GPO not applied
in [Windows Servers]
|
From: Jancso Christian on 13 Jan 2010 11:20 Dear all I have the following situation: 2 DC with Windows Server 2003, 1 Terminal Server with Windows Server 2003 and 2 Terminal Server with Windows Server 2008. For different clients I have different GPOs. When I login as user A (from client group A with GPO A) to each of these 3 Terminal Server the GPO applies successfully. When I login as user B (from client group B with GPO B) to each of those 3 Terminal Server the GPO does not apply. I notice that I have the error in event viewer: 1053: Windows cannot determine the user or computer name. (The specified user does not exist) I have checked DNS which seems to be working correctly. The users are in the same OU so there should be no permission issue. I am able to see \\<domain name>\sysvol from the Terminal Server. I also checkt the group membership. This is also correct. Can anyone help me with this? TIA Chris
From: Meinolf Weber [MVP-DS] on 13 Jan 2010 12:22 Hello Jancso, GPOs are applied to users or computers, not security groups. Or do you use security filtering on the OU where the user accounts are located, as you are talking about client groups? Please clarify this a bit more. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > Dear all > > I have the following situation: > 2 DC with Windows Server 2003, 1 Terminal Server with Windows Server > 2003 > and 2 Terminal Server with Windows Server 2008. > For different clients I have different GPOs. > When I login as user A (from client group A with GPO A) to each of > these 3 Terminal Server the GPO applies successfully. > > When I login as user B (from client group B with GPO B) to each of > those 3 Terminal Server the GPO does not apply. > > I notice that I have the error in event viewer: > 1053: Windows cannot determine the user or computer name. (The > specified > user does not exist) > I have checked DNS which seems to be working correctly. The users are > in the > same OU so there should be no permission issue. > I am able to see \\<domain name>\sysvol from the Terminal Server. > I also checkt the group membership. This is also correct. > Can anyone help me with this? > > TIA > Chris
From: Jancso Christian on 14 Jan 2010 04:30 Hi Meinolf Thank you very much for your reply. Terminal Server users are in security groups depending on the company they are working for. For each company I have a different GPO. When I open GroupPolicy Management I can see my GPOs. In each GPO is a section called security filtering. In this section I inserted the corresponding security group. Therefore I don't have to add each user of this. I hope this is more understandable now. Thank you for your help! Chris "Meinolf Weber [MVP-DS]" wrote: > Hello Jancso, > > GPOs are applied to users or computers, not security groups. Or do you use > security filtering on the OU where the user accounts are located, as you > are talking about client groups? Please clarify this a bit more. > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > Dear all > > > > I have the following situation: > > 2 DC with Windows Server 2003, 1 Terminal Server with Windows Server > > 2003 > > and 2 Terminal Server with Windows Server 2008. > > For different clients I have different GPOs. > > When I login as user A (from client group A with GPO A) to each of > > these 3 Terminal Server the GPO applies successfully. > > > > When I login as user B (from client group B with GPO B) to each of > > those 3 Terminal Server the GPO does not apply. > > > > I notice that I have the error in event viewer: > > 1053: Windows cannot determine the user or computer name. (The > > specified > > user does not exist) > > I have checked DNS which seems to be working correctly. The users are > > in the > > same OU so there should be no permission issue. > > I am able to see \\<domain name>\sysvol from the Terminal Server. > > I also checkt the group membership. This is also correct. > > Can anyone help me with this? > > > > TIA > > Chris > > > . >
From: Meinolf Weber [MVP-DS] on 14 Jan 2010 04:40 Hello Jancso, Please post an unedited ipconfig /all from your TS and the DC/DNS server, so we can exclude DNS as one problem. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > Hi Meinolf > > Thank you very much for your reply. Terminal Server users are in > security groups depending on the company they are working for. For > each company I have a different GPO. > > When I open GroupPolicy Management I can see my GPOs. In each GPO is a > section called security filtering. In this section I inserted the > corresponding security group. Therefore I don't have to add each user > of this. > > I hope this is more understandable now. > > Thank you for your help! > Chris > "Meinolf Weber [MVP-DS]" wrote: > >> Hello Jancso, >> >> GPOs are applied to users or computers, not security groups. Or do >> you use security filtering on the OU where the user accounts are >> located, as you are talking about client groups? Please clarify this >> a bit more. >> >> Best regards >> >> Meinolf Weber >> Disclaimer: This posting is provided "AS IS" with no warranties, and >> confers >> no rights. >> ** Please do NOT email, only reply to Newsgroups >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>> Dear all >>> >>> I have the following situation: >>> 2 DC with Windows Server 2003, 1 Terminal Server with Windows Server >>> 2003 >>> and 2 Terminal Server with Windows Server 2008. >>> For different clients I have different GPOs. >>> When I login as user A (from client group A with GPO A) to each of >>> these 3 Terminal Server the GPO applies successfully. >>> When I login as user B (from client group B with GPO B) to each of >>> those 3 Terminal Server the GPO does not apply. >>> >>> I notice that I have the error in event viewer: >>> 1053: Windows cannot determine the user or computer name. (The >>> specified >>> user does not exist) >>> I have checked DNS which seems to be working correctly. The users >>> are >>> in the >>> same OU so there should be no permission issue. >>> I am able to see \\<domain name>\sysvol from the Terminal Server. >>> I also checkt the group membership. This is also correct. >>> Can anyone help me with this? >>> TIA >>> Chris >> . >>
From: Jancso Christian on 14 Jan 2010 05:49 Thank you again for your reply. DC/DNS Server: Hostname: <servername> Primary DNS-Suffix: ASPSYZ.ch Node Type: unknown IP Routing Enabled: No WINS Proxy Enabled: No DNS Suffix Search List: ASPSYZ.ch DHCP enabled: No IP address: 10.2.1.2 Subnet Mask: 255.255.255.0 Default Gateway: 10.2.1.1 DNS Server: 127.0.0.1 Terminal Server: Hostname: <servername> Primary DNS-Suffix: ASPSYZ.ch Node Type: Hybrid IP Routing Enabled: No WINS Proxy Enabled: No DNS Suffix Search List: ASPSYZ.ch DHCP enabled: No Autoconfiguration Enabled: Yes IPv4 Address: 10.2.1.9<Preferred> Subnet Mask: 255.255.255.0 Default Gateway: 10.2.1.1 DNS Server: 10.2.1.2 NetBIOS over Tcpip: Enabled Are they ok? Best regards, Chris "Meinolf Weber [MVP-DS]" wrote: > Hello Jancso, > > Please post an unedited ipconfig /all from your TS and the DC/DNS server, > so we can exclude DNS as one problem. > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > Hi Meinolf > > > > Thank you very much for your reply. Terminal Server users are in > > security groups depending on the company they are working for. For > > each company I have a different GPO. > > > > When I open GroupPolicy Management I can see my GPOs. In each GPO is a > > section called security filtering. In this section I inserted the > > corresponding security group. Therefore I don't have to add each user > > of this. > > > > I hope this is more understandable now. > > > > Thank you for your help! > > Chris > > "Meinolf Weber [MVP-DS]" wrote: > > > >> Hello Jancso, > >> > >> GPOs are applied to users or computers, not security groups. Or do > >> you use security filtering on the OU where the user accounts are > >> located, as you are talking about client groups? Please clarify this > >> a bit more. > >> > >> Best regards > >> > >> Meinolf Weber > >> Disclaimer: This posting is provided "AS IS" with no warranties, and > >> confers > >> no rights. > >> ** Please do NOT email, only reply to Newsgroups > >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > >>> Dear all > >>> > >>> I have the following situation: > >>> 2 DC with Windows Server 2003, 1 Terminal Server with Windows Server > >>> 2003 > >>> and 2 Terminal Server with Windows Server 2008. > >>> For different clients I have different GPOs. > >>> When I login as user A (from client group A with GPO A) to each of > >>> these 3 Terminal Server the GPO applies successfully. > >>> When I login as user B (from client group B with GPO B) to each of > >>> those 3 Terminal Server the GPO does not apply. > >>> > >>> I notice that I have the error in event viewer: > >>> 1053: Windows cannot determine the user or computer name. (The > >>> specified > >>> user does not exist) > >>> I have checked DNS which seems to be working correctly. The users > >>> are > >>> in the > >>> same OU so there should be no permission issue. > >>> I am able to see \\<domain name>\sysvol from the Terminal Server. > >>> I also checkt the group membership. This is also correct. > >>> Can anyone help me with this? > >>> TIA > >>> Chris > >> . > >> > > > . >
|
Next
|
Last
Pages: 1 2 Prev: Cannot copy <filename>: Insufficient system resources exist Next: port 80 |