Here is some important looking info. Something about not being able to access *gpt.ini*? My machine is set to obtain DNS settings automatically and the main DNS server that it pulls is the DC that it is connected to and that I am distributing the GPO from. Does that sound right? USERENV(3a4.5f4) 13:03:26:140 ProcessGPO: Searching <cn={9D2717BD-EFFF-47C9-947D-51D72B010F52},cn=policies,cn=system,DC=veredus,DC=local> USERENV(3a4.5f4) 13:03:26:140 ProcessGPO: Machine has access to this GPO. USERENV(3a4.5f4) 13:03:26:140 ProcessGPO: GPO passes the filter check. USERENV(3a4.5f4) 13:03:26:140 ProcessGPO: Found functionality version of: 2 USERENV(3a4.5f4) 13:03:26:140 ProcessGPO: Found file system path of: < \\veredus.local\SysVol\veredus.local\Policies\{9D2717BD-EFFF-47C9-947D-51D72B010F52<file://veredus.local/SysVol/veredus.local/Policies/%7B9D2717BD-EFFF-47C9-947D-51D72B010F52> }> USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: Found common name of: <{9D2717BD-EFFF-47C9-947D-51D72B010F52}> USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: Found display name of: <Veredus Policies> USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: Found machine version of: GPC is 38, GPT is 38 USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: Found flags of: 0 USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: Found extensions: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}] USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: ============================== USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: ============================== USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: Searching <CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=veredus,DC=local> USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: Machine has access to this GPO. USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: GPO passes the filter check. USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: Found functionality version of: 2 USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: Found file system path of: < \\veredus.local\sysvol\veredus.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9<file://veredus.local/sysvol/veredus.local/Policies/%7B31B2F340-016D-11D2-945F-00C04FB984F9> }> USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: Found common name of: <{31B2F340-016D-11D2-945F-00C04FB984F9}> USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: Found display name of: <Default Domain Policy> USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: Found machine version of: GPC is 59, GPT is 59 USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: Found flags of: 0 USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: Found extensions: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}] USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: ============================== USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: ============================== USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: Searching <cn={B508112F-C7AE-4198-823C-647238494475},cn=policies,cn=system,DC=veredus,DC=local> USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: Machine has access to this GPO. USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: GPO passes the filter check. USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: Found functionality version of: 2 USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: Found file system path of: < \\veredus.local\SysVol\veredus.local\Policies\{B508112F-C7AE-4198-823C-647238494475<file://veredus.local/SysVol/veredus.local/Policies/%7BB508112F-C7AE-4198-823C-647238494475> }> USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: Found common name of: <{B508112F-C7AE-4198-823C-647238494475}> USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: Found display name of: <OPACK> USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: Found machine version of: GPC is 3, GPT is 3 USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: Found flags of: 0 USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: Found extensions: [{C6DC5466-785A-11D2-84D0-00C04FB169F7}{942A8E4F-A261-11D1-A760-00C04FB9603F}] USERENV(3a4.5f4) 13:03:26:156 ProcessGPO: ============================== USERENV(3a4.5f4) 13:03:26:156 GetGPOInfo: Local GPO's gpt.ini is not accessible, assuming default state. USERENV(3a4.5f4) 13:03:26:156 GetGPOInfo: Leaving with 1 USERENV(3a4.5f4) 13:03:26:156 GetGPOInfo: ******************************** USERENV(3a4.5f4) 13:03:26:171 ProcessGPOs: Logging Data for Target <LENOVO-399A95C7>. USERENV(3a4.5f4) 13:03:26:171 ProcessGPOs: OpenThreadToken failed with error 1008, assuming thread is not impersonating On Tue, Jul 15, 2008 at 2:18 PM, Darren Mar-Elia <darren@xxxxxxxxxx> wrote: > More than event log events. It shows a detailed trace of GP processing. > > > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Bobby Benninger > *Sent:* Tuesday, July 15, 2008 11:13 AM > > *To:* gptalk@xxxxxxxxxxxxx > *Subject:* [gptalk] Re: Symantec prevents GPO from applying > > > > Does verbose logging main show all records in Event Viewer or something > else? > > On Tue, Jul 15, 2008 at 12:56 PM, Darren Mar-Elia <darren@xxxxxxxxxx> > wrote: > > That is usually a DNS issue, where the client is not finding the DC. I > would enable verbose userenv logging and see if any errors show up in there > at the beginning of the processing cycle. > > > Darren > > > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Bobby Benninger > *Sent:* Tuesday, July 15, 2008 9:52 AM > > > *To:* gptalk@xxxxxxxxxxxxx > *Subject:* [gptalk] Re: Symantec prevents GPO from applying > > > > it is just A/V. I was getting this in event viewer: > > > > Windows cannot query for the list of Group Policy objects. A message that > describes the reason for this was previously logged by the policy engine. > > > > Then if I remove Symantec that message goes away and the GPO applies. > > On Tue, Jul 15, 2008 at 12:09 PM, Nelson, Jamie <Jamie.Nelson@xxxxxxx> > wrote: > > Yeah, I ran Symantec A/V Corporate edition for many, many years at a > previous job and never had any trouble. Are you sure you're not using the > full client security suite (which includes a firewall)? Just the A/V client > by itself should not be causing any problems. > > > ------------------------------ > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On > Behalf Of *William Curley > *Sent:* Tuesday, July 15, 2008 10:39 AM > *To:* gptalk@xxxxxxxxxxxxx > *Subject:* [gptalk] Re: Symantec prevents GPO from applying > > > > I run Symantec at my company and have numerous GPOs setup that all work > flawlessly. Can you provide some more detail as to why you think Symantec is > blocking them from being applied? > > > > > > William Curley > > ESRI, System Administrator > > 909-793-2853 x4949 > > wcurley@xxxxxxxx > > > > > > > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Bobby Benninger > *Sent:* Tuesday, July 15, 2008 8:35 AM > *To:* gptalk@xxxxxxxxxxxxx > *Subject:* [gptalk] Symantec prevents GPO from applying > > > > My GPO's won't apply unless I remove Symantec A/V Corp Edition from the > local PC. This stinks since all PC's on my domain run this and are affected > the same way. > > > > Has anyone here ever dealt with something similar? > > > > > > > > thanks, > > Bob > * > ------------------------------ > * > > *Confidentiality Warning:* This message and any attachments are intended > only for the use of the intended recipient(s), are confidential, and may be > privileged. If you are not the intended recipient, you are hereby notified > that any review, retransmission, conversion to hard copy, copying, > circulation or other use of all or any portion of this message and any > attachments is strictly prohibited. If you are not the intended recipient, > please notify the sender immediately by return e-mail, and delete this > message and any attachments from your system. > > > > >