Ping is required from the client to the DC on every version of Windows prior to Vista/2008, but blocking inbound ping on the client should not affect GP. But in any case it sounds like the guests are getting pre-computer policy fine? Or are all policies failing? From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathan Finkbiner Sent: Thursday, July 31, 2008 4:46 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: User policy on a VMWare instance One issue I have had managing VMware devices on my developers' computers, is that they enable the firewalls prior to joining the domain. The Windows Sp2 firewall prevented ping on my 2003 domain which caused UserEnv errors (as Alan mentioned). I believe if you are running a 2003 domain with Xp machines ping is the primary vehicle used to get computers to process GPO. Can you ping the individual VMware GuestOS's? Also, how is the network setup for the VMware Guest OS's? Are the players using a bridged mode? Or are they sharing the internet connection with the host operating system? If the ip address of the GuestOS is the same as the host device it may cause a conflict. Jonathan Finkbiner _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Alan & Margaret Sent: Wednesday, July 30, 2008 7:29 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: User policy on a VMWare instance Hi Mary, Assuming you are using then same Userid on your physical and virtual machine, and policy processing is working, the only way you can get different user settings is if you have activated Loopback processing with a value of replace. In this case, the user will get the settings that would apply if they were a member of the machines OU. If this is not the case, I would check the event log to see if there are any errors, otherwise, activate logging (refer http://support.microsoft.com/kb/221833 ) and get a detailed UserEnv log to get a full report. If you need a hand interpreting the log, post it and we can check it out. Alan Cuthbertson Policy Management Software (Now with ADMX and Preference support):- http://www.sysprosoft.com/index.php?ref=activedir <http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml> &f=pol_summary.shtml ADM Template Editor(Now with ADMX support):- http://www.sysprosoft.com/index.php?ref=activedir <http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml> &f=adm_summary.shtml Policy Log Reporter(Free) http://www.sysprosoft.com/index.php?ref=activedir <http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml> &f=policyreporter.shtml _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia Sent: Thursday, 31 July 2008 5:41 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: User policy on a VMWare instance Mary- If you are not seeing them in RSOP then it kinda sounds like they are linked in the wrong place but it sounds like you're saying the very same user ids that they log into physical desktops with are being used on these VMs? What kinds of per-user settings are you applying? Darren From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Winter.Mary Sent: Wednesday, July 30, 2008 12:34 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] User policy on a VMWare instance Hello List, I have a developers group running a VMWare instance with the free version of VMPlayer. It is Xpsp2 with Visual Studio 2008 installed. They are joined to the domain and in an OU created for them. I created and linked some computer policies and need the user policies from the main corporate users OU to apply. When my tester does a gpresult inside the instance I can see that none of the corporate users' policies get applied. They aren't even listed under "The following GPOs were not applied because they were filtered out". However, when he does a gpresult on the PC that is hosting the instance they are applied successfully. There are no special user settings for these people logging into these instances. All user GPOs that apply to the regular workstation should also apply to the users logging into the instances. I can't see what I am missing. Thanks in advance for any help provided. Mary Collingwood Winter We Energies - IT Services Client Device Integration