D
Derek
Guest
I having a strange issue with users of one of my OUs. At first I thought
this was a GP issue, but it appears to be a permissions issue of some kind.
One particular department is having an issue, the users can log into the
Terminal Servers, the desktop shortcuts that I setup are there, but their
desktop are grey, not green and they cannot making any display settings
changes.
Here is what I have setup, 2003 AD with about 8 OUs, Terminal Services
Profiles located on a share on my DC, path set via AD user account,
permissions on the profiles are set to User, System, and Domain Admins have
Full permissions. I have GP settings for WSUS, IE (set home page and Pop
Blocker allowed sites), and a logon script that maps drives.
Users from other OUs work without any issue. I have used GPUpdate, and
GPResult. The only difference between GPResult output between a good user
and a broken user are the GP applied from and last time GP applied. Working
users will show the DC and the time, broken user will have N/A. I know when
a user will fail if I get the message "could not connect to all network
drives". I have created a completely new OU, GP, and checked permissions on
the TS servers and via AD. I downloaded and installed Group Policy
Management tool from MS. It confirms that everything is fine with GPs,
settings are just not being applied. Moving Users to another OU does not fix
them, but moving Users from other OUs to OU "X" does not break them, the
still work fine.
I have checked everything that I can think of, and have read to try, I don't
have much more hair to pull out. I know something happened when I setup the
AD users, but since I setup all users/OUs at the same time and the same way I
dont know what happened. Anyone have any idea what the issue is?
this was a GP issue, but it appears to be a permissions issue of some kind.
One particular department is having an issue, the users can log into the
Terminal Servers, the desktop shortcuts that I setup are there, but their
desktop are grey, not green and they cannot making any display settings
changes.
Here is what I have setup, 2003 AD with about 8 OUs, Terminal Services
Profiles located on a share on my DC, path set via AD user account,
permissions on the profiles are set to User, System, and Domain Admins have
Full permissions. I have GP settings for WSUS, IE (set home page and Pop
Blocker allowed sites), and a logon script that maps drives.
Users from other OUs work without any issue. I have used GPUpdate, and
GPResult. The only difference between GPResult output between a good user
and a broken user are the GP applied from and last time GP applied. Working
users will show the DC and the time, broken user will have N/A. I know when
a user will fail if I get the message "could not connect to all network
drives". I have created a completely new OU, GP, and checked permissions on
the TS servers and via AD. I downloaded and installed Group Policy
Management tool from MS. It confirms that everything is fine with GPs,
settings are just not being applied. Moving Users to another OU does not fix
them, but moving Users from other OUs to OU "X" does not break them, the
still work fine.
I have checked everything that I can think of, and have read to try, I don't
have much more hair to pull out. I know something happened when I setup the
AD users, but since I setup all users/OUs at the same time and the same way I
dont know what happened. Anyone have any idea what the issue is?