[gptalk] Re: User policy on a VMWare instance

  • From: "Jonathan Finkbiner" <JFinkbiner@xxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Thu, 31 Jul 2008 07:46:24 -0400

One issue I have had managing VMware devices on my developers'
computers, is that they enable the firewalls prior to joining the
domain. The Windows Sp2 firewall prevented ping on my 2003 domain which
caused UserEnv errors (as Alan mentioned). I believe if you are running
a 2003 domain with Xp machines ping is the primary vehicle used to get
computers to process GPO. Can you ping the individual VMware GuestOS's?


Also, how is the network setup for the VMware Guest OS's? Are the
players using a bridged mode? Or are they sharing the internet
connection with the host operating system? If the ip address of the
GuestOS is the same as the host device it may cause a conflict. 


Jonathan Finkbiner 


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Alan & Margaret
Sent: Wednesday, July 30, 2008 7:29 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: User policy on a VMWare instance


Hi Mary,


Assuming you are using then same Userid on your physical and virtual
machine, and policy processing is working, the only way you can get
different user settings is if you have activated Loopback processing
with a value of replace. In this case, the user will get the settings
that would apply if they were a member of the machines OU.


If this is not the case, I would check the event log to see if there are
any errors, otherwise, activate logging (refer
http://support.microsoft.com/kb/221833  ) and get a detailed UserEnv log
to get a full report. If you need a hand interpreting the log, post it
and we can check it out.


Alan Cuthbertson



 Policy Management Software (Now with ADMX and Preference support):-



ADM Template Editor(Now with ADMX support):-



Policy Log Reporter(Free)






From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Thursday, 31 July 2008 5:41 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: User policy on a VMWare instance



If you are not seeing them in RSOP then it kinda sounds like they are
linked in the wrong place but it sounds like you're saying the very same
user ids that they log into physical desktops with are being used on
these VMs? What kinds of per-user settings are you applying?



From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Winter.Mary
Sent: Wednesday, July 30, 2008 12:34 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] User policy on a VMWare instance


Hello List,

I have a developers group running a VMWare instance with the free
version of VMPlayer.  It is Xpsp2 with Visual Studio 2008 installed.
They are joined to the domain and in an OU created for them.  I created
and linked some computer policies and need the user policies from the
main corporate users OU to apply.  When my tester does a gpresult inside
the instance I can see that none of the corporate users' policies get
applied.  They aren't even listed under "The following GPOs were not
applied because they were filtered out".  However, when he does a
gpresult on the PC that is hosting the instance they are applied
successfully.  There are no special user settings for these people
logging into these instances.  All user GPOs that apply to the regular
workstation should also apply to the users logging into the instances.
I can't see what I am missing.  Thanks in advance for any help provided.

Mary Collingwood Winter

We Energies - IT Services

Client Device Integration

Other related posts: