Hello, I work for a school district with roughly 700 Computers and 2,000 Users. Running Windows Server 2003. I have successfully made a "lockout" group policy where the OU "students" basically have no rights and are only able to type papers and get on the internet, exactly what I want. In the OU I have 3 test usernames "red, blue, and green" and we will call the computers I tested on C1,C2,C3,and C4. I applied the GP a few days ago and figured by now it should have applied to everyone, so I went testing. I tried C1 "blue"=success went to the next C2 "green"= unsuccessful. So I did C3 "red"=Success. C2 "red"=success. C1 "green"=success. As you can see these results are completely random. We also have two DNS servers main is 10.2.1.3 the second is 10.2.1.16. Both are running DHCP. I thought mybe the script hadn't copied over to the second yet and maybe depending on which server the computer was running off of was the problem. I ran ipconfig/all on all test computers and they all pointed back to 10.2.1.3. Any suggestions would be most helpful, Thank you, Jared

I'm not the most experienced person on this forum but thought I'd suggest a couple things. Do you have the Group Policy Management MMC loaded on your workstation? Try the Group Policy Results wizard; right click on Group Policy Results. That might help you narrow down the problem. Also, don't forget you can run gpupdate /force on a workstation to force GP updates. The big question that others will ask is; what are you trying to accomplish with your GPO's? On the one hand you talk about a GP then you mention a script? Which is it?

First try what John suggests as far as manually updating locally. Once you know your new GP settings work, then you can refresh them regularly. You can enable background refresh of GP under the following in GP: Policies | Administrative Templates | System | Group Policy Group Policy : Refresh For Computers You can set a refresh time in minutes... Does wonders for those that may try to "improve" on your settings. (You may need to locally refresh once again, but after that the local machine should apply and refresh regularly)

Okay, I meant Group policy not script first of all thank you for pointing that out and sorry for any confusion. I tried the gpupdate in command prompt it says it refreshed the policy. I then logged out logged back in nothing happened. Call me crazy but I think this may have something to do with .netframework. Here is my reasong: I tried to install the GroupPolicyManagemet MMC on the computers that were not working at the time. After the download but before the install finished an error popped up telling me I had to install .netframework 1. I looked on the control panel I have all the way to 3.5 installed. So I went ahead and reinstalled them all and the same error popped up. Only when they are not working properly though. Do you think that maybe for some reason the computers aren't running .netframerwork and that is what messes up the GP from applying? Any thoughts? Thanks for the help thus far, Jared

Hello, GPMC must not be installed on the client machines only on an admin workstation where you configure GPOs from. On the workstations make sure the GPOs are applied correct with rsop.msc and gpresult /v (/z for highly detailed output) logged on as a user. Additional you have to assure that the computers and users are located inside the OU where the GPOs are linked to. Another important part is DNS, configure all domain machines to use ONLY the domain DNS servers on the NIC and NONE else, like your ISPs one.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Okay, I meant Group policy not script first of all thank you for pointing that out and sorry for any confusion. I tried the gpupdate in command prompt it says it refreshed the policy. I then logged out logged back in nothing happened. Call me crazy but I think this may have something to do with .netframework. Here is my reasong: I tried to install the GroupPolicyManagemet MMC on the computers that were not working at the time. Yes, as Meinolf said, don't intall GPMC on the user's computers, install it on your computer. Use it to determine if the GPO is being applied. You'll have to go through the wizard, as I mentioned. Doesn't sound like you've tried that yet. It's a troubleshooting tool - the wizard - not a solution to the workstation's issue with the GPO's. It will tell you what GPOs are being applied, to the computer or user you specify in the wizard.

Heres the thing. I used GPMC to deploy my policy. Yes it IS setup in the right OU. The users ARE having the policy apply to their username. The only problem is sometimes when they log in it doesn't apply. Other times it does work. So it cant be that its not linked right because it is and it works. Ive noticed that sometimes not everything is working only somethings. For Example, It will disable cmd, and the control panel, even hide the C: But it wont change the desktop to the blue background like the rest. I tried using GP result but as mentioned I disabled CMD under this user, so I tried it under "run" and it scrolls through it to fast. I tried running rsop.msc but it gave me some error. Thanks, Jared

I finally experienced a log-in where the group policy applied and i was able to run command prompt. NO GroupPolicys were placed in effect that I noticed. So I ran gpupdate /force. It said the Gp was updated successfully. Then I ran gpresult /v and it said INFO: The policy object does not exist

Hello, please post an unedited ipconfig /all from the DC/DNS server and a machine with problems.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

How can I upload a print screen for you.. I don't see an upload option in these forums.

I finally experienced a log-in where the group policy applied and i was able to run command prompt. NO GroupPolicys were placed in effect that I noticed. So I ran gpupdate /force. It said the Gp was updated successfully. Then I ran gpresult /v and it said INFO: The policy object does not exist OK... Lets back up. 1. On what machine are you SETTING the group policy? Your domain controller(s) or the work station(s)? 2. Are you setting the GP on a specific organizational unit, or individual machines? 3. If by OU are all the machines currently in that OU and have they been rebooted since you joined them to the OU? 4. Does your workstations really know what the domain controllers are? 5. If more than one Domain Controller, is replication working?

Setting it on the workstations specific OU.. Yes they have been rebooted several times Yes its the DHCP server as well replication is working Today I was on a machine where the Group Policy did not go into effect. I ran a gpupdate /force and here is the error. http://whs.winfield.k12.mo.us/uimg/image/1298974346206/1281197280018/1298974346211_w900.jpg

Setting it on the workstations specific OU.. Yes they have been rebooted several times Yes its the DHCP server as well replication is working

How can I upload a print screen for you.. I don't see an upload option in these forums. Hello, you can copy the output from the command prompt here, rightclick and choose "Select all". For other options use Windows Sky drive with open access and add the link here after uploading the files.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Setting it on the workstations Why not set it on the Domain Controller? Last time i checked this is the preferred method. specific OU.. And have you verified, on the Domain Controller, that these workstations are included in that OU? Yes they have been rebooted several times Yes its the DHCP server as well replication is working Good... Today I was on a machine where the Group Policy did not go into effect. I ran a gpupdate /force and here is the error.