Archived from groups: microsoft.public.win2000.group_policy (
More info?)
you say there are NO LINKS? Do you really mean that? I assume not.
Do you have ANY block policy inheritance on the OUs?
I am also wondering if the SYSVOL issue is something here? Are you getting
ANY FRS problems or events on the DCs? I think we need to 100% verify FRS is
working first, then see about the GPOs. If the GPUPDATE is saying that all
GPOs are empty... that is troubling. How many DCs?
--
Derek Melber
BrainCore.Net
derekm@braincore.net
"David Stal" <None@guesswhere.sk> wrote in message
news:gtjq709svgph5kvha61mhnts071m9dv4ld@4ax.com...
> Additional: This AM GPUpdate is now showing the 5 GPOs as "filtering:
> Not Applied (empty) on the XP machines
>
> And the event log is listing several Userenv errors when updating the
> policies (Events 1030, 1058, 1091, 1085)
>
> I'm really beginning to dislike group policies.
o|
>
> BTW, a while ago all SYSVOL contents got deleted due to a linked copy
> being created via a test tape restore. I fixed it with LINKD and
> recreated all polices from scratch.
>
>
>
> On Wed, 14 Apr 2004 08:39:37 -0500, David Stal <None@guesswhere.sk>
> wrote:
>
> >All GPOs reside at the domain level (AD Users and Computers / Domain.
> >All users are in various OUs beneath this.
> >
> >There are no links
> >Default security (authenticated users have Read and Apply Group
> >Policy). I am a domain admin and these policies are not working for me
> >either.
> >
> >Policies setup
> >Password Policies: (not currently working)
> >Computer Configuration / Windows Settings / Security Settings /
> >Account Policies / Password Policy
> >set to: 6 remembered, min age 1 day, max age 42 days, min length 8
> >characters
> >Interactive logon
rompt user to change password before expiration
> >set to: 5 days
> >
> >LogOff Script: (Working)
> >User Configuration / Windows Settings / Scripts
> >Logoff.bat
> >
> >Now I come to look at it, all the GPOs that are not working are all
> >Computer Configuration.
> >
> >Any clues what might be going on?
> >
> >Thanks
> >David
> >
> >
> >On Tue, 13 Apr 2004 15:00:03 -0700, "Derek Melber [MVP]"
> ><derekm@braincore.net> wrote:
> >
> >>What is the config of the OUs and GPOs (links, settings, etc). Also,
where
> >>do the user and computer accounts live that are in question?
> >>
> >>--
> >>Derek Melber
> >>BrainCore.Net
> >>derekm@braincore.net
> >>"David Stal" <None@guesswhere.sk> wrote in message
> >>news:b5ho70psstjkbtcnhauc86vq04pg4u7k6d@4ax.com...
> >>> Hi all
> >>> I have created 6 group polices on a DC but only 1 is being updated and
> >>> enforced on any of the workstations (XP and 2k).
> >>>
> >>> GPResult says that all 6 were applied to all the XP machine I've
> >>> checked. I have verified that all 6 are setup identically
> >>> (security/permissions etc.) other than the GP properties of course.
> >>>
> >>> One of the policies not being updated is the password restrictions
> >>> (enforce history 6 passwords, max password age 42 days, min password
> >>> age 1 day, min password length 8 chars). However, users can change
> >>> their blank password to blank as many times a day as they wish. I need
> >>> to fix this!!
> >>>
> >>> Any help will be appreciated.
> >>>
> >>> Thanks
> >>> David
> >>>
> >>
>