D
Damien
Hello,
I've almost had it with this....I've been playing with this for two
days and no luck. I have a windows 2000 domain SP4 with 5 remote
sites connected with a sonicwall firewall with VPN set up. 4 offices
are working great but the 5th is not receiving the computer policy,
user policy seems to be applying. All offices are identically setup.
When I run gpresults.exe it tells me that the policy is being applied
but then at the bottom of the report it's pulling a GPO from an old
group that the machine was a member of. I will post the text of the
GPresult at the bottom for your review. I have a feeling this has
something to do with the MSI Installer but I'm not sure. I've been
receiving the event id 1000 source Userenv: Windows cannot unload your
registry file. If you have roaming profile, your settings are not
replicated. Contact administrator. DETAIL-Access Denied ((2195)).
I've done some research regarding this and it's been said it is
happening because the profile is not unloading. I installed
UPHClean.msi from microsoft to make sure the profile is closed when
shutting down and the policy still doesn't apply. The policy that the
computer was a member of was the default domain policy. It is now a
member of woodbridge.va policy. The policy is setup so that the
remote server queries the main server for authentication and
processing of the group policy object. The files are stored on the
local server at the location. All PC on the remote site have static
IP addresses with the local server as their primary DNS and WINS. The
local Server is pointing at itself as the primary dns and wins and the
DC as a secondary. Local Server is setup with a push/pull
relationship with the DC. I can provide more info if necessary.
Please Help!
GPRESULTS BELOW
Microsoft (R) Windows (R) 2000 Operating System Group Policy Result
tool
Copyright (C) Microsoft Corp. 1981-1999
Created on Tuesday, May 04, 2004 at 12:35:19 PM
Operating System Information:
Operating System Type: Professional
Operating System Version: 5.0.2195.Service Pack 4
Terminal Server Mode: Not supported
###############################################################
User Group Policy results for:
CN=user,OU=woodbridge.va,OU=Accounts,DC=kramont,DC=com
Domain Name: DOMAIN
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
Roaming profile: (None)
Local profile: C:\Documents and Settings\user
The user is a member of the following security groups:
DOMAIN\Domain Users
\Everyone
BUILTIN\Power Users
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
\LOCAL
DOMAIN\Security.Operations
DOMAIN\Woodbridge
DOMAIN\Security.Administrative
DOMAIN\Property Management
DOMAIN\company
The user has the following security privileges:
Bypass traverse checking
Change the system time
Shut down the system
Profile single process
Remove computer from docking station
###############################################################
Last time Group Policy was applied: Tuesday, May 04, 2004 at 12:10:24
PM
Group Policy was applied from: exchange.company.com
===============================================================
The user received "Registry" settings from these GPOs:
Woodbridge.VA GPO
Revision Number: 14
Unique Name: {8951380C-9C27-4347-AEE9-8A96EDA4A65A}
Domain Name: company.com
Linked to: Organizational Unit
(OU=woodbridge.va,OU=Accounts,DC=company,DC=com)
The following settings were applied from: Woodbridge.VA GPO
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
ValueName: NoWelcomeScreen
ValueType: REG_DWORD
Value: 0x00000001
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
ValueName: DisallowRun
ValueType: REG_DWORD
Value: 0x00000001
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
ValueName: NoWindowsUpdate
ValueType: REG_DWORD
Value: 0x00000001
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
ValueName: ForceStartMenuLogOff
ValueType: REG_DWORD
Value: 0x00000001
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
ValueName: **delvals.
ValueType: REG_SZ
Value:
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
ValueName: 1
ValueType: REG_SZ
Value: datemanager.exe
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
ValueName: 2
ValueType: REG_SZ
Value: msimn.exe
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
ValueName: 3
ValueType: REG_SZ
Value: precisiontime.exe
===============================================================
The user received "Folder Redirection" settings from these GPOs:
Woodbridge.VA GPO
Revision Number: 14
Unique Name: {8951380C-9C27-4347-AEE9-8A96EDA4A65A}
Domain Name: company.com
Linked to: Organizational Unit
(OU=woodbridge.va,OU=Accounts,DC=company,DC=com)
My Documents is redirected to \\Localserver\Users\%username%.
My Pictures is redirected to \\Localserver\Users\%username%\My
Pictures.
===============================================================
The user received "Scripts" settings from these GPOs:
Woodbridge.VA GPO
Revision Number: 14
Unique Name: {8951380C-9C27-4347-AEE9-8A96EDA4A65A}
Domain Name: company.com
Linked to: Organizational Unit
(OU=woodbridge.va,OU=Accounts,DC=company,DC=com)
Logon scripts specified in: Woodbridge.VA GPO
\\LocalServer\Netlogon\Map.bat
\\LocalServer\Netlogon\normalDot.bat
===============================================================
The user received "Internet Explorer Branding" settings from these
GPOs:
Woodbridge.VA GPO
Revision Number: 14
Unique Name: {8951380C-9C27-4347-AEE9-8A96EDA4A65A}
Domain Name: company.com
Linked to: Organizational Unit
(OU=woodbridge.va,OU=Accounts,DC=company,DC=com)
Additional information is not available for this type of policy
setting.
###############################################################
Computer Group Policy results for:
CN=KRTWD02,OU=woodbridge.va,OU=Accounts,DC=company,DC=com
Domain Name: DOMAIN
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
The computer is a member of the following security groups:
BUILTIN\Administrators
\Everyone
Server\Debugger Users
BUILTIN\Users
DOMAIN\desktop$
DOMAIN\Domain Computers
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
###############################################################
Last time Group Policy was applied: Tuesday, May 04, 2004 at 12:09:07
PM
Group Policy was applied from: exchange.company.com
===============================================================
The computer received "Registry" settings from these GPOs:
Local Group Policy
Revision Number: 9
Unique Name: Local Group Policy
Domain Name:
Linked to: Local computer
Woodbridge.VA GPO
Revision Number: 17
Unique Name: {8951380C-9C27-4347-AEE9-8A96EDA4A65A}
Domain Name: company.com
Linked to: Organizational Unit
(OU=woodbridge.va,OU=Accounts,DC=company,DC=com)
The following settings were applied from: Local Group Policy
KeyName: Software\Policies\Microsoft\SystemCertificates\EFS
ValueName: EFSBlob
ValueType: REG_BINARY
Value: Binary data. Use the /S switch to display.
KeyName: Software\Policies\Microsoft\SystemCertificates\EFS\Certificates\873ACDC29DFCF1074CC8A409AAFB6D4E3CAA08F6
ValueName: Blob
ValueType: REG_BINARY
Value: Binary data. Use the /S switch to display.
KeyName: Software\Policies\Microsoft\SystemCertificates\EFS\CRLs
ValueName:
ValueType: REG_NONE
Value: This key contains no values
KeyName: Software\Policies\Microsoft\SystemCertificates\EFS\CTLs
ValueName:
ValueType: REG_NONE
Value: This key contains no values
The following settings were applied from: Woodbridge.VA GPO
KeyName: Software\Policies\Microsoft\Windows\Installer
ValueName: Logging
ValueType: REG_SZ
Value: iweapv
KeyName: Software\Policies\Microsoft\Windows\WindowsUpdate
ValueName: WUServer
ValueType: REG_SZ
Value: http://krtfile02
KeyName: Software\Policies\Microsoft\Windows\WindowsUpdate
ValueName: WUStatusServer
ValueType: REG_SZ
Value: http://krtfile02
KeyName: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
ValueName: NoAutoUpdate
ValueType: REG_DWORD
Value: 0x00000000
KeyName: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
ValueName: AUOptions
ValueType: REG_DWORD
Value: 0x00000004
KeyName: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
ValueName: ScheduledInstallDay
ValueType: REG_DWORD
Value: 0x00000000
KeyName: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
ValueName: ScheduledInstallTime
ValueType: REG_DWORD
Value: 0x00000004
KeyName: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
ValueName: RescheduleWaitTime
ValueType: REG_DWORD
Value: 0x00000001
KeyName: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
ValueName: UseWUServer
ValueType: REG_DWORD
Value: 0x00000001
===============================================================
The computer received "Scripts" settings from these GPOs:
Woodbridge.VA GPO
Revision Number: 14
Unique Name: {8951380C-9C27-4347-AEE9-8A96EDA4A65A}
Domain Name: company.com
Linked to: Organizational Unit
(OU=woodbridge.va,OU=Accounts,DC=company,DC=com)
Startup scripts specified in: Woodbridge.VA GPO
\\LocalServer\Netlogon\copy.bat
===============================================================
The computer received "Security" settings from these GPOs:
Local Group Policy
Revision Number: 9
Unique Name: Local Group Policy
Domain Name:
Linked to: Local computer
Run the Security Configuration Editor for more information.
===============================================================
The computer received "EFS recovery" settings from these GPOs:
Local Group Policy
Revision Number: 9
Unique Name: Local Group Policy
Domain Name:
Linked to: Local computer
Additional information is not available for this type of policy
setting.
===============================================================
The computer received "Application Management" settings from these
GPOs:
Default Domain Policy
Revision Number: 43
Unique Name: {31B2F340-016D-11D2-945F-00C04FB984F9}
Domain Name: Company.COM
Linked to: Domain (DC=Company,DC=com)
The computer has been assigned the following applications:
Macromedia Flash Player
GPO Name: Default Domain Policy
Removal Option: Application is orphaned when policy is removed
Windows 2000 Service Pack 3 (1033)
GPO Name: Default Domain Policy
Removal Option: Application is orphaned when policy is removed
I've almost had it with this....I've been playing with this for two
days and no luck. I have a windows 2000 domain SP4 with 5 remote
sites connected with a sonicwall firewall with VPN set up. 4 offices
are working great but the 5th is not receiving the computer policy,
user policy seems to be applying. All offices are identically setup.
When I run gpresults.exe it tells me that the policy is being applied
but then at the bottom of the report it's pulling a GPO from an old
group that the machine was a member of. I will post the text of the
GPresult at the bottom for your review. I have a feeling this has
something to do with the MSI Installer but I'm not sure. I've been
receiving the event id 1000 source Userenv: Windows cannot unload your
registry file. If you have roaming profile, your settings are not
replicated. Contact administrator. DETAIL-Access Denied ((2195)).
I've done some research regarding this and it's been said it is
happening because the profile is not unloading. I installed
UPHClean.msi from microsoft to make sure the profile is closed when
shutting down and the policy still doesn't apply. The policy that the
computer was a member of was the default domain policy. It is now a
member of woodbridge.va policy. The policy is setup so that the
remote server queries the main server for authentication and
processing of the group policy object. The files are stored on the
local server at the location. All PC on the remote site have static
IP addresses with the local server as their primary DNS and WINS. The
local Server is pointing at itself as the primary dns and wins and the
DC as a secondary. Local Server is setup with a push/pull
relationship with the DC. I can provide more info if necessary.
Please Help!
GPRESULTS BELOW
Microsoft (R) Windows (R) 2000 Operating System Group Policy Result
tool
Copyright (C) Microsoft Corp. 1981-1999
Created on Tuesday, May 04, 2004 at 12:35:19 PM
Operating System Information:
Operating System Type: Professional
Operating System Version: 5.0.2195.Service Pack 4
Terminal Server Mode: Not supported
###############################################################
User Group Policy results for:
CN=user,OU=woodbridge.va,OU=Accounts,DC=kramont,DC=com
Domain Name: DOMAIN
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
Roaming profile: (None)
Local profile: C:\Documents and Settings\user
The user is a member of the following security groups:
DOMAIN\Domain Users
\Everyone
BUILTIN\Power Users
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
\LOCAL
DOMAIN\Security.Operations
DOMAIN\Woodbridge
DOMAIN\Security.Administrative
DOMAIN\Property Management
DOMAIN\company
The user has the following security privileges:
Bypass traverse checking
Change the system time
Shut down the system
Profile single process
Remove computer from docking station
###############################################################
Last time Group Policy was applied: Tuesday, May 04, 2004 at 12:10:24
PM
Group Policy was applied from: exchange.company.com
===============================================================
The user received "Registry" settings from these GPOs:
Woodbridge.VA GPO
Revision Number: 14
Unique Name: {8951380C-9C27-4347-AEE9-8A96EDA4A65A}
Domain Name: company.com
Linked to: Organizational Unit
(OU=woodbridge.va,OU=Accounts,DC=company,DC=com)
The following settings were applied from: Woodbridge.VA GPO
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
ValueName: NoWelcomeScreen
ValueType: REG_DWORD
Value: 0x00000001
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
ValueName: DisallowRun
ValueType: REG_DWORD
Value: 0x00000001
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
ValueName: NoWindowsUpdate
ValueType: REG_DWORD
Value: 0x00000001
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
ValueName: ForceStartMenuLogOff
ValueType: REG_DWORD
Value: 0x00000001
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
ValueName: **delvals.
ValueType: REG_SZ
Value:
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
ValueName: 1
ValueType: REG_SZ
Value: datemanager.exe
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
ValueName: 2
ValueType: REG_SZ
Value: msimn.exe
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
ValueName: 3
ValueType: REG_SZ
Value: precisiontime.exe
===============================================================
The user received "Folder Redirection" settings from these GPOs:
Woodbridge.VA GPO
Revision Number: 14
Unique Name: {8951380C-9C27-4347-AEE9-8A96EDA4A65A}
Domain Name: company.com
Linked to: Organizational Unit
(OU=woodbridge.va,OU=Accounts,DC=company,DC=com)
My Documents is redirected to \\Localserver\Users\%username%.
My Pictures is redirected to \\Localserver\Users\%username%\My
Pictures.
===============================================================
The user received "Scripts" settings from these GPOs:
Woodbridge.VA GPO
Revision Number: 14
Unique Name: {8951380C-9C27-4347-AEE9-8A96EDA4A65A}
Domain Name: company.com
Linked to: Organizational Unit
(OU=woodbridge.va,OU=Accounts,DC=company,DC=com)
Logon scripts specified in: Woodbridge.VA GPO
\\LocalServer\Netlogon\Map.bat
\\LocalServer\Netlogon\normalDot.bat
===============================================================
The user received "Internet Explorer Branding" settings from these
GPOs:
Woodbridge.VA GPO
Revision Number: 14
Unique Name: {8951380C-9C27-4347-AEE9-8A96EDA4A65A}
Domain Name: company.com
Linked to: Organizational Unit
(OU=woodbridge.va,OU=Accounts,DC=company,DC=com)
Additional information is not available for this type of policy
setting.
###############################################################
Computer Group Policy results for:
CN=KRTWD02,OU=woodbridge.va,OU=Accounts,DC=company,DC=com
Domain Name: DOMAIN
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
The computer is a member of the following security groups:
BUILTIN\Administrators
\Everyone
Server\Debugger Users
BUILTIN\Users
DOMAIN\desktop$
DOMAIN\Domain Computers
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
###############################################################
Last time Group Policy was applied: Tuesday, May 04, 2004 at 12:09:07
PM
Group Policy was applied from: exchange.company.com
===============================================================
The computer received "Registry" settings from these GPOs:
Local Group Policy
Revision Number: 9
Unique Name: Local Group Policy
Domain Name:
Linked to: Local computer
Woodbridge.VA GPO
Revision Number: 17
Unique Name: {8951380C-9C27-4347-AEE9-8A96EDA4A65A}
Domain Name: company.com
Linked to: Organizational Unit
(OU=woodbridge.va,OU=Accounts,DC=company,DC=com)
The following settings were applied from: Local Group Policy
KeyName: Software\Policies\Microsoft\SystemCertificates\EFS
ValueName: EFSBlob
ValueType: REG_BINARY
Value: Binary data. Use the /S switch to display.
KeyName: Software\Policies\Microsoft\SystemCertificates\EFS\Certificates\873ACDC29DFCF1074CC8A409AAFB6D4E3CAA08F6
ValueName: Blob
ValueType: REG_BINARY
Value: Binary data. Use the /S switch to display.
KeyName: Software\Policies\Microsoft\SystemCertificates\EFS\CRLs
ValueName:
ValueType: REG_NONE
Value: This key contains no values
KeyName: Software\Policies\Microsoft\SystemCertificates\EFS\CTLs
ValueName:
ValueType: REG_NONE
Value: This key contains no values
The following settings were applied from: Woodbridge.VA GPO
KeyName: Software\Policies\Microsoft\Windows\Installer
ValueName: Logging
ValueType: REG_SZ
Value: iweapv
KeyName: Software\Policies\Microsoft\Windows\WindowsUpdate
ValueName: WUServer
ValueType: REG_SZ
Value: http://krtfile02
KeyName: Software\Policies\Microsoft\Windows\WindowsUpdate
ValueName: WUStatusServer
ValueType: REG_SZ
Value: http://krtfile02
KeyName: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
ValueName: NoAutoUpdate
ValueType: REG_DWORD
Value: 0x00000000
KeyName: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
ValueName: AUOptions
ValueType: REG_DWORD
Value: 0x00000004
KeyName: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
ValueName: ScheduledInstallDay
ValueType: REG_DWORD
Value: 0x00000000
KeyName: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
ValueName: ScheduledInstallTime
ValueType: REG_DWORD
Value: 0x00000004
KeyName: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
ValueName: RescheduleWaitTime
ValueType: REG_DWORD
Value: 0x00000001
KeyName: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
ValueName: UseWUServer
ValueType: REG_DWORD
Value: 0x00000001
===============================================================
The computer received "Scripts" settings from these GPOs:
Woodbridge.VA GPO
Revision Number: 14
Unique Name: {8951380C-9C27-4347-AEE9-8A96EDA4A65A}
Domain Name: company.com
Linked to: Organizational Unit
(OU=woodbridge.va,OU=Accounts,DC=company,DC=com)
Startup scripts specified in: Woodbridge.VA GPO
\\LocalServer\Netlogon\copy.bat
===============================================================
The computer received "Security" settings from these GPOs:
Local Group Policy
Revision Number: 9
Unique Name: Local Group Policy
Domain Name:
Linked to: Local computer
Run the Security Configuration Editor for more information.
===============================================================
The computer received "EFS recovery" settings from these GPOs:
Local Group Policy
Revision Number: 9
Unique Name: Local Group Policy
Domain Name:
Linked to: Local computer
Additional information is not available for this type of policy
setting.
===============================================================
The computer received "Application Management" settings from these
GPOs:
Default Domain Policy
Revision Number: 43
Unique Name: {31B2F340-016D-11D2-945F-00C04FB984F9}
Domain Name: Company.COM
Linked to: Domain (DC=Company,DC=com)
The computer has been assigned the following applications:
Macromedia Flash Player
GPO Name: Default Domain Policy
Removal Option: Application is orphaned when policy is removed
Windows 2000 Service Pack 3 (1033)
GPO Name: Default Domain Policy
Removal Option: Application is orphaned when policy is removed