[gptalk] Re: User policy on a VMWare instance

  • From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Thu, 31 Jul 2008 06:43:56 -0700

Ping is required from the client to the DC on every version of Windows prior
to Vista/2008, but blocking inbound ping on the client should not affect GP.
But in any case it sounds like the guests are getting pre-computer policy
fine? Or are all policies failing?


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Jonathan Finkbiner
Sent: Thursday, July 31, 2008 4:46 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: User policy on a VMWare instance


One issue I have had managing VMware devices on my developers' computers, is
that they enable the firewalls prior to joining the domain. The Windows Sp2
firewall prevented ping on my 2003 domain which caused UserEnv errors (as
Alan mentioned). I believe if you are running a 2003 domain with Xp machines
ping is the primary vehicle used to get computers to process GPO. Can you
ping the individual VMware GuestOS's?


Also, how is the network setup for the VMware Guest OS's? Are the players
using a bridged mode? Or are they sharing the internet connection with the
host operating system? If the ip address of the GuestOS is the same as the
host device it may cause a conflict. 


Jonathan Finkbiner 


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Alan & Margaret
Sent: Wednesday, July 30, 2008 7:29 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: User policy on a VMWare instance


Hi Mary,


Assuming you are using then same Userid on your physical and virtual
machine, and policy processing is working, the only way you can get
different user settings is if you have activated Loopback processing with a
value of replace. In this case, the user will get the settings that would
apply if they were a member of the machines OU.


If this is not the case, I would check the event log to see if there are any
errors, otherwise, activate logging (refer
http://support.microsoft.com/kb/221833  ) and get a detailed UserEnv log to
get a full report. If you need a hand interpreting the log, post it and we
can check it out.


Alan Cuthbertson



 Policy Management Software (Now with ADMX and Preference support):-



ADM Template Editor(Now with ADMX support):-



Policy Log Reporter(Free)






From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Darren Mar-Elia
Sent: Thursday, 31 July 2008 5:41 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: User policy on a VMWare instance



If you are not seeing them in RSOP then it kinda sounds like they are linked
in the wrong place but it sounds like you're saying the very same user ids
that they log into physical desktops with are being used on these VMs? What
kinds of per-user settings are you applying?



From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Winter.Mary
Sent: Wednesday, July 30, 2008 12:34 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] User policy on a VMWare instance


Hello List,

I have a developers group running a VMWare instance with the free version of
VMPlayer.  It is Xpsp2 with Visual Studio 2008 installed.  They are joined
to the domain and in an OU created for them.  I created and linked some
computer policies and need the user policies from the main corporate users
OU to apply.  When my tester does a gpresult inside the instance I can see
that none of the corporate users' policies get applied.  They aren't even
listed under "The following GPOs were not applied because they were filtered
out".  However, when he does a gpresult on the PC that is hosting the
instance they are applied successfully.  There are no special user settings
for these people logging into these instances.  All user GPOs that apply to
the regular workstation should also apply to the users logging into the
instances.  I can't see what I am missing.  Thanks in advance for any help

Mary Collingwood Winter

We Energies - IT Services

Client Device Integration

Other related posts: