GPO do not descend
coolhead6
Posted messages
13
Status
Membre
-
BobbyJoe -
BobbyJoe -
Hello,
I've been using GPOs on the network for quite some time now and it works very well.
For example: no regedit and cmd for regular users.
For a few days now, I've been testing an optimized ISO version of XP with SP2, .....
and on this version, my GPOs are not applying.
Could a service, a registry key, or a local security policy be blocking the application of GPOs coming from a domain controller?
GPRESULT => the user "DOMAINE\user" has no RSoP data
Yet the machine seems to be in the domain.
My DNS configuration is correct.
I've checked all these elements.
Moreover, I haven't changed anything on the server.
I've just overwritten the XP of one of my machines to install a Lite XP.
I configured it as usual and my network tests like connecting to a shared directory on the file server, ... are going as before.
I'm using an account "DOMAINE\user" that I used before and that I still use on other computers. => No problems. My policies are working well, blocking for example regedit, cmd, access to internet options, network drive mapping, hiding the C: drive, ...
What does it mean: the user "DOMAINE\user" has no RSoP data?
How can I resolve this knowing that I haven't changed anything in the AD and that I repeat, this works on other computers.
Thanks @ all
I've been using GPOs on the network for quite some time now and it works very well.
For example: no regedit and cmd for regular users.
For a few days now, I've been testing an optimized ISO version of XP with SP2, .....
and on this version, my GPOs are not applying.
Could a service, a registry key, or a local security policy be blocking the application of GPOs coming from a domain controller?
GPRESULT => the user "DOMAINE\user" has no RSoP data
Yet the machine seems to be in the domain.
My DNS configuration is correct.
I've checked all these elements.
Moreover, I haven't changed anything on the server.
I've just overwritten the XP of one of my machines to install a Lite XP.
I configured it as usual and my network tests like connecting to a shared directory on the file server, ... are going as before.
I'm using an account "DOMAINE\user" that I used before and that I still use on other computers. => No problems. My policies are working well, blocking for example regedit, cmd, access to internet options, network drive mapping, hiding the C: drive, ...
What does it mean: the user "DOMAINE\user" has no RSoP data?
How can I resolve this knowing that I haven't changed anything in the AD and that I repeat, this works on other computers.
Thanks @ all
3 réponses
I had exactly the same problem. I found the answer on the Microsoft site:
"Check the DNS settings and network properties on the servers and client computers.
2. Check the SMB signature settings on the client computers.
3. Ensure that the TCP/IP NetBIOS Helper service, the Net Logon service, and the Remote Procedure Call (RPC) service are started on all computers.
4. Ensure that the DFS file system is enabled on all computers.
5. Check the contents and permissions of the Sysvol folder.
6. Make sure that the Bypass Traverse Checking right is granted to the required groups.
7. Ensure that the domain controllers are not in a log loop state.
8. Run the command dfsutil /purgemupcache. "
https://docs.microsoft.com/en-us/troubleshoot/windows-server/group-policy/userenv-errors-occur-events-are-logged
"Check the DNS settings and network properties on the servers and client computers.
2. Check the SMB signature settings on the client computers.
3. Ensure that the TCP/IP NetBIOS Helper service, the Net Logon service, and the Remote Procedure Call (RPC) service are started on all computers.
4. Ensure that the DFS file system is enabled on all computers.
5. Check the contents and permissions of the Sysvol folder.
6. Make sure that the Bypass Traverse Checking right is granted to the required groups.
7. Ensure that the domain controllers are not in a log loop state.
8. Run the command dfsutil /purgemupcache. "
https://docs.microsoft.com/en-us/troubleshoot/windows-server/group-policy/userenv-errors-occur-events-are-logged