[gptalk] Re: Group Policy Error
- From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Wed, 13 Feb 2008 07:55:15 -0800
Well the default is that its enabled and running so you shouldn't need to do
anything explicitly. Some shops get serious about hardening their systems,
which can include disabling services. You could use GP to ensure its always
set to automatic, but if an administrator comes along and disables it, then
its not going to get that next GP processing event to tell it to go back to
automatic (chicken, meet egg), so I only point it out here as a possible
troubleshooting step.
Darren
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Salandra, Justin
Sent: Wednesday, February 13, 2008 7:48 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Group Policy Error
So it should be enabled and running at all times? Would you suggest that
something like this be defined within a group policy to ensure that if it is
every stopped and disabled that the group policy would re-enable that?
Justin A. Salandra
Network Engineer
Transatlantic Reinsurance Co.
80 Pine Street
7th Floor
New York, NY 10005
P: 212.770.2157
C: 917.455.0110
jsalandra@xxxxxxxxxxx
_____
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Darren Mar-Elia
Sent: Wednesday, February 13, 2008 10:36 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Group Policy Error
Sorry, I meant that the service is required for successful GP processing. In
other words, it must be running. Basically it's the thing that deals with
converting a DFS share (i.e. SYSVOL) into something that Windows understands
(i.e. a UNC)
Darren
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Salandra, Justin
Sent: Wednesday, February 13, 2008 5:46 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Group Policy Error
Can you elaborate on
-- Disabled TCP/IP Netbios helper service (required for GP)
What do you mean by this?
Why is disabling that service required for GP? What is it that that service
does?
Justin A. Salandra
Network Engineer
Transatlantic Reinsurance Co.
80 Pine Street
7th Floor
New York, NY 10005
P: 212.770.2157
C: 917.455.0110
jsalandra@xxxxxxxxxxx
_____
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Darren Mar-Elia
Sent: Tuesday, February 12, 2008 10:52 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Group Policy Error
James-
Quick question-is this impacting both per-computer and per-user policy or
just per-computer? There's a bunch of reasons for those errors. All of them
come down to the workstation being unable to read the contents of AD or
SYSVOL related to the GPO. Since you say you've eliminated DNS as the
problem, here are a couple of other reasons.
-- Disabled TCP/IP Netbios helper service (required for GP)
-- Failed SYSVOL replication on the DC where the client is grabbing policy
(run GPOTool.exe to see if this is an issue)
-- Permissions are tweaked on SYSVOL part of GPO such that computer or user
does not have perms. To read them.
Those are starting points. Let us know if none of those show up and we can
go from there.
Darren
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Camacho, James
Sent: Tuesday, February 12, 2008 6:27 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Group Policy Error
Good mourning,
I am new to this mailing list and would like to ask
your help on a problem I have been having with Group Policies, I have
searched the internet but none of the results have helped. First I have two
domain controllers running 2003 R2 and all XP2 workstation on a single
domain with dell workstations 650&670 (this is a classified network so there
is no outside connectivity). All of the workstation are logging the same
error (userenv 1030 Windows cannot query for the list of Group Policy
objects. A message that describes the reason for this was previously logged
by the policy engine.) It makes no difference if I log on as a user or an
administrator the error is still generated. I have run netdiag, dcdiag with
no errors. I have also enabled the userenv log and have found the following
errors (USERENV(2d8.150) 08:05:38:720 ProcessGPOs: GetGPOInfo failed). I
have run Group Policy results wizard and these are the results (see
attached). I have tried updating the Ethernet drivers to no avail.
It seems like a problem with permissions or maybe DNS, but the permissions
seem to me to be correct and there are no errors within DNS which is AD
integrated, can any see anything that I am missing or have not looked for.
Thank You
Jim
"IMPORTANT NOTICE: The information in this email
(and any attachments hereto) is confidential and may be
protected by legal privileges and work product immunities.
If you are not the intended recipient, you must not use or
disseminate the information. Receipt by anyone other than the
intended recipient is not a waiver of any attorney-client or work
product privilege. If you have received this email in error, please
immediately notify me by "Reply" command and permanently
delete the original and any copies or printouts thereof. Although
this email and any attachments are believed to be free of any virus
or other defect that might affect any computer system into which it
is received and opened, it is the responsibility of the recipient to
insure that it is virus free and no responsibility is accepted by
Transatlantic Reinsurance Company or its subsidiaries or affiliates
either jointly or severally, for any loss or damage arising in any way
from its use."
"IMPORTANT NOTICE: The information in this email
(and any attachments hereto) is confidential and may be
protected by legal privileges and work product immunities.
If you are not the intended recipient, you must not use or
disseminate the information. Receipt by anyone other than the
intended recipient is not a waiver of any attorney-client or work
product privilege. If you have received this email in error, please
immediately notify me by "Reply" command and permanently
delete the original and any copies or printouts thereof. Although
this email and any attachments are believed to be free of any virus
or other defect that might affect any computer system into which it
is received and opened, it is the responsibility of the recipient to
insure that it is virus free and no responsibility is accepted by
Transatlantic Reinsurance Company or its subsidiaries or affiliates
either jointly or severally, for any loss or damage arising in any way
from its use."
Other related posts:
