Thanks for the advice. Gpotool indicates the policy is ok.
Gpresult /v results seem ok, but the policy in question displays oddly in the results. The policy settings are under Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options: "Eventlog: Security descriptor for Application event log" With additional settings for each log were collecting. The results from gpresult show the following: GPO: <policy name> Policy: N/A ValueName: machine\system\currentcontrolset\services\eventlog\directory service\customsd Computer Setting: <the settings> What is odd is that the policy is only referenced once, even though it should configuring up to 6 settings. Also, the policyname shows "N/A". I tried comparing gpresults to a server where the policy apppears to apply correctly, but the only one I'm aware of is a domain controller and the format of the results are completely different. Please bear with me if I'm not providing enough information. We're blocking GMail at %work% until we get patch 2524375 deployed, so I'm doing this from my iPhone. On Mar 31, 2011, at 9:32 AM, "Free, Bob" <r...@pge.com> wrote: > First I would check the overall health of the GPO components with gpotool > including checking the ACL- > > gpotool /gpo:<GUID od suspect GPO> /checkacl > > Then I would check it locally on an affected server with grpesult /v to see > what is going on in more detail and also see if you get something better than > "(unknown reason)" > > I usually do something like gpresult /v >gp.txt & notepad gp.txt > > -----Original Message----- > From: Sean Martin [mailto:seanmarti...@gmail.com] > Sent: Thursday, March 31, 2011 10:10 AM > To: NT System Admin Issues > Subject: GPO Not Applying > > Windows 2003 AD > Windows 2003/2008 member servers > > I've got a GPO that configures security descriptors on event logs for > Symantec SSIM to do log collection. I have a security group containing the > computer accounts used for security filtering on the GPO. The GPO is linked > to 2 OUs where these computer accounts reside. There's a top level OU with > multiple sub OUs. One of the sub OUs blocks inheritance for other reasons so > the policy is linked directly to that OU. > > We're having problems collecting logs from computers that reside in the sub > OU. Group Policy is being singled out because RSOP lists the following: > > <Policy Name> > Filtering: Not Applied (Unknown Reason) > > However, the policy also appears under "Applied Group Policy Objects". I > haven't been able to identify anything that would prevent the GPO from > applying. Other GPOs linked directly to the sub OU apply without issue. The > only difference is the problem GPO uses more granular security filtering, > where the others default to authenticated users. > > I'm going to create a separate GPO that can be applied to only the sub OU and > not modify security filtering. > > I'm not entirely convinced this is specifically a GPO problem because there > are other environmental differences that make members of this OU unique. > > Anyone have any ideas on the GPO scenario? Does it sound like there's an > issue? > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin