RE: Group Policy problem

[Jim Dandy]

Thanks all for your suggestions.  I tried the always wait for network at
computer startup but that didn't seem to solve the problem.  Eventually
though, it started working.  I'm not sure what fixed it but thanks for
all your suggestions.

 

Curt

 

From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] 
Sent: Wednesday, February 15, 2012 1:37 PM
To: NT System Admin Issues
Subject: RE: Group Policy problem

 

I might also mention that the computer is on a very slow link.  However,
I don't think that's the issue because this computer has been able to
install software from GPs in the past.

 

Curt

 

From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] 
Sent: Wednesday, February 15, 2012 1:28 PM
To: NT System Admin Issues
Subject: Group Policy problem

 

I'm trying to install software via group policy.  If I do resultant set
of policy, it shows the group policies but there is a yellow triangle
with an exclamation point on all of the policies assigning the software
packages.  In RSoP, if I look at the Error Information tab on the
Properties for the group policy, it only shows the date and time. There
are no errors in the system event log indicating the software failed to
install - it just doesn't install when the system is booted.  The issue
only occurs on this one (Vista) computer.  The GPs are working perfectly
on other computers in the OU.  How can I track down the problem?  Thanks
for your help.

 

Curt Finley

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy problem

[Kennedy, Jim]

+1  'always wait for network at computer startup' ftw.

From: N Parr [mailto:npar...@mortonind.com]
Sent: Thursday, February 16, 2012 8:15 AM
To: NT System Admin Issues
Subject: RE: Group Policy problem

I had a very similar problem a couple weeks ago.  We only have one little 
application we push to all computers via GPO, it's been the same app for the 
past 3 years.  All the sudden it just stopped installing for no reason I can 
understand, maybe something in last round of windows updates since that was the 
only common change.  I did some searching and turned on the old "always wait 
for network at computer startup" and it starts working again.   I was getting 
RPC and DC not available errors in the event log which helped me narrow down 
the problem.  But why now after years and across 03-08 domain upgrades.


From: Tom Miller [mailto:tmil...@hnncsb.org]<mailto:[mailto:tmil...@hnncsb.org]>
Sent: Thursday, February 16, 2012 6:17 AM
To: NT System Admin Issues
Subject: Re: Group Policy problem
Yes, that's it.

>>> James Rankin mailto:kz2...@googlemail.com>> 
>>> 2/16/2012 6:43 AM >>>
Aha, the old "always wait for network at computer startup" option?
On 16 February 2012 11:36, Tom Miller 
mailto:tmil...@hnncsb.org>> wrote:
I've had issues with this sort of thing on Windows XP. There is a setting in 
the GPO - can dig for it if you need it - that does something like waits for 
Windows to completely load before the GPO completes, and I found that helpful 
for scripts. It delays the logon process by a few seconds, but our users don't 
notice since I've used it since we migrated from another file and print system.
If you don't need the script to run at logon, consider a scheduled task via 
GPO. I have a task that runs every few hours to check for A/V software (task 
executes a script on a share). If the software is present, the script exits, if 
not, a silent install runs. (That's very helpful when Vipre has major upgrades, 
the old agent gets uninstalled, but the new agent fails to install.) Since this 
PC is over a WAN link, you could have the script copy whatever locally, then 
execute. Just an alternative.
Tom

>>> "Rankin, James R" mailto:kz2...@googlemail.com>> 
>>> 2/16/2012 3:25 AM >>>

Its just some strangeness I saw before, some pcs unable to get install files 
from shares on DCs.
Sent from my SR-71 Blackbird

From: "Jim Dandy" mailto:jda...@asmail.ucdavis.edu>>
Date: Wed, 15 Feb 2012 14:57:21 -0800
To: NT System Admin 
Issuesmailto:ntsysadmin@lyris.sunbelt-software.com>>
ReplyTo: "NT System Admin Issues" 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Subject: RE: Group Policy problem

No, It's 32-bit. I wouldn't think it could be a problem with the share since 
other computers are able to apply the policy. Am I wrong?
Curt
From: James Rankin [mailto:kz2...@googlemail.com<mailto:kz2...@googlemail.com>]
Sent: Wednesday, February 15, 2012 1:37 PM
To: NT System Admin Issues
Subject: Re: Group Policy problem
It's not an x64 system is it?

Also where are the installation files stored? I had a lot of problems when 
someone stored the install files in the netlogon share, moving them out sorted 
things.
On 15 February 2012 21:28, Jim Dandy 
mailto:jda...@asmail.ucdavis.edu>> wrote:
I'm trying to install software via group policy. If I do resultant set of 
policy, it shows the group policies but there is a yellow triangle with an 
exclamation point on all of the policies assigning the software packages. In 
RSoP, if I look at the Error Information tab on the Properties for the group 
policy, it only shows the date and time. There are no errors in the system 
event log indicating the software failed to install - it just doesn't install 
when the system is booted. The issue only occurs on this one (Vista) computer. 
The GPs are working perfectly on other computers in the OU. How can I track 
down the problem? Thanks for your help.
Curt Finley

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed. If 
you have received t

RE: Group Policy problem

[N Parr]

I had a very similar problem a couple weeks ago.  We only have one little 
application we push to all computers via GPO, it's been the same app for the 
past 3 years.  All the sudden it just stopped installing for no reason I can 
understand, maybe something in last round of windows updates since that was the 
only common change.  I did some searching and turned on the old "always wait 
for network at computer startup" and it starts working again.   I was getting 
RPC and DC not available errors in the event log which helped me narrow down 
the problem.  But why now after years and across 03-08 domain upgrades.


From: Tom Miller [mailto:tmil...@hnncsb.org]
Sent: Thursday, February 16, 2012 6:17 AM
To: NT System Admin Issues
Subject: Re: Group Policy problem

Yes, that's it.

>>> James Rankin  2/16/2012 6:43 AM >>>
Aha, the old "always wait for network at computer startup" option?

On 16 February 2012 11:36, Tom Miller 
mailto:tmil...@hnncsb.org>> wrote:
I've had issues with this sort of thing on Windows XP. There is a setting in 
the GPO - can dig for it if you need it - that does something like waits for 
Windows to completely load before the GPO completes, and I found that helpful 
for scripts. It delays the logon process by a few seconds, but our users don't 
notice since I've used it since we migrated from another file and print system.
If you don't need the script to run at logon, consider a scheduled task via 
GPO. I have a task that runs every few hours to check for A/V software (task 
executes a script on a share). If the software is present, the script exits, if 
not, a silent install runs. (That's very helpful when Vipre has major upgrades, 
the old agent gets uninstalled, but the new agent fails to install.) Since this 
PC is over a WAN link, you could have the script copy whatever locally, then 
execute. Just an alternative.
Tom

>>> "Rankin, James R" mailto:kz2...@googlemail.com>> 
>>> 2/16/2012 3:25 AM >>>

Its just some strangeness I saw before, some pcs unable to get install files 
from shares on DCs.
Sent from my SR-71 Blackbird

From: "Jim Dandy" mailto:jda...@asmail.ucdavis.edu>>
Date: Wed, 15 Feb 2012 14:57:21 -0800
To: NT System Admin 
Issuesmailto:ntsysadmin@lyris.sunbelt-software.com>>
ReplyTo: "NT System Admin Issues" 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Subject: RE: Group Policy problem

No, It's 32-bit. I wouldn't think it could be a problem with the share since 
other computers are able to apply the policy. Am I wrong?
Curt
From: James Rankin [mailto:kz2...@googlemail.com<mailto:kz2...@googlemail.com>]
Sent: Wednesday, February 15, 2012 1:37 PM
To: NT System Admin Issues
Subject: Re: Group Policy problem
It's not an x64 system is it?

Also where are the installation files stored? I had a lot of problems when 
someone stored the install files in the netlogon share, moving them out sorted 
things.
On 15 February 2012 21:28, Jim Dandy 
mailto:jda...@asmail.ucdavis.edu>> wrote:
I'm trying to install software via group policy. If I do resultant set of 
policy, it shows the group policies but there is a yellow triangle with an 
exclamation point on all of the policies assigning the software packages. In 
RSoP, if I look at the Error Information tab on the Properties for the group 
policy, it only shows the date and time. There are no errors in the system 
event log indicating the software failed to install - it just doesn't install 
when the system is booted. The issue only occurs on this one (Vista) computer. 
The GPs are working perfectly on other computers in the OU. How can I track 
down the problem? Thanks for your help.
Curt Finley

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed. If 
you have received this message it was obviously addressed to you and therefore 
you can read it, even it we didn't mean to send it to you. However, if the 
contents of this email make no sense whatsoever then you probably were not the 
intended recipient, or, alternatively, you are a mindless cretin; either way, 

Re: Group Policy problem

[Tom Miller]

Yes, that's it.

>>> James Rankin  2/16/2012 6:43 AM >>>
Aha, the old "always wait for network at computer startup" option?

On 16 February 2012 11:36, Tom Miller  wrote:


I've had issues with this sort of thing on Windows XP. There is a
setting in the GPO - can dig for it if you need it - that does something
like waits for Windows to completely load before the GPO completes, and
I found that helpful for scripts. It delays the logon process by a few
seconds, but our users don't notice since I've used it since we migrated
from another file and print system.
If you don't need the script to run at logon, consider a scheduled task
via GPO. I have a task that runs every few hours to check for A/V
software (task executes a script on a share). If the software is
present, the script exits, if not, a silent install runs. (That's very
helpful when Vipre has major upgrades, the old agent gets uninstalled,
but the new agent fails to install.) Since this PC is over a WAN link,
you could have the script copy whatever locally, then execute. Just an
alternative.
Tom

>>> "Rankin, James R"  2/16/2012 3:25 AM >>>

Its just some strangeness I saw before, some pcs unable to get install
files from shares on DCs.
Sent from my SR-71 Blackbird
From: "Jim Dandy"  
Date: Wed, 15 Feb 2012 14:57:21 -0800
To: NT System Admin Issues
ReplyTo: "NT System Admin Issues"

Subject: RE: Group Policy problem


No, It’s 32-bit. I wouldn’t think it could be a problem with the share
since other computers are able to apply the policy. Am I wrong?

Curt

From:James Rankin [mailto:kz2...@googlemail.com] 
Sent: Wednesday, February 15, 2012 1:37 PM
To: NT System Admin Issues
Subject: Re: Group Policy problem

It's not an x64 system is it?

Also where are the installation files stored? I had a lot of problems
when someone stored the install files in the netlogon share, moving them
out sorted things.

On 15 February 2012 21:28, Jim Dandy 
wrote:

I’m trying to install software via group policy. If I do resultant set
of policy, it shows the group policies but there is a yellow triangle
with an exclamation point on all of the policies assigning the software
packages. In RSoP, if I look at the Error Information tab on the
Properties for the group policy, it only shows the date and time. There
are no errors in the system event log indicating the software failed to
install – it just doesn’t install when the system is booted. The issue
only occurs on this one (Vista) computer. The GPs are working perfectly
on other computers in the OU. How can I track down the problem? Thanks
for your help.

Curt Finley

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is
addressed. If you have received this message it was obviously addressed
to you and therefore you can read it, even it we didn't mean to send it
to you. However, if the contents of this email make no sense whatsoever
then you probably were not the intended recipient, or, alternatively,
you are a mindless cretin; either way, you should immediately kill
yourself and destroy your computer (not necessarily in that order). Once
you have taken this action, please contact us.. no, sorry, you can't use
your computer, because you just destroyed it, and possibly also
committed suicide afterwards, but I am starting to digress.. 
The originator of this email is not liable for the transmission of the
information contained in this communication. Or are they? Either way
it's a pretty dull legal query and frankly one I'm not going to dwell
on. But should you have nothing better to do, please feel free to
ruminate on it, and please pass on any concrete conclusions should you
find them. However, if you pass them on via email, be sure to include a
disclaimer regarding liability for transmission.
In the event that the originator did not send this email to you, then
please return it to us and attach a scanned-in picture of your mother's
brother's wife wearing nothing but a kangaroo suit, and we will
immediately refund you exactly half of what you paid for the can of
Whiskas you bought when you went to Pets At Home yesterday. 
We take no responsibility for non-receipt of this email because we are
running Exchange 5.5 and everyone knows ho

Re: Group Policy problem

[James Rankin]

Aha, the old "always wait for network at computer startup" option?

On 16 February 2012 11:36, Tom Miller  wrote:

>  I've had issues with this sort of thing on Windows XP.  There is a
> setting in the GPO - can dig for it if you need it - that does something
> like waits for Windows to completely load before the GPO completes, and I
> found that helpful for scripts.  It delays the logon process by a few
> seconds, but our users don't notice since I've used it since we migrated
> from another file and print system.
>
> If you don't need the script to run at logon, consider a scheduled task
> via GPO.  I have a task that runs every few hours to check for A/V software
> (task executes a script on a share).  If the software is present, the
> script exits, if not, a silent install runs.  (That's very helpful when
> Vipre has major upgrades, the old agent gets uninstalled, but the new agent
> fails to install.)  Since this PC is over a WAN link, you could have the
> script copy whatever locally, then execute.  Just an alternative.
>
> Tom
>
> >>> "Rankin, James R"  2/16/2012 3:25 AM >>>
>
> Its just some strangeness I saw before, some pcs unable to get install
> files from shares on DCs.
> Sent from my SR-71 Blackbird
> --
> *From: *"Jim Dandy" 
> *Date: *Wed, 15 Feb 2012 14:57:21 -0800
> *To: *NT System Admin Issues
> *ReplyTo: *"NT System Admin Issues"  >
> *Subject: *RE: Group Policy problem
>
>  No, It’s 32-bit.  I wouldn’t think it could be a problem with the share
> since other computers are able to apply the policy.  Am I wrong?
>
> ** **
>
> Curt
>
> ** **
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Wednesday, February 15, 2012 1:37 PM
> *To:* NT System Admin Issues
> *Subject:* Re: Group Policy problem
>
> ** **
>
> It's not an x64 system is it?
>
> Also where are the installation files stored? I had a lot of problems when
> someone stored the install files in the netlogon share, moving them out
> sorted things.
>
> On 15 February 2012 21:28, Jim Dandy  wrote:***
> *
>
> I’m trying to install software via group policy.  If I do resultant set of
> policy, it shows the group policies but there is a yellow triangle with an
> exclamation point on all of the policies assigning the software packages.
> In RSoP, if I look at the Error Information tab on the Properties for the
> group policy, it only shows the date and time. There are no errors in the
> system event log indicating the software failed to install – it just
> doesn’t install when the system is booted.  The issue only occurs on this
> one (Vista) computer.  The GPs are working perfectly on other computers in
> the OU.  How can I track down the problem?  Thanks for your help.
>
>  
>
> Curt Finley
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ** IMPORTANT INFORMATION/DISCLAIMER *
>
> This document should be read only by those persons to whom it is
> addressed. If you have received this message it was obviously addressed to
> you and therefore you can read it, even it we didn't mean to send it to
> you. However, if the contents of this email make no sense whatsoever then
> you probably were not the intended recipient, or, alternatively, you are a
> mindless cretin; either way, you should immediately kill yourself and
> destroy your computer (not necessarily in that order). Once you have taken
> this action, please contact us.. no, sorry, you can't use your computer,
> because you just destroyed it, and possibly also committed suicide
> afterwards, but I am starting to digress.. *
>
> *The originator of this email is not liable for the transmission of the
> information contained in this communication. Or are they? Either way it's a
> pretty dull legal query and frankly one I'm not going to dwell on. But
> should you have nothing better to do, please feel free to ruminate on it,
> and please pass on any concrete conclusions should you find them. However,
&

Re: Group Policy problem

[Tom Miller]

I've had issues with this sort of thing on Windows XP.  There is a
setting in the GPO - can dig for it if you need it - that does something
like waits for Windows to completely load before the GPO completes, and
I found that helpful for scripts.  It delays the logon process by a few
seconds, but our users don't notice since I've used it since we migrated
from another file and print system.
 
If you don't need the script to run at logon, consider a scheduled task
via GPO.  I have a task that runs every few hours to check for A/V
software (task executes a script on a share).  If the software is
present, the script exits, if not, a silent install runs.  (That's very
helpful when Vipre has major upgrades, the old agent gets uninstalled,
but the new agent fails to install.)  Since this PC is over a WAN link,
you could have the script copy whatever locally, then execute.  Just an
alternative.
 
Tom

>>> "Rankin, James R"  2/16/2012 3:25 AM >>>
Its just some strangeness I saw before, some pcs unable to get install
files from shares on DCs.
Sent from my SR-71 Blackbird
From: "Jim Dandy"  
Date: Wed, 15 Feb 2012 14:57:21 -0800
To: NT System Admin Issues
ReplyTo: "NT System Admin Issues"

Subject: RE: Group Policy problem


No, It’s 32-bit.  I wouldn’t think it could be a problem with the share
since other computers are able to apply the policy.  Am I wrong?
 
Curt
 
From:James Rankin [mailto:kz2...@googlemail.com] 
Sent: Wednesday, February 15, 2012 1:37 PM
To: NT System Admin Issues
Subject: Re: Group Policy problem
 
It's not an x64 system is it?

Also where are the installation files stored? I had a lot of problems
when someone stored the install files in the netlogon share, moving them
out sorted things.

On 15 February 2012 21:28, Jim Dandy 
wrote:

I’m trying to install software via group policy.  If I do resultant set
of policy, it shows the group policies but there is a yellow triangle
with an exclamation point on all of the policies assigning the software
packages.  In RSoP, if I look at the Error Information tab on the
Properties for the group policy, it only shows the date and time. There
are no errors in the system event log indicating the software failed to
install – it just doesn’t install when the system is booted.  The issue
only occurs on this one (Vista) computer.  The GPs are working perfectly
on other computers in the OU.  How can I track down the problem?  Thanks
for your help.
 
Curt Finley

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is
addressed. If you have received this message it was obviously addressed
to you and therefore you can read it, even it we didn't mean to send it
to you. However, if the contents of this email make no sense whatsoever
then you probably were not the intended recipient, or, alternatively,
you are a mindless cretin; either way, you should immediately kill
yourself and destroy your computer (not necessarily in that order). Once
you have taken this action, please contact us.. no, sorry, you can't use
your computer, because you just destroyed it, and possibly also
committed suicide afterwards, but I am starting to digress.. 
The originator of this email is not liable for the transmission of the
information contained in this communication. Or are they? Either way
it's a pretty dull legal query and frankly one I'm not going to dwell
on. But should you have nothing better to do, please feel free to
ruminate on it, and please pass on any concrete conclusions should you
find them. However, if you pass them on via email, be sure to include a
disclaimer regarding liability for transmission.
In the event that the originator did not send this email to you, then
please return it to us and attach a scanned-in picture of your mother's
brother's wife wearing nothing but a kangaroo suit, and we will
immediately refund you exactly half of what you paid for the can of
Whiskas you bought when you went to Pets At Home yesterday. 
We take no responsibility for non-receipt of this email because we are
running Exchange 5.5 and everyone knows how glitchy that can be. In the
event that you do get this message then please note that we take no
responsibility for that either. Nor will we accept any liability, tacit
or implied, for a

Re: Group Policy problem

[Rankin, James R]

Its just some strangeness I saw before, some pcs unable to get install files 
from shares on DCs.

Sent from my SR-71 Blackbird

-Original Message-
From: "Jim Dandy" 
Date: Wed, 15 Feb 2012 14:57:21 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: RE: Group Policy problem

No, It's 32-bit.  I wouldn't think it could be a problem with the share
since other computers are able to apply the policy.  Am I wrong?

 

Curt

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Wednesday, February 15, 2012 1:37 PM
To: NT System Admin Issues
Subject: Re: Group Policy problem

 

It's not an x64 system is it?

Also where are the installation files stored? I had a lot of problems
when someone stored the install files in the netlogon share, moving them
out sorted things.

On 15 February 2012 21:28, Jim Dandy  wrote:

I'm trying to install software via group policy.  If I do resultant set
of policy, it shows the group policies but there is a yellow triangle
with an exclamation point on all of the policies assigning the software
packages.  In RSoP, if I look at the Error Information tab on the
Properties for the group policy, it only shows the date and time. There
are no errors in the system event log indicating the software failed to
install - it just doesn't install when the system is booted.  The issue
only occurs on this one (Vista) computer.  The GPs are working perfectly
on other computers in the OU.  How can I track down the problem?  Thanks
for your help.

 

Curt Finley

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is
addressed. If you have received this message it was obviously addressed
to you and therefore you can read it, even it we didn't mean to send it
to you. However, if the contents of this email make no sense whatsoever
then you probably were not the intended recipient, or, alternatively,
you are a mindless cretin; either way, you should immediately kill
yourself and destroy your computer (not necessarily in that order). Once
you have taken this action, please contact us.. no, sorry, you can't use
your computer, because you just destroyed it, and possibly also
committed suicide afterwards, but I am starting to digress.. 

The originator of this email is not liable for the transmission of the
information contained in this communication. Or are they? Either way
it's a pretty dull legal query and frankly one I'm not going to dwell
on. But should you have nothing better to do, please feel free to
ruminate on it, and please pass on any concrete conclusions should you
find them. However, if you pass them on via email, be sure to include a
disclaimer regarding liability for transmission.

In the event that the originator did not send this email to you, then
please return it to us and attach a scanned-in picture of your mother's
brother's wife wearing nothing but a kangaroo suit, and we will
immediately refund you exactly half of what you paid for the can of
Whiskas you bought when you went to Pets At Home yesterday. 

We take no responsibility for non-receipt of this email because we are
running Exchange 5.5 and everyone knows how glitchy that can be. In the
event that you do get this message then please note that we take no
responsibility for that either. Nor will we accept any liability, tacit
or implied, for any damage you may or may not incur as a result of
receiving, or not, as the case may be, from time to time,
notwithstanding all liabilities implied or otherwise, ummm, hell, where
was I...umm, no matter what happens, it is NOT, and NEVER WILL BE, OUR
FAULT! 

The comments and opinions expressed herein are my own and NOT those of
my employer, who, if he knew I was sending emails and surfing the
seamier side of the Internet, would cut off my manhood and feed it to me
for afternoon tea. 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE

RE: Group Policy problem

[Blackman, Woody]

Have you tried using the simulate slow link option in the GPO modeling wizard?

From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu]
Sent: Wednesday, February 15, 2012 1:37 PM
To: NT System Admin Issues
Subject: RE: Group Policy problem

I might also mention that the computer is on a very slow link.  However, I 
don't think that's the issue because this computer has been able to install 
software from GPs in the past.

Curt

From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu]
Sent: Wednesday, February 15, 2012 1:28 PM
To: NT System Admin Issues
Subject: Group Policy problem

I'm trying to install software via group policy.  If I do resultant set of 
policy, it shows the group policies but there is a yellow triangle with an 
exclamation point on all of the policies assigning the software packages.  In 
RSoP, if I look at the Error Information tab on the Properties for the group 
policy, it only shows the date and time. There are no errors in the system 
event log indicating the software failed to install - it just doesn't install 
when the system is booted.  The issue only occurs on this one (Vista) computer. 
 The GPs are working perfectly on other computers in the OU.  How can I track 
down the problem?  Thanks for your help.

Curt Finley

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy problem

[Jim Dandy]

No, It's 32-bit.  I wouldn't think it could be a problem with the share
since other computers are able to apply the policy.  Am I wrong?

 

Curt

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Wednesday, February 15, 2012 1:37 PM
To: NT System Admin Issues
Subject: Re: Group Policy problem

 

It's not an x64 system is it?

Also where are the installation files stored? I had a lot of problems
when someone stored the install files in the netlogon share, moving them
out sorted things.

On 15 February 2012 21:28, Jim Dandy  wrote:

I'm trying to install software via group policy.  If I do resultant set
of policy, it shows the group policies but there is a yellow triangle
with an exclamation point on all of the policies assigning the software
packages.  In RSoP, if I look at the Error Information tab on the
Properties for the group policy, it only shows the date and time. There
are no errors in the system event log indicating the software failed to
install - it just doesn't install when the system is booted.  The issue
only occurs on this one (Vista) computer.  The GPs are working perfectly
on other computers in the OU.  How can I track down the problem?  Thanks
for your help.

 

Curt Finley

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is
addressed. If you have received this message it was obviously addressed
to you and therefore you can read it, even it we didn't mean to send it
to you. However, if the contents of this email make no sense whatsoever
then you probably were not the intended recipient, or, alternatively,
you are a mindless cretin; either way, you should immediately kill
yourself and destroy your computer (not necessarily in that order). Once
you have taken this action, please contact us.. no, sorry, you can't use
your computer, because you just destroyed it, and possibly also
committed suicide afterwards, but I am starting to digress.. 

The originator of this email is not liable for the transmission of the
information contained in this communication. Or are they? Either way
it's a pretty dull legal query and frankly one I'm not going to dwell
on. But should you have nothing better to do, please feel free to
ruminate on it, and please pass on any concrete conclusions should you
find them. However, if you pass them on via email, be sure to include a
disclaimer regarding liability for transmission.

In the event that the originator did not send this email to you, then
please return it to us and attach a scanned-in picture of your mother's
brother's wife wearing nothing but a kangaroo suit, and we will
immediately refund you exactly half of what you paid for the can of
Whiskas you bought when you went to Pets At Home yesterday. 

We take no responsibility for non-receipt of this email because we are
running Exchange 5.5 and everyone knows how glitchy that can be. In the
event that you do get this message then please note that we take no
responsibility for that either. Nor will we accept any liability, tacit
or implied, for any damage you may or may not incur as a result of
receiving, or not, as the case may be, from time to time,
notwithstanding all liabilities implied or otherwise, ummm, hell, where
was I...umm, no matter what happens, it is NOT, and NEVER WILL BE, OUR
FAULT! 

The comments and opinions expressed herein are my own and NOT those of
my employer, who, if he knew I was sending emails and surfing the
seamier side of the Internet, would cut off my manhood and feed it to me
for afternoon tea. 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy problem

[Jim Dandy]

I might also mention that the computer is on a very slow link.  However,
I don't think that's the issue because this computer has been able to
install software from GPs in the past.

 

Curt

 

From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] 
Sent: Wednesday, February 15, 2012 1:28 PM
To: NT System Admin Issues
Subject: Group Policy problem

 

I'm trying to install software via group policy.  If I do resultant set
of policy, it shows the group policies but there is a yellow triangle
with an exclamation point on all of the policies assigning the software
packages.  In RSoP, if I look at the Error Information tab on the
Properties for the group policy, it only shows the date and time. There
are no errors in the system event log indicating the software failed to
install - it just doesn't install when the system is booted.  The issue
only occurs on this one (Vista) computer.  The GPs are working perfectly
on other computers in the OU.  How can I track down the problem?  Thanks
for your help.

 

Curt Finley

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Group Policy problem

[James Rankin]

It's not an x64 system is it?

Also where are the installation files stored? I had a lot of problems when
someone stored the install files in the netlogon share, moving them out
sorted things.

On 15 February 2012 21:28, Jim Dandy  wrote:

> I’m trying to install software via group policy.  If I do resultant set of
> policy, it shows the group policies but there is a yellow triangle with an
> exclamation point on all of the policies assigning the software packages.
> In RSoP, if I look at the Error Information tab on the Properties for the
> group policy, it only shows the date and time. There are no errors in the
> system event log indicating the software failed to install – it just
> doesn’t install when the system is booted.  The issue only occurs on this
> one (Vista) computer.  The GPs are working perfectly on other computers in
> the OU.  How can I track down the problem?  Thanks for your help.
>
> ** **
>
> Curt Finley
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

** IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed.
If you have received this message it was obviously addressed to you and
therefore you can read it, even it we didn't mean to send it to you.
However, if the contents of this email make no sense whatsoever then you
probably were not the intended recipient, or, alternatively, you are a
mindless cretin; either way, you should immediately kill yourself and
destroy your computer (not necessarily in that order). Once you have taken
this action, please contact us.. no, sorry, you can't use your computer,
because you just destroyed it, and possibly also committed suicide
afterwards, but I am starting to digress.. *

* The originator of this email is not liable for the transmission of the
information contained in this communication. Or are they? Either way it's a
pretty dull legal query and frankly one I'm not going to dwell on. But
should you have nothing better to do, please feel free to ruminate on it,
and please pass on any concrete conclusions should you find them. However,
if you pass them on via email, be sure to include a disclaimer regarding
liability for transmission.
*

* In the event that the originator did not send this email to you, then
please return it to us and attach a scanned-in picture of your mother's
brother's wife wearing nothing but a kangaroo suit, and we will immediately
refund you exactly half of what you paid for the can of Whiskas you bought
when you went to Pets** ** At Home yesterday. *

* We take no responsibility for non-receipt of this email because we are
running Exchange 5.5 and everyone knows how glitchy that can be. In the
event that you do get this message then please note that we take no
responsibility for that either. Nor will we accept any liability, tacit or
implied, for any damage you may or may not incur as a result of receiving,
or not, as the case may be, from time to time, notwithstanding all
liabilities implied or otherwise, ummm, hell, where was I...umm, no matter
what happens, it is NOT, and NEVER WILL BE, OUR FAULT! *

* The comments and opinions expressed herein are my own and NOT those of my
employer, who, if he knew I was sending emails and surfing the seamier side
of the Internet, would cut off my manhood and feed it to me for afternoon
tea. *

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Group Policy Preferences installing a local printer

[Tom Miller]

I use Group Policy Preferences under:
 
User Configuration | Preferences | Control Panel Settings | Printers.  From 
here I add a shared printer which has already been created on a Print Server.   
I've also use IP instead of shared.  Almost all of our printers are defined on 
print servers, since soon we'll be using a product called Equitrac to manage 
printing, and print servers or IP printing is required for that.  
 
Just be sure your print server has a 32-bit driver for your XP clients.  And 
don't forget to associated the GPO with the applicable OU.  I've forgotten to 
do that in the past.
 
Sorry I cannot help with USB method, though, since we don't use that here.

>>> Kelli Sterley  1/31/2011 9:26 AM >>>
Tom - what does your policy settings look like? I am also trying to push 
network printers to xp using a GP but it is not working either.
Kelli

On Mon, Jan 31, 2011 at 8:53 AM, Tom Miller  wrote:


When you write local, do you mean connected via USB or IP? I push printers to 
XP via GP, but all printers here - desktop included - are IP based as we use 
meter readers.

>>> James Hill  1/30/2011 5:12 PM >>> 


Have you enabled GPP logging? There is a GPO to enable it for printing. Might 
be a good place to start.

From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: Saturday, 29 January 2011 1:26 AM
To: NT System Admin Issues
Subject: Group Policy Preferences installing a local printer

I'm having some trouble with this. After some fits and starts it appears that 
all of my Windows 7 clients are receiving the local printer I want them to 
have, however, when they physically attach the printer, it installs itself with 
a new name. It's not a huge deal, but something I was hoping to avoid. I also 
had turned on the preference setting allowing users to install devices of the 
printer class, so I think that's what's actually happening when a user plugs in 
the printer for the first time, and it appears that this policy is only for 
Windows 7 (maybe Vista, but that's moot since we don't have Vista).


My real issue is with Windows XP. No printers are installed. And yes, i do have 
the Group Policy extenstions for XP installed on these workstations. I have 
been successfully managing the local administrators group and user, and even 
went so far as to verify that the settings were intact on the XP machines. Is 
installing local printers only applicable to Vista and Windows 7?


Any ideas, hints, guides? GoogleFu got me this far, but I haven't been able to 
find definitive answers to my XP question.


Thanks,

Jonathan

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message. 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
Confidentiality Notice:  This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information.  Any unauthorized review, use, disclosure, or 
distribution is prohibited.  If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Group Policy Preferences installing a local printer

[Kelli Sterley]

Tom - what does your policy settings look like?  I am also trying to push
network printers to xp using a GP but it is not working either.
Kelli


On Mon, Jan 31, 2011 at 8:53 AM, Tom Miller  wrote:

> When you write local, do you mean connected via USB or IP?  I push printers
> to XP via GP, but all printers here - desktop included - are IP based as we
> use meter readers.
>
> >>> James Hill  1/30/2011 5:12 PM >>>
>
>  Have you enabled GPP logging?  There is a GPO to enable it for printing.
> Might be a good place to start.
>
>
>
> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
> *Sent:* Saturday, 29 January 2011 1:26 AM
> *To:* NT System Admin Issues
> *Subject:* Group Policy Preferences installing a local printer
>
>
>
> I'm having some trouble with this.  After some fits and starts it appears
> that all of my Windows 7 clients are receiving the local printer I want them
> to have, however, when they physically attach the printer, it installs
> itself with a new name.  It's not a huge deal, but something I was hoping to
> avoid.  I also had turned on the preference setting allowing users to
> install devices of the printer class, so I think that's what's actually
> happening when a user plugs in the printer for the first time, and it
> appears that this policy is only for Windows 7 (maybe Vista, but that's moot
> since we don't have Vista).
>
>
>
> My real issue is with Windows XP.  No printers are installed.  And yes, i
> do have the Group Policy extenstions for XP installed on these
> workstations.  I have been successfully managing the local administrators
> group and user, and even went so far as to verify that the settings were
> intact on the XP machines.  Is installing local printers only applicable to
> Vista and Windows 7?
>
>
>
> Any ideas, hints, guides?  GoogleFu got me this far, but I haven't been
> able to find definitive answers to my XP question.
>
>
>
> Thanks,
>
> Jonathan
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> Confidentiality Notice: This e-mail message, including attachments, is for
> the sole use of the intended recipient(s) and may contain confidential and
> privileged information. Any unauthorized review, use, disclosure, or
> distribution is prohibited. If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Group Policy Preferences installing a local printer

[Jonathan Link]

Logging may solve part of my issue, XP workstations not receiving the
printer (although my searching has indicated others have problems with this,
too).

However, I don't see how logging won't resolve my biggest issue, that the
printer installs itself as a new device when physically connected.  The
printers I want are already there, and remain their when the printer is
connected.

On Sun, Jan 30, 2011 at 5:12 PM, James Hill wrote:

>  Have you enabled GPP logging?  There is a GPO to enable it for printing.
> Might be a good place to start.
>
>
>
> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
> *Sent:* Saturday, 29 January 2011 1:26 AM
> *To:* NT System Admin Issues
> *Subject:* Group Policy Preferences installing a local printer
>
>
>
> I'm having some trouble with this.  After some fits and starts it appears
> that all of my Windows 7 clients are receiving the local printer I want them
> to have, however, when they physically attach the printer, it installs
> itself with a new name.  It's not a huge deal, but something I was hoping to
> avoid.  I also had turned on the preference setting allowing users to
> install devices of the printer class, so I think that's what's actually
> happening when a user plugs in the printer for the first time, and it
> appears that this policy is only for Windows 7 (maybe Vista, but that's moot
> since we don't have Vista).
>
>
>
> My real issue is with Windows XP.  No printers are installed.  And yes, i
> do have the Group Policy extenstions for XP installed on these
> workstations.  I have been successfully managing the local administrators
> group and user, and even went so far as to verify that the settings were
> intact on the XP machines.  Is installing local printers only applicable to
> Vista and Windows 7?
>
>
>
> Any ideas, hints, guides?  GoogleFu got me this far, but I haven't been
> able to find definitive answers to my XP question.
>
>
>
> Thanks,
>
> Jonathan
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Group Policy Preferences installing a local printer

[Jonathan Link]

I mean connected via USB.
On Mon, Jan 31, 2011 at 8:53 AM, Tom Miller  wrote:

> When you write local, do you mean connected via USB or IP?  I push printers
> to XP via GP, but all printers here - desktop included - are IP based as we
> use meter readers.
>
> >>> James Hill  1/30/2011 5:12 PM >>>
>
>  Have you enabled GPP logging?  There is a GPO to enable it for printing.
> Might be a good place to start.
>
>
>
> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
> *Sent:* Saturday, 29 January 2011 1:26 AM
> *To:* NT System Admin Issues
> *Subject:* Group Policy Preferences installing a local printer
>
>
>
> I'm having some trouble with this.  After some fits and starts it appears
> that all of my Windows 7 clients are receiving the local printer I want them
> to have, however, when they physically attach the printer, it installs
> itself with a new name.  It's not a huge deal, but something I was hoping to
> avoid.  I also had turned on the preference setting allowing users to
> install devices of the printer class, so I think that's what's actually
> happening when a user plugs in the printer for the first time, and it
> appears that this policy is only for Windows 7 (maybe Vista, but that's moot
> since we don't have Vista).
>
>
>
> My real issue is with Windows XP.  No printers are installed.  And yes, i
> do have the Group Policy extenstions for XP installed on these
> workstations.  I have been successfully managing the local administrators
> group and user, and even went so far as to verify that the settings were
> intact on the XP machines.  Is installing local printers only applicable to
> Vista and Windows 7?
>
>
>
> Any ideas, hints, guides?  GoogleFu got me this far, but I haven't been
> able to find definitive answers to my XP question.
>
>
>
> Thanks,
>
> Jonathan
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> Confidentiality Notice: This e-mail message, including attachments, is for
> the sole use of the intended recipient(s) and may contain confidential and
> privileged information. Any unauthorized review, use, disclosure, or
> distribution is prohibited. If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Preferences installing a local printer

[Tom Miller]

When you write local, do you mean connected via USB or IP?  I push printers to 
XP via GP, but all printers here - desktop included - are IP based as we use 
meter readers.

>>> James Hill  1/30/2011 5:12 PM >>>

Have you enabled GPP logging?  There is a GPO to enable it for printing.  Might 
be a good place to start.
 
From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: Saturday, 29 January 2011 1:26 AM
To: NT System Admin Issues
Subject: Group Policy Preferences installing a local printer
 

I'm having some trouble with this.  After some fits and starts it appears that 
all of my Windows 7 clients are receiving the local printer I want them to 
have, however, when they physically attach the printer, it installs itself with 
a new name.  It's not a huge deal, but something I was hoping to avoid.  I also 
had turned on the preference setting allowing users to install devices of the 
printer class, so I think that's what's actually happening when a user plugs in 
the printer for the first time, and it appears that this policy is only for 
Windows 7 (maybe Vista, but that's moot since we don't have Vista).

 

My real issue is with Windows XP.  No printers are installed.  And yes, i do 
have the Group Policy extenstions for XP installed on these workstations.  I 
have been successfully managing the local administrators group and user, and 
even went so far as to verify that the settings were intact on the XP machines. 
 Is installing local printers only applicable to Vista and Windows 7?

 

Any ideas, hints, guides?  GoogleFu got me this far, but I haven't been able to 
find definitive answers to my XP question.

 

Thanks,

Jonathan

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
Confidentiality Notice:  This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information.  Any unauthorized review, use, disclosure, or 
distribution is prohibited.  If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Preferences installing a local printer

[James Hill]

Have you enabled GPP logging?  There is a GPO to enable it for printing.  Might 
be a good place to start.

From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: Saturday, 29 January 2011 1:26 AM
To: NT System Admin Issues
Subject: Group Policy Preferences installing a local printer

I'm having some trouble with this.  After some fits and starts it appears that 
all of my Windows 7 clients are receiving the local printer I want them to 
have, however, when they physically attach the printer, it installs itself with 
a new name.  It's not a huge deal, but something I was hoping to avoid.  I also 
had turned on the preference setting allowing users to install devices of the 
printer class, so I think that's what's actually happening when a user plugs in 
the printer for the first time, and it appears that this policy is only for 
Windows 7 (maybe Vista, but that's moot since we don't have Vista).

My real issue is with Windows XP.  No printers are installed.  And yes, i do 
have the Group Policy extenstions for XP installed on these workstations.  I 
have been successfully managing the local administrators group and user, and 
even went so far as to verify that the settings were intact on the XP machines. 
 Is installing local printers only applicable to Vista and Windows 7?

Any ideas, hints, guides?  GoogleFu got me this far, but I haven't been able to 
find definitive answers to my XP question.

Thanks,
Jonathan

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Won't Go Away

[Don Guyer]

Nevermind, I read that as HK_USERS

 

It's coffee time.

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com <mailto:don.gu...@prufoxroach.com> 

 

From: Don Guyer [mailto:don.gu...@prufoxroach.com] 
Sent: Wednesday, November 03, 2010 2:06 PM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

Now I'm totally cornfused..

 

I thought we were talking about the SSID and correlating password for a
wireless network?

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com

 

From: Level 5 Lists [mailto:li...@levelfive.us] 
Sent: Wednesday, November 03, 2010 1:59 PM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

Did you try looking here on the local machine:

 

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft

 

There should be GUID's matching the group policy items you want to
remove. 

 

From: Don Guyer [mailto:don.gu...@prufoxroach.com] 
Sent: Wednesday, November 03, 2010 1:57 PM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

Can't you view the settings the GPO changes, then work on figuring out
where in the registry they are stored and remove them?

 

Maybe I'm not thinking into this deep enough...

 

J

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, November 03, 2010 1:55 PM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

We can always reimage the machine if it comes down to it. But that
shouldn't be necessary-I know there has to be a way to fix it. I'm just
not knowledgeable enough about the intricacies of group policy to do it.

 

 

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Wednesday, November 03, 2010 1:38 PM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

Tried a system restore back to before the policy was ever applied?

 

Carl

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, November 03, 2010 10:57 AM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

It's stuck somewhere, but I don't know where. I'm not sure where to
look.

 

When the WLAN AutoConfig service starts, it clearly looks somewhere to
see if group policies should be applied. But where? I have no idea.

 

 

From: Don Guyer [mailto:don.gu...@prufoxroach.com] 
Sent: Wednesday, November 03, 2010 10:52 AM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

Wonder if it's stuck in the local registry somewhere.

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, November 03, 2010 10:49 AM
To: NT System Admin Issues
Subject: Group Policy Won't Go Away

 

I created a group policy to force some machines in a lab to connect to a
particular wireless network. Unfortunately, when creating the policy I
made a mistake configuring the password. So when you try to connect to
the network you get a message saying, "The settings saved on this
computer for the network do not match the requirements of the network."

 

So I turned the policy back off and ran gpupdate /force on the machines
in the lab, and they all started working again in the sense that the
policy was no longer applied and I could manually connect to the
wireless network and enter the password.

 

Except for one machine. That machine still won't connect. Still says the
saved settings for the wireless network are wrong. It says it's getting
its group policy updates fine, yet this policy just won't go away.

 

We've even gone so far as to unjoin the machine from the domain. Still,
no luck.

 

I can run regedit and look under the wlansvc -> GroupPolicy section and
delete the key that has the SSID of the network (and, I'm assuming, is
storing the wrong password info), but when I restart the WLAN AutoConfig
service the key comes right back again.

 

How the heck do I get rid of this policy once and for all?

 

 

 

John Hornbuckle

MIS Department

Taylor County School District

www.taylor.k12.fl.us

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-E

Re: Group Policy Won't Go Away

[Jonathan Link]

Have you run gpedit.msc to look for it there?

On Wednesday, November 3, 2010, John Hornbuckle
 wrote:
> This policy is computer-based. I’ll check out that registry location and see 
> what I can find.   From: Level 5 Lists [mailto:li...@levelfive.us]
> Sent: Wednesday, November 03, 2010 2:02 PM
> To: NT System Admin Issues
> Subject: RE: Group Policy Won't Go Away Sorry I think they show up here too 
> if they are user 
> based: [HKEY_CURRENT_USER\Software\Policies\Microsoft][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group
>  Policy 
> Objects][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]  From:
>  Level 5 Lists [mailto:li...@levelfive.us]
> Sent: Wednesday, November 03, 2010 1:59 PM
> To: NT System Admin Issues
> Subject: RE: Group Policy Won't Go Away Did you try looking here on the local 
> machine: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft There should be 
> GUID’s matching the group policy items you want to remove.  From: Don Guyer 
> [mailto:don.gu...@prufoxroach.com]
> Sent: Wednesday, November 03, 2010 1:57 PM
> To: NT System Admin Issues
> Subject: RE: Group Policy Won't Go Away Can’t you view the settings the GPO 
> changes, then work on figuring out where in the registry they are stored and 
> remove them? Maybe I’m not thinking into this deep enough… J Don GuyerSystems 
> Engineer - Information ServicesPrudential, Fox & Roach/Trident Group431 W. 
> Lancaster AvenueDevon, PA 19333Direct: (610) 993-3299Fax: (610) 
> 650-5306don.gu...@prufoxroach.com from: John Hornbuckle 
> [mailto:john.hornbuc...@taylor.k12.fl.us]
> Sent: Wednesday, November 03, 2010 1:55 PM
> To: NT System Admin Issues
> Subject: RE: Group Policy Won't Go Away We can always reimage the machine if 
> it comes down to it. But that shouldn’t be necessary—I know there has to be a 
> way to fix it. I’m just not knowledgeable enough about the intricacies of 
> group policy to do it.   From: Carl Houseman [mailto:c.house...@gmail.
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
> NOTICE: Florida has a broad public records law. Most written communications 
> to or from this entity are public records that will be disclosed to the 
> public and the media upon request. E-mail communications may be subject to 
> public disclosure.
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Won't Go Away

[Don Guyer]

Now I'm totally cornfused..

 

I thought we were talking about the SSID and correlating password for a
wireless network?

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com <mailto:don.gu...@prufoxroach.com> 

 

From: Level 5 Lists [mailto:li...@levelfive.us] 
Sent: Wednesday, November 03, 2010 1:59 PM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

Did you try looking here on the local machine:

 

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft

 

There should be GUID's matching the group policy items you want to
remove. 

 

From: Don Guyer [mailto:don.gu...@prufoxroach.com] 
Sent: Wednesday, November 03, 2010 1:57 PM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

Can't you view the settings the GPO changes, then work on figuring out
where in the registry they are stored and remove them?

 

Maybe I'm not thinking into this deep enough...

 

J

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, November 03, 2010 1:55 PM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

We can always reimage the machine if it comes down to it. But that
shouldn't be necessary-I know there has to be a way to fix it. I'm just
not knowledgeable enough about the intricacies of group policy to do it.

 

 

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Wednesday, November 03, 2010 1:38 PM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

Tried a system restore back to before the policy was ever applied?

 

Carl

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, November 03, 2010 10:57 AM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

It's stuck somewhere, but I don't know where. I'm not sure where to
look.

 

When the WLAN AutoConfig service starts, it clearly looks somewhere to
see if group policies should be applied. But where? I have no idea.

 

 

From: Don Guyer [mailto:don.gu...@prufoxroach.com] 
Sent: Wednesday, November 03, 2010 10:52 AM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

Wonder if it's stuck in the local registry somewhere.

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, November 03, 2010 10:49 AM
To: NT System Admin Issues
Subject: Group Policy Won't Go Away

 

I created a group policy to force some machines in a lab to connect to a
particular wireless network. Unfortunately, when creating the policy I
made a mistake configuring the password. So when you try to connect to
the network you get a message saying, "The settings saved on this
computer for the network do not match the requirements of the network."

 

So I turned the policy back off and ran gpupdate /force on the machines
in the lab, and they all started working again in the sense that the
policy was no longer applied and I could manually connect to the
wireless network and enter the password.

 

Except for one machine. That machine still won't connect. Still says the
saved settings for the wireless network are wrong. It says it's getting
its group policy updates fine, yet this policy just won't go away.

 

We've even gone so far as to unjoin the machine from the domain. Still,
no luck.

 

I can run regedit and look under the wlansvc -> GroupPolicy section and
delete the key that has the SSID of the network (and, I'm assuming, is
storing the wrong password info), but when I restart the WLAN AutoConfig
service the key comes right back again.

 

How the heck do I get rid of this policy once and for all?

 

 

 

John Hornbuckle

MIS Department

Taylor County School District

www.taylor.k12.fl.us

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email

RE: Group Policy Won't Go Away

[John Hornbuckle]

This policy is computer-based. I'll check out that registry location and see 
what I can find.



From: Level 5 Lists [mailto:li...@levelfive.us]
Sent: Wednesday, November 03, 2010 2:02 PM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

Sorry I think they show up here too if they are user based:

[HKEY_CURRENT_USER\Software\Policies\Microsoft]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy 
Objects]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]


From: Level 5 Lists [mailto:li...@levelfive.us]
Sent: Wednesday, November 03, 2010 1:59 PM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

Did you try looking here on the local machine:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft

There should be GUID's matching the group policy items you want to remove.

From: Don Guyer [mailto:don.gu...@prufoxroach.com]
Sent: Wednesday, November 03, 2010 1:57 PM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

Can't you view the settings the GPO changes, then work on figuring out where in 
the registry they are stored and remove them?

Maybe I'm not thinking into this deep enough...

:)

Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com<mailto:don.gu...@prufoxroach.com>

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, November 03, 2010 1:55 PM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

We can always reimage the machine if it comes down to it. But that shouldn't be 
necessary-I know there has to be a way to fix it. I'm just not knowledgeable 
enough about the intricacies of group policy to do it.



From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Wednesday, November 03, 2010 1:38 PM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

Tried a system restore back to before the policy was ever applied?

Carl

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, November 03, 2010 10:57 AM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

It's stuck somewhere, but I don't know where. I'm not sure where to look.

When the WLAN AutoConfig service starts, it clearly looks somewhere to see if 
group policies should be applied. But where? I have no idea.


From: Don Guyer [mailto:don.gu...@prufoxroach.com]
Sent: Wednesday, November 03, 2010 10:52 AM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

Wonder if it's stuck in the local registry somewhere.

Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com<mailto:don.gu...@prufoxroach.com>

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, November 03, 2010 10:49 AM
To: NT System Admin Issues
Subject: Group Policy Won't Go Away

I created a group policy to force some machines in a lab to connect to a 
particular wireless network. Unfortunately, when creating the policy I made a 
mistake configuring the password. So when you try to connect to the network you 
get a message saying, "The settings saved on this computer for the network do 
not match the requirements of the network."

So I turned the policy back off and ran gpupdate /force on the machines in the 
lab, and they all started working again in the sense that the policy was no 
longer applied and I could manually connect to the wireless network and enter 
the password.

Except for one machine. That machine still won't connect. Still says the saved 
settings for the wireless network are wrong. It says it's getting its group 
policy updates fine, yet this policy just won't go away.

We've even gone so far as to unjoin the machine from the domain. Still, no luck.

I can run regedit and look under the wlansvc -> GroupPolicy section and delete 
the key that has the SSID of the network (and, I'm assuming, is storing the 
wrong password info), but when I restart the WLAN AutoConfig service the key 
comes right back again.

How the heck do I get rid of this policy once and for all?



John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <

RE: Group Policy Won't Go Away

[Level 5 Lists]

Sorry I think they show up here too if they are user based:

 

[HKEY_CURRENT_USER\Software\Policies\Microsoft]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy
Objects]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

 

 

From: Level 5 Lists [mailto:li...@levelfive.us] 
Sent: Wednesday, November 03, 2010 1:59 PM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

Did you try looking here on the local machine:

 

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft

 

There should be GUID's matching the group policy items you want to remove. 

 

From: Don Guyer [mailto:don.gu...@prufoxroach.com] 
Sent: Wednesday, November 03, 2010 1:57 PM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

Can't you view the settings the GPO changes, then work on figuring out where
in the registry they are stored and remove them?

 

Maybe I'm not thinking into this deep enough.

 

J

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, November 03, 2010 1:55 PM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

We can always reimage the machine if it comes down to it. But that shouldn't
be necessary-I know there has to be a way to fix it. I'm just not
knowledgeable enough about the intricacies of group policy to do it.

 

 

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Wednesday, November 03, 2010 1:38 PM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

Tried a system restore back to before the policy was ever applied?

 

Carl

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, November 03, 2010 10:57 AM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

It's stuck somewhere, but I don't know where. I'm not sure where to look.

 

When the WLAN AutoConfig service starts, it clearly looks somewhere to see
if group policies should be applied. But where? I have no idea.

 

 

From: Don Guyer [mailto:don.gu...@prufoxroach.com] 
Sent: Wednesday, November 03, 2010 10:52 AM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

Wonder if it's stuck in the local registry somewhere.

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, November 03, 2010 10:49 AM
To: NT System Admin Issues
Subject: Group Policy Won't Go Away

 

I created a group policy to force some machines in a lab to connect to a
particular wireless network. Unfortunately, when creating the policy I made
a mistake configuring the password. So when you try to connect to the
network you get a message saying, "The settings saved on this computer for
the network do not match the requirements of the network."

 

So I turned the policy back off and ran gpupdate /force on the machines in
the lab, and they all started working again in the sense that the policy was
no longer applied and I could manually connect to the wireless network and
enter the password.

 

Except for one machine. That machine still won't connect. Still says the
saved settings for the wireless network are wrong. It says it's getting its
group policy updates fine, yet this policy just won't go away.

 

We've even gone so far as to unjoin the machine from the domain. Still, no
luck.

 

I can run regedit and look under the wlansvc -> GroupPolicy section and
delete the key that has the SSID of the network (and, I'm assuming, is
storing the wrong password info), but when I restart the WLAN AutoConfig
service the key comes right back again.

 

How the heck do I get rid of this policy once and for all?

 

 

 

John Hornbuckle

MIS Department

Taylor County School District

www.taylor.k12.fl.us

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 
 
NOTICE: Florida has a broad public record

RE: Group Policy Won't Go Away

[Level 5 Lists]

Did you try looking here on the local machine:

 

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft

 

There should be GUID's matching the group policy items you want to remove. 

 

From: Don Guyer [mailto:don.gu...@prufoxroach.com] 
Sent: Wednesday, November 03, 2010 1:57 PM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

Can't you view the settings the GPO changes, then work on figuring out where
in the registry they are stored and remove them?

 

Maybe I'm not thinking into this deep enough.

 

J

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, November 03, 2010 1:55 PM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

We can always reimage the machine if it comes down to it. But that shouldn't
be necessary-I know there has to be a way to fix it. I'm just not
knowledgeable enough about the intricacies of group policy to do it.

 

 

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Wednesday, November 03, 2010 1:38 PM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

Tried a system restore back to before the policy was ever applied?

 

Carl

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, November 03, 2010 10:57 AM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

It's stuck somewhere, but I don't know where. I'm not sure where to look.

 

When the WLAN AutoConfig service starts, it clearly looks somewhere to see
if group policies should be applied. But where? I have no idea.

 

 

From: Don Guyer [mailto:don.gu...@prufoxroach.com] 
Sent: Wednesday, November 03, 2010 10:52 AM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

Wonder if it's stuck in the local registry somewhere.

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, November 03, 2010 10:49 AM
To: NT System Admin Issues
Subject: Group Policy Won't Go Away

 

I created a group policy to force some machines in a lab to connect to a
particular wireless network. Unfortunately, when creating the policy I made
a mistake configuring the password. So when you try to connect to the
network you get a message saying, "The settings saved on this computer for
the network do not match the requirements of the network."

 

So I turned the policy back off and ran gpupdate /force on the machines in
the lab, and they all started working again in the sense that the policy was
no longer applied and I could manually connect to the wireless network and
enter the password.

 

Except for one machine. That machine still won't connect. Still says the
saved settings for the wireless network are wrong. It says it's getting its
group policy updates fine, yet this policy just won't go away.

 

We've even gone so far as to unjoin the machine from the domain. Still, no
luck.

 

I can run regedit and look under the wlansvc -> GroupPolicy section and
delete the key that has the SSID of the network (and, I'm assuming, is
storing the wrong password info), but when I restart the WLAN AutoConfig
service the key comes right back again.

 

How the heck do I get rid of this policy once and for all?

 

 

 

John Hornbuckle

MIS Department

Taylor County School District

www.taylor.k12.fl.us

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 
 
NOTICE: Florida has a broad public records law. Most written communications
to or from this entity are public records that will be disclosed to the
public and the media upon request. E-mail communications may be subject to
public disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send

RE: Group Policy Won't Go Away

[Don Guyer]

Can't you view the settings the GPO changes, then work on figuring out
where in the registry they are stored and remove them?

 

Maybe I'm not thinking into this deep enough...

 

J

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com <mailto:don.gu...@prufoxroach.com> 

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, November 03, 2010 1:55 PM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

We can always reimage the machine if it comes down to it. But that
shouldn't be necessary-I know there has to be a way to fix it. I'm just
not knowledgeable enough about the intricacies of group policy to do it.

 

 

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Wednesday, November 03, 2010 1:38 PM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

Tried a system restore back to before the policy was ever applied?

 

Carl

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, November 03, 2010 10:57 AM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

It's stuck somewhere, but I don't know where. I'm not sure where to
look.

 

When the WLAN AutoConfig service starts, it clearly looks somewhere to
see if group policies should be applied. But where? I have no idea.

 

 

From: Don Guyer [mailto:don.gu...@prufoxroach.com] 
Sent: Wednesday, November 03, 2010 10:52 AM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

Wonder if it's stuck in the local registry somewhere.

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, November 03, 2010 10:49 AM
To: NT System Admin Issues
Subject: Group Policy Won't Go Away

 

I created a group policy to force some machines in a lab to connect to a
particular wireless network. Unfortunately, when creating the policy I
made a mistake configuring the password. So when you try to connect to
the network you get a message saying, "The settings saved on this
computer for the network do not match the requirements of the network."

 

So I turned the policy back off and ran gpupdate /force on the machines
in the lab, and they all started working again in the sense that the
policy was no longer applied and I could manually connect to the
wireless network and enter the password.

 

Except for one machine. That machine still won't connect. Still says the
saved settings for the wireless network are wrong. It says it's getting
its group policy updates fine, yet this policy just won't go away.

 

We've even gone so far as to unjoin the machine from the domain. Still,
no luck.

 

I can run regedit and look under the wlansvc -> GroupPolicy section and
delete the key that has the SSID of the network (and, I'm assuming, is
storing the wrong password info), but when I restart the WLAN AutoConfig
service the key comes right back again.

 

How the heck do I get rid of this policy once and for all?

 

 

 

John Hornbuckle

MIS Department

Taylor County School District

www.taylor.k12.fl.us

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 
 
NOTICE: Florida has a broad public records law. Most written
communications to or from this entity are public records that will be
disclosed to the public and the media upon request. E-mail
communications may be subject to public disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Won't Go Away

[John Hornbuckle]

We can always reimage the machine if it comes down to it. But that shouldn't be 
necessary-I know there has to be a way to fix it. I'm just not knowledgeable 
enough about the intricacies of group policy to do it.



From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Wednesday, November 03, 2010 1:38 PM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

Tried a system restore back to before the policy was ever applied?

Carl

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, November 03, 2010 10:57 AM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

It's stuck somewhere, but I don't know where. I'm not sure where to look.

When the WLAN AutoConfig service starts, it clearly looks somewhere to see if 
group policies should be applied. But where? I have no idea.


From: Don Guyer [mailto:don.gu...@prufoxroach.com]
Sent: Wednesday, November 03, 2010 10:52 AM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

Wonder if it's stuck in the local registry somewhere.

Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com<mailto:don.gu...@prufoxroach.com>

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, November 03, 2010 10:49 AM
To: NT System Admin Issues
Subject: Group Policy Won't Go Away

I created a group policy to force some machines in a lab to connect to a 
particular wireless network. Unfortunately, when creating the policy I made a 
mistake configuring the password. So when you try to connect to the network you 
get a message saying, "The settings saved on this computer for the network do 
not match the requirements of the network."

So I turned the policy back off and ran gpupdate /force on the machines in the 
lab, and they all started working again in the sense that the policy was no 
longer applied and I could manually connect to the wireless network and enter 
the password.

Except for one machine. That machine still won't connect. Still says the saved 
settings for the wireless network are wrong. It says it's getting its group 
policy updates fine, yet this policy just won't go away.

We've even gone so far as to unjoin the machine from the domain. Still, no luck.

I can run regedit and look under the wlansvc -> GroupPolicy section and delete 
the key that has the SSID of the network (and, I'm assuming, is storing the 
wrong password info), but when I restart the WLAN AutoConfig service the key 
comes right back again.

How the heck do I get rid of this policy once and for all?



John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Won't Go Away

[Carl Houseman]

Tried a system restore back to before the policy was ever applied?

 

Carl

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, November 03, 2010 10:57 AM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

It's stuck somewhere, but I don't know where. I'm not sure where to look.

 

When the WLAN AutoConfig service starts, it clearly looks somewhere to see
if group policies should be applied. But where? I have no idea.

 

 

From: Don Guyer [mailto:don.gu...@prufoxroach.com] 
Sent: Wednesday, November 03, 2010 10:52 AM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

 

Wonder if it's stuck in the local registry somewhere.

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, November 03, 2010 10:49 AM
To: NT System Admin Issues
Subject: Group Policy Won't Go Away

 

I created a group policy to force some machines in a lab to connect to a
particular wireless network. Unfortunately, when creating the policy I made
a mistake configuring the password. So when you try to connect to the
network you get a message saying, "The settings saved on this computer for
the network do not match the requirements of the network."

 

So I turned the policy back off and ran gpupdate /force on the machines in
the lab, and they all started working again in the sense that the policy was
no longer applied and I could manually connect to the wireless network and
enter the password.

 

Except for one machine. That machine still won't connect. Still says the
saved settings for the wireless network are wrong. It says it's getting its
group policy updates fine, yet this policy just won't go away.

 

We've even gone so far as to unjoin the machine from the domain. Still, no
luck.

 

I can run regedit and look under the wlansvc -> GroupPolicy section and
delete the key that has the SSID of the network (and, I'm assuming, is
storing the wrong password info), but when I restart the WLAN AutoConfig
service the key comes right back again.

 

How the heck do I get rid of this policy once and for all?

 

 

 

John Hornbuckle

MIS Department

Taylor County School District

www.taylor.k12.fl.us


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Group Policy Won't Go Away

[Jonathan Link]

Possible to reattach to the domain, refresh the policy and then detach?

On Wed, Nov 3, 2010 at 11:23 AM, John Hornbuckle <
john.hornbuc...@taylor.k12.fl.us> wrote:

>  The Vista instructions seemed to work, in the sense that the command ran
> with no errors.
>
>
>
> However, the sticky policy is still there.
>
>
>
> I’m about to go insane. Where the heck is this coming from?!
>
>
>
>
>
>
>
> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
> *Sent:* Wednesday, November 03, 2010 11:10 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Group Policy Won't Go Away
>
>
>
> OK then...that's an important piece of info...
>
> http://support.microsoft.com/kb/313222/en-us
>
> Applies to XP and Vista, perhaps to Win7, but I didn't check/test.
>
> On Wed, Nov 3, 2010 at 11:06 AM, John Hornbuckle <
> john.hornbuc...@taylor.k12.fl.us> wrote:
>
> The machine isn’t even joined to the domain anymore, though.
>
>
>
>
>
>
>
>
>
> *From:* Christopher Bodnar [mailto:christopher_bod...@glic.com]
> *Sent:* Wednesday, November 03, 2010 11:00 AM
>
>
> *To:* NT System Admin Issues
> *Subject:* Re: Group Policy Won't Go Away
>
>
>
> From the GPMC run the Group Policy Results Wizard against this particular
> machine, and see if it shows that setting as being applied. If so, it will
> show you where it's getting it.
>
>
>
>
>
> Chris Bodnar, MCSE
> Systems Engineer
> Distributed Systems Service Delivery - Intel Services
> Guardian Life Insurance Company of America
> Email: christopher_bod...@glic.com
> Phone: 610-807-6459
> Fax: 610-807-6003
>
>
>
> From:Jonathan Link 
> To:"NT System Admin Issues"  >
>
> Date:11/03/2010 10:57 AM
>
> Subject:Re: Group Policy Won't Go Away
>   --
>
>
>
>
> That would be my guess as well.
> Try deleting the wlan manually and observe the behavior...
> On Wed, Nov 3, 2010 at 10:51 AM, Don Guyer 
> wrote:
> Wonder if it’s stuck in the local registry somewhere.
>
>
>
> Don Guyer
>
> Systems Engineer - Information Services
>
> Prudential, Fox & Roach/Trident Group
>
> 431 W. Lancaster Avenue
>
> Devon, PA 19333
>
> Direct: (610) 993-3299
>
> Fax: (610) 650-5306
>
> don.gu...@prufoxroach.com
>
>
>
> *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] *
> Sent:* Wednesday, November 03, 2010 10:49 AM*
> To:* NT System Admin Issues*
> Subject:* Group Policy Won't Go Away
>
>
>
> I created a group policy to force some machines in a lab to connect to a
> particular wireless network. Unfortunately, when creating the policy I made
> a mistake configuring the password. So when you try to connect to the
> network you get a message saying, “The settings saved on this computer for
> the network do not match the requirements of the network.”
>
>
>
> So I turned the policy back off and ran gpupdate /force on the machines in
> the lab, and they all started working again in the sense that the policy was
> no longer applied and I could manually connect to the wireless network and
> enter the password.
>
>
>
> Except for one machine. That machine still won’t connect. Still says the
> saved settings for the wireless network are wrong. It says it’s getting its
> group policy updates fine, yet this policy just won’t go away.
>
>
>
> We’ve even gone so far as to unjoin the machine from the domain. Still, no
> luck.
>
>
>
> I can run regedit and look under the wlansvc -> GroupPolicy section and
> delete the key that has the SSID of the network (and, I’m assuming, is
> storing the wrong password info), but when I restart the WLAN AutoConfig
> service the key comes right back again.
>
>
>
> How the heck do I get rid of this policy once and for all?
>
>
>
>
>
>
>
> John Hornbuckle
>
> MIS Department
>
> Taylor County School District
>
> www.taylor.k12.fl.us
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
> NOTICE: Florida has a broad public records law. Most written communications
> to or from this entity are public records that will be disclosed to the
> public and the media upon request. E-mail communications may be subject to

RE: Group Policy Won't Go Away

[John Hornbuckle]

The Vista instructions seemed to work, in the sense that the command ran with 
no errors.

However, the sticky policy is still there.

I'm about to go insane. Where the heck is this coming from?!



From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: Wednesday, November 03, 2010 11:10 AM
To: NT System Admin Issues
Subject: Re: Group Policy Won't Go Away

OK then...that's an important piece of info...
http://support.microsoft.com/kb/313222/en-us
Applies to XP and Vista, perhaps to Win7, but I didn't check/test.
On Wed, Nov 3, 2010 at 11:06 AM, John Hornbuckle 
mailto:john.hornbuc...@taylor.k12.fl.us>> 
wrote:
The machine isn't even joined to the domain anymore, though.




From: Christopher Bodnar 
[mailto:christopher_bod...@glic.com<mailto:christopher_bod...@glic.com>]
Sent: Wednesday, November 03, 2010 11:00 AM

To: NT System Admin Issues
Subject: Re: Group Policy Won't Go Away

>From the GPMC run the Group Policy Results Wizard against this particular 
>machine, and see if it shows that setting as being applied. If so, it will 
>show you where it's getting it.




Chris Bodnar, MCSE
Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com<mailto:christopher_bod...@glic.com>
Phone: 610-807-6459
Fax: 610-807-6003



From:Jonathan Link 
mailto:jonathan.l...@gmail.com>>
To:"NT System Admin Issues" 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Date:11/03/2010 10:57 AM
Subject:Re: Group Policy Won't Go Away




That would be my guess as well.
Try deleting the wlan manually and observe the behavior...
On Wed, Nov 3, 2010 at 10:51 AM, Don Guyer 
mailto:don.gu...@prufoxroach.com>> wrote:
Wonder if it's stuck in the local registry somewhere.



Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com<mailto:don.gu...@prufoxroach.com>



From: John Hornbuckle 
[mailto:john.hornbuc...@taylor.k12.fl.us<mailto:john.hornbuc...@taylor.k12.fl.us>]
Sent: Wednesday, November 03, 2010 10:49 AM
To: NT System Admin Issues
Subject: Group Policy Won't Go Away



I created a group policy to force some machines in a lab to connect to a 
particular wireless network. Unfortunately, when creating the policy I made a 
mistake configuring the password. So when you try to connect to the network you 
get a message saying, "The settings saved on this computer for the network do 
not match the requirements of the network."



So I turned the policy back off and ran gpupdate /force on the machines in the 
lab, and they all started working again in the sense that the policy was no 
longer applied and I could manually connect to the wireless network and enter 
the password.



Except for one machine. That machine still won't connect. Still says the saved 
settings for the wireless network are wrong. It says it's getting its group 
policy updates fine, yet this policy just won't go away.



We've even gone so far as to unjoin the machine from the domain. Still, no luck.



I can run regedit and look under the wlansvc -> GroupPolicy section and delete 
the key that has the SSID of the network (and, I'm assuming, is storing the 
wrong password info), but when I restart the WLAN AutoConfig service the key 
comes right back again.



