Group policies work on certain pc's

By don ·
In short, I have 2 scenarios
I use the term good workstation as one that group policy is passed down correctly and everything is working as it should, and bad workstation as one that does not pass down group policy.

1) At location 1 users can login to certain workstations and get group policy. While other workstations they don't, however if the user logins to the good workstation first then he is able to use the bad workstations.

2) At location 2 the problem is similar but not the same. We have good and bad workstations like the example with the exception that if a users logs into a good workstation, he is still not able to log into a bad workstation.

All of the googling most post suggests that 90 percent of the problem lies with DNS. I have check DNS at the first site and all is well, I don't have access to the 2nd site currently.

The people I work with at these 2 sites have a lot of network experience, I don't know there exact titles but they know there stuff. I've pretty much exhausted any and all thoughts I have so I am posting here in the hope that someone might have some suggestions. Maybe I'm just looking in the wrong area for the problem.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -


by retro77 In reply to Group policies work on ce ...

How is your OU layout? Are both the good and bad workstations in the same OUs?

Collapse -

Excellent point

by scott_heath In reply to OUs

And are these policies, user or computer policies? Are the linked to a top level OU that all other OUs are under?

Run RSoP.msc or gpresult.exe on the workstation to see if it is recognizing the GPO at all.

Collapse -

the questioner did say if a user logs in on a good machine

by CG IT In reply to Excellent point

then he can on a bad machine so it appears that the GPO is linked to a user OU and not a computer OU. A computer OU with GPO wouldn't care who logged in.

Collapse -


by retro77 In reply to the questioner did say if ...

CG, I agree with you.

Collapse -

Yes, but...

by scott_heath In reply to the questioner did say if ...

It makes no sense. The GPO would have to be processed on the "bad" machine, so why does logging into the "good" machine first do anything? User GPO's are processed every time the user logs in and then whenever it updates with the DC. I don't believe the OP specified whether this was a computer or user policy so I wanted to know for sure.

Collapse -

Who knows

by retro77 In reply to Yes, but...

It depends on what setting is being set. Maybe its setting a profile setting and he/she is using roaming profiles so the setting 'follows' the user...more good info would be what the GPO that isnt applying is supposed to do.

Collapse -

Updated Info

by don In reply to Who knows

Wow, thanks for all the quick responses.

Ok in response to some of your questions both computers are in the same OU, as far as GPO's go, we don't use GPO, our software does the same thing as GPO's and works great 99.9% of the time. The only new information I can add to these situations is that in both cases, these are new pc's being added to the domain, and the users logging in do use roaming profiles. I've even had Site 1 unjoin and rejoin the workstations to the domain. The common denominator here is they are both adding new pc's to the domain.

Collapse -

What kind of messages

by XT John In reply to Updated Info

are you seeing in the Event Viewer on the server and the machine having log on problems? Do the new computers have the Domain Controller server as their primary DNS server? Can you see the new computers listed in the forward lookup zones under DNS on the Domain Controller?

Collapse -

I'm confused...

by scott_heath In reply to Updated Info

GPO stands for Group Policy Object. So if you aren't using GPOs, where are the policies coming from? What is this "software" you speak of? Have you tried deleting the local profile on the systems with issues? As the other poster suggests, what do your Event Logs indicate?

Collapse -

Will double check

by don In reply to Group policies work on ce ...

In response to the last to posters, I will double check the dns again, however I have checked this in depth before and found no issues.
I don't have access to Site 2 currently but I can check it on site 1.

To best try and answer your question about GPO,
Our software writes to the registry as a gpo would, the software is not the issue as it works on a large number of other sites.

Related Discussions

Related Forums