1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can't apply a GPO

Discussion in 'Networks' started by Boycie, Jul 4, 2006.

  1. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    I have a SBS domain that i am unable to apply a GPO.
    Because it is new, there are no other GPO's in place.

    From within ADUC i have created a new OU within the domain, placed the groups i want in it, selected read and apply group policy settings, linked it and used a gpupdate/force from the server and the client but with no joy.. :cry:

    Can anyone suggest anything as to why this policy doesn't work?
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  2. d-Faktor
    Honorary Member

    d-Faktor R.I.P - gone but never forgotten.

    810
    0
    39
    could be anything. these are not computer settings being applied to users, or vice versa, right?!
    [edit] what does the resultant set of policy say about your policy?
     
  3. JonnyMX

    JonnyMX Petabyte Poster

    5,239
    211
    236

    You're fired...
     
    Certifications: MCT, MCTS, i-Net+, CIW CI, Prince2, MSP, MCSD
  4. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    damn :knife
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  5. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    D,

    I have tried User and Computer configuration and neither apply...
    The resultant is zilch..... :oops:
    Could it be due to another service that isn't functioning correctly on the server? ie DNS, DHCP?
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  6. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    Boyce,

    Can you tell us exactly what settings you are trying to apply with the GPO? Also are the client PC's XP or W2K?
     
  7. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    Has this been setup on Virtual PC\Server?
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  8. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    Si,

    I tried one enablement from Computer config (admin templates....Internet Control Panel....Disable the security page) and one from admin config (admin templates....control panel...prevent access to the control panel)
    oh, all clients are XP

    thanks :)
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  9. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    Boyce, when you log onto the client PC open up a command line and type gpresult, it will tell you if the group policy is being picked up.

    If not (and you are running SBS on a Virtual Server) it looks like a DNS issue. Do an ipconfig /all and make sure DNS is being picked up from your SBS box, I assume this is running DHCP as well.

    Hope this helps! :biggrin
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  10. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    Spark,

    It isn't picking up the GP; the gpresult command presents the time from when i forced an update from the client (i assume) with an applied from = N/A
    Could it be a DNS/DHCP issue? SBS is not dealing with DHCP, the ADSL box is at the moment!

    Simon
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  11. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    It looks that way, one of my work mates has virtual server with SBS and has another virtual PC running on his laptop. Anyways he doesn’t have DHCP running on his virtual SBS as we obviously have DHCP on our company LAN. When he has been testing group policy there has always been problem picking up GPOs.

    As the DHCP role is on your ADSL modem\router it probably means the I.P address given to your client PC is using the DNS configured on the router (this wont have any reference to your SBSs local domain). This means DNS is first resolved on your Router\Modem and anything that can’t be resolved is being passed onto your ISPs DNS servers, not good for group policy!

    You want the client PC to have its DNS pointing at your SBS box, then on SBS configure DNS forwarders to either point directly to your ISPs DNS servers or to your ADSL router (ideally you want to point it to the real world DNS servers). On the LAN settings on your SBS point the DNS to I.P of the server, I know this might look weird but this is correct as your SBS has many roles assigned to it (DNS, WINS etc). Also the forwarders I just mentioned are used when your SBS box can’t resolve a DNS request.

    The easiest way to configure this is to configure the DHCP scope on the SBS box as often configuring the clients with static I.Ps can cause problems.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  12. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    I agree totally with that Sparky.

    Bear in mind Boycie that more than just name resolution goes on with local DNS requests. There are SRV records in DNS which tell the clients information like which IP belongs to a domain controller. Without those SRV records the client is clueless. Clearly your router would not support those AD SRV records, so it is vitally important to use a DNS server for internal DNS requests that does.
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  13. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    Thanks to everyone for their input :thumbleft

    Spark- no, it is a *real* domain, not a virtual one.

    Would it be better to insert another Nic in the SBS box, (one for the ADSL gateway and one to the hub for the clients) and bridge the two together or leave the it as it is (network cable from SBS to hub... hub to ADSL box and clients) and configure SBS for DHCP?

    Si
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  14. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Is your SBS box a standard or premium edition? If the later, then it comes with ISA, which is an excellent product IMHO but to function properly ie as a firewall, it *needs* two NICs.

    I also think you should run DHCP from your server too. It is far more configurable than those plastic cheap ADSL router boxes, and it is after-all what you are studying.
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  15. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    Pete,

    It is the standard edition.
    Yes, i agree. The network is about to by teared down (as we are moving to bigger premises and therefore more users and a complete new network) hence the *shoddyness* :)

    What time is it where you are Pete?

    Si
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  16. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    You could purchase a hardware device for the firewall\switch and then patch everything into the switch.

    So you would have an ADSL modem which is patched into the WAN port of your hardware firewall and the switch (which is part of the same device) would be used for the clients including the server. How many clients do you have?

    ISA is also an option but as Bluerinse says it needs two NICs to get firewall functionality out of it, with one NIC you could run it as a proxy though. Move DHCP onto the server as DHCP on the router is really designed for home networks or a small workgroup environment where there is no server.

    When is the office move? Plan well as its a great opportunity to make some big changes! :biggrin
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  17. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    Great advice Sparky, thanks. Myself and JonnyMX are planning as much as we can at the moment but it is proving quite hard because we haven't had any confirmed figures and expectations from the people paying the money.
    We will have around 50 users and will be using an outside IT company to implement MS CRM.

    Regards

    Simon
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  18. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    It was 6:40pm when I posted that Si, now it is 7am, been up since 5am watching the football <yawn>
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  19. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    Whats the song? *you football crazy, you football mad.....* :)

    enjoy the rest of the cup, pete :morebeer
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  20. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    Might even be worth moving to a separate DC and Exchange server as it looks like you might max out the SBS if you continue to expand.

    Just installed Microsoft CRM on our server at work, worth noting there is a SBS version and a Windows Server 2003 version, the SBS version can’t be installed on a Windows 2003 box, which is a pain!

    Best of luck with the migration! :biggrin
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010

Share This Page

Loading...