How the heck do I get rid of this policy once and for all?







John Hornbuckle

MIS Department

Taylor County School District

www.taylor.k12.fl.us<http://www.taylor.k12.fl.us/>





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manag

Re: Group Policy Won't Go Away

[Jonathan Link]

OK then...that's an important piece of info...
http://support.microsoft.com/kb/313222/en-us
Applies to XP and Vista, perhaps to Win7, but I didn't check/test.

On Wed, Nov 3, 2010 at 11:06 AM, John Hornbuckle <
john.hornbuc...@taylor.k12.fl.us> wrote:

>  The machine isn’t even joined to the domain anymore, though.
>
>
>
>
>
>
>
>
>
> *From:* Christopher Bodnar [mailto:christopher_bod...@glic.com]
> *Sent:* Wednesday, November 03, 2010 11:00 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Group Policy Won't Go Away
>
>
>
> From the GPMC run the Group Policy Results Wizard against this particular
> machine, and see if it shows that setting as being applied. If so, it will
> show you where it's getting it.
>
>
>
>
> Chris Bodnar, MCSE
> Systems Engineer
> Distributed Systems Service Delivery - Intel Services
> Guardian Life Insurance Company of America
> Email: christopher_bod...@glic.com
> Phone: 610-807-6459
> Fax: 610-807-6003
>
>
>
> From:Jonathan Link 
> To:"NT System Admin Issues"  >
> Date:11/03/2010 10:57 AM
>  Subject:Re: Group Policy Won't Go Away
>
>   --
>
>
>
>
> That would be my guess as well.
> Try deleting the wlan manually and observe the behavior...
> On Wed, Nov 3, 2010 at 10:51 AM, Don Guyer 
> wrote:
> Wonder if it’s stuck in the local registry somewhere.
>
>
>
> Don Guyer
>
> Systems Engineer - Information Services
>
> Prudential, Fox & Roach/Trident Group
>
> 431 W. Lancaster Avenue
>
> Devon, PA 19333
>
> Direct: (610) 993-3299
>
> Fax: (610) 650-5306
>
> don.gu...@prufoxroach.com
>
>
>
> *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] *
> Sent:* Wednesday, November 03, 2010 10:49 AM*
> To:* NT System Admin Issues*
> Subject:* Group Policy Won't Go Away
>
>
>
> I created a group policy to force some machines in a lab to connect to a
> particular wireless network. Unfortunately, when creating the policy I made
> a mistake configuring the password. So when you try to connect to the
> network you get a message saying, “The settings saved on this computer for
> the network do not match the requirements of the network.”
>
>
>
> So I turned the policy back off and ran gpupdate /force on the machines in
> the lab, and they all started working again in the sense that the policy was
> no longer applied and I could manually connect to the wireless network and
> enter the password.
>
>
>
> Except for one machine. That machine still won’t connect. Still says the
> saved settings for the wireless network are wrong. It says it’s getting its
> group policy updates fine, yet this policy just won’t go away.
>
>
>
> We’ve even gone so far as to unjoin the machine from the domain. Still, no
> luck.
>
>
>
> I can run regedit and look under the wlansvc -> GroupPolicy section and
> delete the key that has the SSID of the network (and, I’m assuming, is
> storing the wrong password info), but when I restart the WLAN AutoConfig
> service the key comes right back again.
>
>
>
> How the heck do I get rid of this policy once and for all?
>
>
>
>
>
>
>
> John Hornbuckle
>
> MIS Department
>
> Taylor County School District
>
> www.taylor.k12.fl.us
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
> NOTICE: Florida has a broad public records law. Most written communications
> to or from this entity are public records that will be disclosed to the
> public and the media upon request. E-mail communications may be subject to
> public disclosure.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> wit

Re: Group Policy Won't Go Away

[Jonathan Link]

Have you connected to the network with another nic (wired) and forced a
group policy update?  gpupdate /force /sync /boot (requires elevated command
prompt)

On Wed, Nov 3, 2010 at 11:05 AM, John Hornbuckle <
john.hornbuc...@taylor.k12.fl.us> wrote:

>  It won’t let you—if you try to delete or modify the wireless network, you
> get “the settings are managed by your system administrator.”
>
>
>
>
>
>
>
> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
> *Sent:* Wednesday, November 03, 2010 10:57 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Group Policy Won't Go Away
>
>
>
> That would be my guess as well.
>
> Try deleting the wlan manually and observe the behavior...
>
> On Wed, Nov 3, 2010 at 10:51 AM, Don Guyer 
> wrote:
>
> Wonder if it’s stuck in the local registry somewhere.
>
>
>
> Don Guyer
>
> Systems Engineer - Information Services
>
> Prudential, Fox & Roach/Trident Group
>
> 431 W. Lancaster Avenue
>
> Devon, PA 19333
>
> Direct: (610) 993-3299
>
> Fax: (610) 650-5306
>
> don.gu...@prufoxroach.com
>
>
>
> *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> *Sent:* Wednesday, November 03, 2010 10:49 AM
> *To:* NT System Admin Issues
> *Subject:* Group Policy Won't Go Away
>
>
>
> I created a group policy to force some machines in a lab to connect to a
> particular wireless network. Unfortunately, when creating the policy I made
> a mistake configuring the password. So when you try to connect to the
> network you get a message saying, “The settings saved on this computer for
> the network do not match the requirements of the network.”
>
>
>
> So I turned the policy back off and ran gpupdate /force on the machines in
> the lab, and they all started working again in the sense that the policy was
> no longer applied and I could manually connect to the wireless network and
> enter the password.
>
>
>
> Except for one machine. That machine still won’t connect. Still says the
> saved settings for the wireless network are wrong. It says it’s getting its
> group policy updates fine, yet this policy just won’t go away.
>
>
>
> We’ve even gone so far as to unjoin the machine from the domain. Still, no
> luck.
>
>
>
> I can run regedit and look under the wlansvc -> GroupPolicy section and
> delete the key that has the SSID of the network (and, I’m assuming, is
> storing the wrong password info), but when I restart the WLAN AutoConfig
> service the key comes right back again.
>
>
>
> How the heck do I get rid of this policy once and for all?
>
>
>
>
>
>
>
> John Hornbuckle
>
> MIS Department
>
> Taylor County School District
>
> www.taylor.k12.fl.us
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
>
>
> NOTICE: Florida has a broad public records law. Most written communications 
> to or from this entity are public records that will be disclosed to the 
> public and the media upon request. E-mail communications may be subject to 
> public disclosure.
>
>  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> NOTICE: Florida has a broad public records law. Most written communications 
> to or from this entity are public records that will be disclosed to the 
> public and the media upon request. E-mail communications may be subject to 
> public disclosure.
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Won't Go Away

[John Hornbuckle]

The machine isn’t even joined to the domain anymore, though.




From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
Sent: Wednesday, November 03, 2010 11:00 AM
To: NT System Admin Issues
Subject: Re: Group Policy Won't Go Away

From the GPMC run the Group Policy Results Wizard against this particular 
machine, and see if it shows that setting as being applied. If so, it will show 
you where it's getting it.




Chris Bodnar, MCSE
Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com<mailto:christopher_bod...@glic.com>
Phone: 610-807-6459
Fax: 610-807-6003



From:Jonathan Link 
mailto:jonathan.l...@gmail.com>>
To:"NT System Admin Issues" 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Date:    11/03/2010 10:57 AM
Subject:Re: Group Policy Won't Go Away




That would be my guess as well.
Try deleting the wlan manually and observe the behavior...
On Wed, Nov 3, 2010 at 10:51 AM, Don Guyer 
mailto:don.gu...@prufoxroach.com>> wrote:
Wonder if it’s stuck in the local registry somewhere.



Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com<mailto:don.gu...@prufoxroach.com>



From: John Hornbuckle 
[mailto:john.hornbuc...@taylor.k12.fl.us<mailto:john.hornbuc...@taylor.k12.fl.us>]
Sent: Wednesday, November 03, 2010 10:49 AM
To: NT System Admin Issues
Subject: Group Policy Won't Go Away



I created a group policy to force some machines in a lab to connect to a 
particular wireless network. Unfortunately, when creating the policy I made a 
mistake configuring the password. So when you try to connect to the network you 
get a message saying, “The settings saved on this computer for the network do 
not match the requirements of the network.”



So I turned the policy back off and ran gpupdate /force on the machines in the 
lab, and they all started working again in the sense that the policy was no 
longer applied and I could manually connect to the wireless network and enter 
the password.



Except for one machine. That machine still won’t connect. Still says the saved 
settings for the wireless network are wrong. It says it’s getting its group 
policy updates fine, yet this policy just won’t go away.



We’ve even gone so far as to unjoin the machine from the domain. Still, no luck.



I can run regedit and look under the wlansvc -> GroupPolicy section and delete 
the key that has the SSID of the network (and, I’m assuming, is storing the 
wrong password info), but when I restart the WLAN AutoConfig service the key 
comes right back again.



How the heck do I get rid of this policy once and for all?







John Hornbuckle

MIS Department

Taylor County School District

www.taylor.k12.fl.us<http://www.taylor.k12.fl.us/>





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

- This message, and any attachments to 
it, may contain information that is privileged, confidential, and exempt from 
disclosure under applicable law. If the reader of this message is not the 
intended recipient, you are notified that any use, dissemination, distribution, 
copying, or communication of this message is strictly prohibited. If you have 
received this message in error, please notify the sender immediately by return 
e-mail and delete the message and any attachment

RE: Group Policy Won't Go Away

[John Hornbuckle]

It won't let you-if you try to delete or modify the wireless network, you get 
"the settings are managed by your system administrator."



From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: Wednesday, November 03, 2010 10:57 AM
To: NT System Admin Issues
Subject: Re: Group Policy Won't Go Away

That would be my guess as well.
Try deleting the wlan manually and observe the behavior...
On Wed, Nov 3, 2010 at 10:51 AM, Don Guyer 
mailto:don.gu...@prufoxroach.com>> wrote:
Wonder if it's stuck in the local registry somewhere.

Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com<mailto:don.gu...@prufoxroach.com>

From: John Hornbuckle 
[mailto:john.hornbuc...@taylor.k12.fl.us<mailto:john.hornbuc...@taylor.k12.fl.us>]
Sent: Wednesday, November 03, 2010 10:49 AM
To: NT System Admin Issues
Subject: Group Policy Won't Go Away

I created a group policy to force some machines in a lab to connect to a 
particular wireless network. Unfortunately, when creating the policy I made a 
mistake configuring the password. So when you try to connect to the network you 
get a message saying, "The settings saved on this computer for the network do 
not match the requirements of the network."

So I turned the policy back off and ran gpupdate /force on the machines in the 
lab, and they all started working again in the sense that the policy was no 
longer applied and I could manually connect to the wireless network and enter 
the password.

Except for one machine. That machine still won't connect. Still says the saved 
settings for the wireless network are wrong. It says it's getting its group 
policy updates fine, yet this policy just won't go away.

We've even gone so far as to unjoin the machine from the domain. Still, no luck.

I can run regedit and look under the wlansvc -> GroupPolicy section and delete 
the key that has the SSID of the network (and, I'm assuming, is storing the 
wrong password info), but when I restart the WLAN AutoConfig service the key 
comes right back again.

How the heck do I get rid of this policy once and for all?



John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us<http://www.taylor.k12.fl.us/>



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin





NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Group Policy Won't Go Away

[Christopher Bodnar]

From the GPMC run the Group Policy Results Wizard against this particular 
machine, and see if it shows that setting as being applied. If so, it will 
show you where it's getting it.




