Group Policy Does Not Work

[monkeymafia]

Hi,

I've created a new OU called GPO_Test and placed a test user account in there.

I've created a new GPO and linked it to the GPO_test OU using group policy management. I have enabled several settings such as remove run command from start menu, disable wallpaper changes etc.
I've performed gpupdate /force from the command prompt. The XP client does not acknowledge any of the changes. why is this happening? it is doing my head in.

there are no local policies setup on the xp machine. I have not messed with the default domain policy either. please help.

 

[mmthomas]

Run gpresult.exe (command prompt) or rsop.msc (gui). These tools can help you discover if the gpo is showing as applied or filtered out for some reason. For some gpos there may also be an event log which explains why a policy didn't apply (for example an error when it tried to map a drive).

If you have multiple DCs you may also have a replication issue where the gpo is on one DC but hasn't replicated to other DCs. If the user logging on hits a DC that doesn't have the policy or has a corrupt copy of the gpo, that will cause problems, too.

 

[monkeymafia]

thanks for the reply.

I ran rsop.msc on the xp client and it comes up with "group policy error" RSoP data is invalid. Likely causes are, data is corrupt, data has been deleted or data has never been created. details: Invalid namespace".

and there are a few event errors in the event log:

EventID: 1058
Source: Userenv
Description: Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=test,DC=local. The file must be present at the location . (The network location cannot be reached. For information about network troubleshooting, see Windows Help. ). Group Policy processing aborted.

Any Ideas :/ I am running this domain environment in vmware workstation if thats effecting anything. But the client has dynamically been added to the dns server and is correctly receiving an address from DHCP etc.

 

[mmthomas]

You say that the client has been added to dns and is getting dhcp. Is it an actual member of the domain?
Can you access from the the Run line the system volume shown in the error message? (\\test.local\sysvol\...) All authenticated users should have read/execute access to that share. That error message makes it sound like you don't have permissions or some other network problem is causing the client to not be able to read the policy. Make sure you can access the entire path shown in the error.

Another possibility is that you have added a security filter to your gpo that is preventing access to the gpo to the user. You would see that in the gpmc console.