[THIN] Re: Interesting GPO problem.

  • From: "Chris Lynch" <lynch00@xxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Mon, 23 Dec 2002 10:53:01 -0800

Jim,

I have looked at this, and this is not configured.  In fact, there are
no local GPO's configured in either the Computer or User Configuration
containers.  Thanks for the idea.

I will look into the permissions further.  Anyone else?

Thanks,

Chris

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Hathaway
Sent: Monday, December 23, 2002 10:23 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Interesting GPO problem.



Chris,=20

Try this on each of your TS servers.=20

Go to Run, type MMC. From the MMC console, select console, add / remove
snap-in. Select Add, select 'group policy' choose the default of 'local
computer', select finish, then close all other option pages to get back
to the MMC.=20

From the local machine policy snap in, select 'computer configuration',
administrative templates, system, group policy. Select your 'user group
policy processing mode, to 'replace'. Once this is done, close out the
MMC, go to a command line and type the following:

secedit /refreshpolicy Machine_Policy /enforce

Then try having users log-in.

Essentially, this process forces the loopback processing mode on the
local machine, which then allows the AD policies to apply properly.=20

If you still have problems, I would re-evaluate the permissions on the
policies you've placed on the OU.=20

HTH

J=20

-----Original Message-----
From: Chris Lynch [mailto:lynch00@xxxxxxx]=20
Sent: Monday, December 23, 2002 10:12 AM
To: TheThin. net
Cc: clynch@xxxxxxxxxxxxxxxxxxx; jdurbin@xxxxxxxxxxxxxxxxxxx
Subject: [THIN] Interesting GPO problem.


I have come across a weird problem that I was hoping someone has seen
before.  Basically, I have upgraded a clients domain from NT4 to Windows
2000 Active Directory.  There were legacy NT 4 Policies that were being
applied to the Windows 2000 MF Xpe servers.  They are running SP2, and
FR1 at the moment.

Basically what is going on is the NT 4 policies stopped working after
the upgrade.  They were custom made ADM files, and were specified within
the registry on the Terminal Servers were to get the NT 4 policies.
After the upgrade, they did stop working, but not a big deal.  We have
some template GPO's we just put in place.

Now, the problem is that with Loopback Processing Mode turned on in ALL
of the GPO's, they will not apply either.  When examining the GPO's INI
files, we found the reg key were Loopback Processing mode is turned on.
It's location is HKLM\Software\Policies\Microsoft\Windows\System.  This
System key is supposed to be there with a value called "UserPolicyMode"
(REG_DWORD) with a value of 0x2 specified.  This key and value doesn't
exist.  When we manually put this key in, and have the user log off then
back on, the GPO's apply.  We copied this key to all of the MF servers,
and now on some of them this key is no longer there and causing GPO
problems.  I have run the GPOTOOL with the verbose switch, and had it
check both of their Windows 2000 DC's for any GPO errors, and it came
back clean.

Now, there are no other DC's (Windows 2000 or NT 4) on the network, and
AD replication is working.

Anyone have any ideas as to why this is happening, or could shed some
light on to this weird problem?

Thanks,

Chris


***********************************************=20
This Weeks Sponsor: 99point9.com
The 99Point9.com Online Tech Support=20
Helpdesk is the one-stop solution for all=20
your server-based computing needs.=20
http://www.99point9.com
************************************************
For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm
*********************************************** 
This Weeks Sponsor: 99point9.com
The 99Point9.com Online Tech Support 
Helpdesk is the one-stop solution for all 
your server-based computing needs. 
http://www.99point9.com
************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm


*********************************************** 
This Weeks Sponsor: 99point9.com
The 99Point9.com Online Tech Support 
Helpdesk is the one-stop solution for all 
your server-based computing needs. 
http://www.99point9.com
************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm

Other related posts: