For the most part, this has been the answer. For some reason, one DC is not accepting the changes that were made to the policy.
However, I now have an exception. I have a 2K8 virtual box, that is connecting to the DC that I made the changes to in GPMC. The server that is definitely showing the new additions to the policy. This server is not showing the updates under RSoP. The gpupdate /force says it worked successfully, and there were no errors in the Application log. Normally, I would just wait for the change, but it has been almost a full day now, without the change coming through. Any other ideas? >>> Ken Schaefer <k...@adopenstatic.com> 9/9/2009 9:17 AM >>> If RSOP is not showing the setting, then check the DC that your client is connecting to, to see what *it* thinks the policy should be (e.g. load GPMC and target that DC). Verify that the relevant GPO objects in sysvol are present on that particular DC. Cheers Ken -----Original Message----- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Thursday, 10 September 2009 12:10 AM To: NT System Admin Issues Subject: RE: group policy updating Application event log shows Event Code 1704: Security policy in the Group policy objects has been applied successfully. However, running rsop.msc following this does not show the new settings. It does show other settings from that GPO, but those were already in effect prior to me adding the banner. But the banner isn't coming up. I'm guessing I'm going to have to bounce the servers that aren't taking it, at this point, as there has been plenty of time for policy updates, both manual by me, and automatically through the system. >>> Ken Schaefer <k...@adopenstatic.com> 9/8/2009 9:13 PM >>> Check event logs for any GPO processing errors Check your DC replication status to work out whether the GPO has actually replicated to the DCs that these clients are talking to etc Cheers Ken -----Original Message----- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Wednesday, 9 September 2009 5:47 AM To: NT System Admin Issues Subject: Re: group policy updating Hmm, thanks Devin. I tried that on one of the machines, and the two settings in question are not showing as being defined at all, much less by a group policy. I don't think this is one of those changes that requires a reboot, at least the gpupdate didn't indicate it. I'll give it some time, and check it again in the morning... Thanks, Joe L. Heaton >>> Devin Meade <devin.me...@gmail.com> 9/8/2009 2:33 PM >>> Try RSOP.MSC on the machine in question. hth, Devin On Tue, Sep 8, 2009 at 4:08 PM, Joseph Heaton<jhea...@dfg.ca.gov> wrote: > I'm updating a group policy, to add a login banner. Some of the machines in > question had one, but they were added manually either to the Local Security > Policy, or directly to the registry. I've gone in, deleted any entries in > these two locations, I've run gpupdate /force, and logged out and back in. > When I do this, some machines show the correct banner, and show it in Local > Security Policy, grayed out, which tells me it's getting it from GP. Other > machines don't seem to be updating, even after sitting for a while.The > successes and failures vary from 2k3 to 2k8, physical, and virtual boxes. > > Anyone have any idea what I can look at to troubleshoot this? > > I've gone into GPMC, and run the Group Policy Results tool, using my account > on the boxes in question, and the results come back saying that the desired > group policy is supposed to be affecting it. > > Thanks, ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
