I narrowed down the problem to the all users profile. Heres the output from the userenv log. Well, the bit I was interested in anyway... USERENV(154.67c) 10:43:58:179 ProcessGPOs: Processing extension Registry USERENV(154.67c) 10:43:58:179 CompareGPOLists: One list is empty USERENV(154.67c) 10:43:58:179 ProcessGPOList: Entering for extension Registry USERENV(154.67c) 10:43:58:179 ResetPolicies: Entering. USERENV(154.67c) 10:43:58:179 ParseRegistryFile: Entering with <C:\Documents and Settings\All Users\ntuser.pol>. USERENV(154.67c) 10:43:58:179 ParseRegistryFile: Leaving. USERENV(154.67c) 10:43:58:179 ResetPolicies: Leaving. USERENV(154.67c) 10:43:58:179 ProcessGPORegistryPolicy: Failed to create archive file with 5 USERENV(154.67c) 10:43:58:179 ProcessGPOList: ProcessGPORegistryPolicy failed. USERENV(154.67c) 10:43:58:179 ProcessGPOs: Extension Registry ProcessGroupPolicy failed, status 0x80004005. Resetting permissions for "%systemdrive%\documents and settings" fixed the problem. Its one to watch for as I have seen this on 2000 and 2003 before, especially if you are restricting all users profile in any way. Thanks, Anthony. _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Anthony Green Sent: 15 July 2004 07:18 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Group Policies not applying Drive permissions are everyone full control. I can reboot the server as many times as I like but unless I reset the permissions the server does not get the policy. I will go over the usual gp troubleshooting stuff just to make 100% sure Im not missing anything obvious. I can check the loopback reg entry you mentioned as well and post the results. Thanks for your help, Anthony. _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jeff Durbin Sent: 15 July 2004 00:35 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Group Policies not applying Are you sure the file permissions are actually relevant? Maybe it's the reboot that you do after resetting the file permissions. So, your file permissions at the root of the system drive are Everyone = Full Control? And you propogate that change through the whole drive, then reboot, and then you get the policy? Try the reboot without setting the file permissions. When you're NOT getting the policy, have you tried going through the standard GP troubleshooting? See: http://www.microsoft.com/windows2000/techinfo/howitworks/management/gptshoot .asp There are also some MS KB's that talk about troubleshooting group policy application. Another thing you might do when the policy isn't working is look at the registry value that loopback processing sets just to make sure it's there. If it's not, then you know the machine isn't getting the machine policy at boot and will explain why you're not getting the user settings. The value is at: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\System\UserPolicyMode. It should be set to 1 or 2 depending on whether you're doing replace or merge. _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Anthony Green Sent: Thursday, 15 July 2004 10:51 a.m. To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Group Policies not applying I know, wierd isnt it. Goto properties of root drive->security->advanced->and tick replace permissions on child objects... Believe it or not this fixes the problem. FYI - The GPO is linked to a Citrix Servers OU with loopback enabled. Authenticated Users have "read" and "apply policy". The policy is enabled, and no override is set. _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jeff Durbin Sent: 14 July 2004 23:30 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Group Policies not applying File permissions shouldn't have anything to do with receiving policy from AD (unless you're changing file permissions on the SYSVOL share, which could). Could you be more specific about the file permissions you're applying? Also, what container is the GPO linked to and what's the security on the GPO itself? _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Anthony Green Sent: Thursday, 15 July 2004 10:22 a.m. To: thin@xxxxxxxxxxxxx Subject: [THIN] Group Policies not applying Have had this a couple of times now and havent found out why the problem is occuring. Server has local 2000 policy that applies everytime. The policy that is set up in AD is not applying. To fix this I have to reset permissions and allow inheritable on the system drive and the AD policy will then start applying after I do a reboot. Anyone know why this is happening and give me a better fix for this? Thanks, Anthony.