GPO’s will not take effect on one computer

Active Directory
I have all win xp pro sp1 clients and a win 2003 pdc. I use gpo very heavily in a library environment to restrict what the students can do. I have one computer that will not apply any of the gpo's. I have checked it for viruses, verified dns is working correctly using nslookup for the machine in question, and have removed and readded it to the domain. The group policy I designed works great on every other computer (about 50) in the library except this one, and I see no reason why it shouldn't work as well. Any suggestion would be great! Thanks!

Answer Wiki

Thanks. We'll let you know when a new response is added.

Try deleting the GPO database file on the machine – c:windowssecuritydatabasesecedit.sdb. It’ll recreate clean and shiny new when the policy refreshes. Also, look for any local policies which are getting in the way – c:windowssystem32grouppolicy. Delete this folder and reboot.

Discuss This Question: 4  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Bobkberg
    I have no clue - but I just love to skate on thin ice :-) Try using regedt32 (as opposed to regedit) and search for the policy keys, and check the security permissions on the policies. As I mentioned above, I don't know much about GPO's, but I have seen some spyware (and retro viruses) that lock down registry key permissions so that they cannot be removed easily. Whether or not it's spyware, viruses, or simply an ambitious user who wants more freedom with a rigged machine, I wouldn't know, but that's where I would start looking. Bob
    1,070 pointsBadges:
  • Juscelino
    Try this on the machine that does not update: Open the Registry Editor and navigate to the following key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto Update Find the value named NextDetectionTime (I'm not sure if it's a DWORD or String Value) and delete it. Wait about 1/2 hour to 1 hour for the computer to try to connect to the update server again. Also, navigate to the following key: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdate Find the values named WUServer and WUStatusServer and verify that they are pointing to the correct SUS/WSUS server. (Keep in mind that I use WSUS so the values may be named differently if you use SUS.)
    0 pointsBadges:
  • Buzzcox
    To refresh a GPO on an XP box use gpupdate /force, this will force the refreshing of the gpo's to be applied to the workstation. also use gpresult to look to see what gpo's have been applied to the workstation. if you dont have these utilities, pop on to microsofts web site and down load the win2003 resource kit.
    0 pointsBadges:
  • 0ct0pus
    first thing we should start from is the errors in the event viewer. From there we could tell if it's DNS issue, or any other security settings.
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: