-115-S02$
FCS Computers
TCHS Admin Policy Computers
Domain Computers
System Mandatory Level
From: Carl Houseman [mailto:[email protected]]
Sent: Wednesday, October 13, 2010 11:50 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless
What are you using for a wireless supplicant (program that configures the SSID
etc.)? Windows WZC or something specific to the wireless? Whichever one you
are using, turn it off and try the other.
Also download and install the latest wireless NIC drivers.
All else being OK, generally the "trick" is to use WZC, but as some have
indicated, sometimes the vendor utility, assuming it runs as a service, might
be OK. I would also disable any wired adapter that may be present.
Also make sure your group policies are in effect using gpresult /v - especially
the one about always waiting for network.
Carl
From: John Hornbuckle [mailto:[email protected]]
Sent: Wednesday, October 13, 2010 10:26 AM
To: NT System Admin Issues
Subject: Group Policy Problems Over Wireless
Short version:
Is there a trick to improving group policy processing when accessing the
network wirelessly?
Long version:
We have a lab with machines that have Broadcom wireless NICs in them. Vista OS,
connecting to Server 2008 R2 DC.
I'm trying to deploy a piece of software to these machines via Group Policy. I
have things setup so that if the machine is a member of a certain group, the
software is deployed. Unfortunately, it only worked correctly on one of the
machines-on all the rest, the software isn't being deployed.
So I connect to any of the machines that didn't get the software, and run
gpresult. It doesn't show me that those machines are members of the group that
gets the software. But I know they are; I've confirmed in ADUC on the DC.
They're just not picking up group membership.
Looking at the event log for events that happen around startup, I see things
that make me think group policy processing is trying to happen prior to the
wireless network being initialized. Things like:
Event ID 5719 (There are currently no logon servers available to service the
logon request.)
Event ID 129 (NtpClient was unable to set a domain peer to use as a time source
because of discovery error.)
Event ID 1129 (The processing of Group Policy failed because of lack of network
connectivity to a domain controller.)
Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del] window.
You can log in (including as someone who has never logged into the machine
before), ping the DC, browse to \\domain\syvol<file:///\\domain\syvol>, and so
on. It's just that at that point, group policy processing seems to have given
up. My machines aren't figuring out that they've been added to a new group.
John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to
[email protected]<mailto:[email protected]>
with the body: unsubscribe ntsysadmin
NOTICE: Florida has a broad public records law. Most written communications to
or from this entity are public records that will be disclosed to the public and
the media upon request. E-mail communications may be subject to public
disclosure.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to
[email protected]<mailto:[email protected]>
with the body: unsubscribe ntsysadmin
NOTICE: Florida has a broad public records law. Most written communications to
or from this entity are public records that will be disclosed to the public and
the media upon request. E-mail communications may be subject to public
disclosure.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