Chris Bodnar, MCSE
Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003



From:   Jonathan Link 
To: "NT System Admin Issues" 
Date:   11/03/2010 10:57 AM
Subject:    Re: Group Policy Won't Go Away



That would be my guess as well.
Try deleting the wlan manually and observe the behavior...
On Wed, Nov 3, 2010 at 10:51 AM, Don Guyer  
wrote:
Wonder if it’s stuck in the local registry somewhere.
 
Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com
 
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, November 03, 2010 10:49 AM
To: NT System Admin Issues
Subject: Group Policy Won't Go Away
 
I created a group policy to force some machines in a lab to connect to a 
particular wireless network. Unfortunately, when creating the policy I 
made a mistake configuring the password. So when you try to connect to the 
network you get a message saying, “The settings saved on this computer for 
the network do not match the requirements of the network.”
 
So I turned the policy back off and ran gpupdate /force on the machines in 
the lab, and they all started working again in the sense that the policy 
was no longer applied and I could manually connect to the wireless network 
and enter the password.
 
Except for one machine. That machine still won’t connect. Still says the 
saved settings for the wireless network are wrong. It says it’s getting 
its group policy updates fine, yet this policy just won’t go away.
 
We’ve even gone so far as to unjoin the machine from the domain. Still, no 
luck.
 
I can run regedit and look under the wlansvc -> GroupPolicy section and 
delete the key that has the SSID of the network (and, I’m assuming, is 
storing the wrong password info), but when I restart the WLAN AutoConfig 
service the key comes right back again.
 
How the heck do I get rid of this policy once and for all?
 
 
 
John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us
 
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
 
 
NOTICE: Florida has a broad public records law. Most written 
communications to or from this entity are public records that will be 
disclosed to the public and the media upon request. E-mail communications 
may be subject to public disclosure.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Group Policy Won't Go Away

[Jonathan Link]

That would be my guess as well.
Try deleting the wlan manually and observe the behavior...
On Wed, Nov 3, 2010 at 10:51 AM, Don Guyer wrote:

>  Wonder if it’s stuck in the local registry somewhere.
>
>
>
> Don Guyer
>
> Systems Engineer - Information Services
>
> Prudential, Fox & Roach/Trident Group
>
> 431 W. Lancaster Avenue
>
> Devon, PA 19333
>
> Direct: (610) 993-3299
>
> Fax: (610) 650-5306
>
> don.gu...@prufoxroach.com
>
>
>
> *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> *Sent:* Wednesday, November 03, 2010 10:49 AM
> *To:* NT System Admin Issues
> *Subject:* Group Policy Won't Go Away
>
>
>
> I created a group policy to force some machines in a lab to connect to a
> particular wireless network. Unfortunately, when creating the policy I made
> a mistake configuring the password. So when you try to connect to the
> network you get a message saying, “The settings saved on this computer for
> the network do not match the requirements of the network.”
>
>
>
> So I turned the policy back off and ran gpupdate /force on the machines in
> the lab, and they all started working again in the sense that the policy was
> no longer applied and I could manually connect to the wireless network and
> enter the password.
>
>
>
> Except for one machine. That machine still won’t connect. Still says the
> saved settings for the wireless network are wrong. It says it’s getting its
> group policy updates fine, yet this policy just won’t go away.
>
>
>
> We’ve even gone so far as to unjoin the machine from the domain. Still, no
> luck.
>
>
>
> I can run regedit and look under the wlansvc -> GroupPolicy section and
> delete the key that has the SSID of the network (and, I’m assuming, is
> storing the wrong password info), but when I restart the WLAN AutoConfig
> service the key comes right back again.
>
>
>
> How the heck do I get rid of this policy once and for all?
>
>
>
>
>
>
>
> John Hornbuckle
>
> MIS Department
>
> Taylor County School District
>
> www.taylor.k12.fl.us
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
>
>
> NOTICE: Florida has a broad public records law. Most written communications 
> to or from this entity are public records that will be disclosed to the 
> public and the media upon request. E-mail communications may be subject to 
> public disclosure.
>
>   ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Won't Go Away

[John Hornbuckle]

It's stuck somewhere, but I don't know where. I'm not sure where to look.

When the WLAN AutoConfig service starts, it clearly looks somewhere to see if 
group policies should be applied. But where? I have no idea.


From: Don Guyer [mailto:don.gu...@prufoxroach.com]
Sent: Wednesday, November 03, 2010 10:52 AM
To: NT System Admin Issues
Subject: RE: Group Policy Won't Go Away

Wonder if it's stuck in the local registry somewhere.

Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com<mailto:don.gu...@prufoxroach.com>

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, November 03, 2010 10:49 AM
To: NT System Admin Issues
Subject: Group Policy Won't Go Away

I created a group policy to force some machines in a lab to connect to a 
particular wireless network. Unfortunately, when creating the policy I made a 
mistake configuring the password. So when you try to connect to the network you 
get a message saying, "The settings saved on this computer for the network do 
not match the requirements of the network."

So I turned the policy back off and ran gpupdate /force on the machines in the 
lab, and they all started working again in the sense that the policy was no 
longer applied and I could manually connect to the wireless network and enter 
the password.

Except for one machine. That machine still won't connect. Still says the saved 
settings for the wireless network are wrong. It says it's getting its group 
policy updates fine, yet this policy just won't go away.

We've even gone so far as to unjoin the machine from the domain. Still, no luck.

I can run regedit and look under the wlansvc -> GroupPolicy section and delete 
the key that has the SSID of the network (and, I'm assuming, is storing the 
wrong password info), but when I restart the WLAN AutoConfig service the key 
comes right back again.

How the heck do I get rid of this policy once and for all?



John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin





NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Won't Go Away

[Don Guyer]

Wonder if it's stuck in the local registry somewhere.

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com  

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, November 03, 2010 10:49 AM
To: NT System Admin Issues
Subject: Group Policy Won't Go Away

 

I created a group policy to force some machines in a lab to connect to a
particular wireless network. Unfortunately, when creating the policy I
made a mistake configuring the password. So when you try to connect to
the network you get a message saying, "The settings saved on this
computer for the network do not match the requirements of the network."

 

So I turned the policy back off and ran gpupdate /force on the machines
in the lab, and they all started working again in the sense that the
policy was no longer applied and I could manually connect to the
wireless network and enter the password.

 

Except for one machine. That machine still won't connect. Still says the
saved settings for the wireless network are wrong. It says it's getting
its group policy updates fine, yet this policy just won't go away.

 

We've even gone so far as to unjoin the machine from the domain. Still,
no luck.

 

I can run regedit and look under the wlansvc -> GroupPolicy section and
delete the key that has the SSID of the network (and, I'm assuming, is
storing the wrong password info), but when I restart the WLAN AutoConfig
service the key comes right back again.

 

How the heck do I get rid of this policy once and for all?

 

 

 

John Hornbuckle

MIS Department

Taylor County School District

www.taylor.k12.fl.us

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 
 
NOTICE: Florida has a broad public records law. Most written
communications to or from this entity are public records that will be
disclosed to the public and the media upon request. E-mail
communications may be subject to public disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Pref's Issue

[Joseph L. Casale]

Wow. turned out to be the Map Printer GPP for Vista only, worked for 7 and XP, 
but hung the Vista clients!
PSS is trying to get to the bottom of it...
Man I hate Vista;)

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Wednesday, October 20, 2010 5:17 PM
To: NT System Admin Issues
Subject: Re: Group Policy Pref's Issue


What does gpresults  say?

-ASB: http://XeeSM.com/AndrewBaker

Sent from my Motorola Droid
On Oct 20, 2010 6:19 PM, "Joseph L. Casale" 
mailto:jcas...@activenetwerx.com>> wrote:
> So it looks like I may have tracked down one of a million issues here:
>
> On all the Vista machines, it seems if I create a new user with a roaming 
> profile or anything else he can log in no problem as long as he is not in the 
> OU I need him to be, the one with my GPP gpo.
>
> It does the following:
>
> 1. Redirects desktop/docs etc.
>
> 2. Maps drives based on sec groups.
>
> 3. Copies files based on sec groups.
>
> 4. Makes folders for home/private folders.
>
> 5. makes shortcuts based on sec groups.
>
> 6. maps printers.
>
> Works like a treat on Win7 and WinXP w/ gpp hotfix. Fsck'in Vista...
>
> So, what's the opinion on people using GPP's about this? Looked pretty simple 
> to me?
> Thanks!
> jlc
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to 
> listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Pref's Issue

[Joseph L. Casale]

Says it was applied perfectly, no errors logged either?
I have a PSS case opened, I'll post back...
jlc

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Wednesday, October 20, 2010 5:17 PM
To: NT System Admin Issues
Subject: Re: Group Policy Pref's Issue


What does gpresults  say?

-ASB: http://XeeSM.com/AndrewBaker

Sent from my Motorola Droid
On Oct 20, 2010 6:19 PM, "Joseph L. Casale" 
mailto:jcas...@activenetwerx.com>> wrote:
> So it looks like I may have tracked down one of a million issues here:
>
> On all the Vista machines, it seems if I create a new user with a roaming 
> profile or anything else he can log in no problem as long as he is not in the 
> OU I need him to be, the one with my GPP gpo.
>
> It does the following:
>
> 1. Redirects desktop/docs etc.
>
> 2. Maps drives based on sec groups.
>
> 3. Copies files based on sec groups.
>
> 4. Makes folders for home/private folders.
>
> 5. makes shortcuts based on sec groups.
>
> 6. maps printers.
>
> Works like a treat on Win7 and WinXP w/ gpp hotfix. Fsck'in Vista...
>
> So, what's the opinion on people using GPP's about this? Looked pretty simple 
> to me?
> Thanks!
> jlc
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to 
> listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Group Policy Pref's Issue

[Andrew S. Baker]

What does gpresults  say?

-ASB: http://XeeSM.com/AndrewBaker

Sent from my Motorola Droid
 On Oct 20, 2010 6:19 PM, "Joseph L. Casale" 
wrote:
> So it looks like I may have tracked down one of a million issues here:
>
> On all the Vista machines, it seems if I create a new user with a roaming
profile or anything else he can log in no problem as long as he is not in
the OU I need him to be, the one with my GPP gpo.
>
> It does the following:
>
> 1. Redirects desktop/docs etc.
>
> 2. Maps drives based on sec groups.
>
> 3. Copies files based on sec groups.
>
> 4. Makes folders for home/private folders.
>
> 5. makes shortcuts based on sec groups.
>
> 6. maps printers.
>
> Works like a treat on Win7 and WinXP w/ gpp hotfix. Fsck'in Vista...
>
> So, what's the opinion on people using GPP's about this? Looked pretty
simple to me?
> Thanks!
> jlc
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~  ~
>
> ---
> To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Group Policy setup for WSUS?

[Andrew S. Baker]

That happens.  :)

On the WSUS side, what updates, if any, are set to auto approve?


*ASB *(My XeeSM Profile) 
*Exploiting Technology for Business Advantage...*
* *



On Fri, Oct 15, 2010 at 4:45 PM, Kurt Buff  wrote:

> Because I'm a complete idio^H^H^H^newb at GPO stuff, and didn't know?
> I even googled, and didn't find that, but it's completely obvious once
> you said it.
>
> Sigh.
>
> Setting State
> Do not display 'Install Updates and Shut Down' option in Shut Down
> Windows dialog box  Enabled
> Do not adjust default option to 'Install Updates and Shut Down' in
> Shut Down Windows dialog boxDisabled
> Configure Automatic Updates Enabled
> Specify intranet Microsoft update service location  Enabled
> Enable client-side targetingNot configured
> Reschedule Automatic Updates scheduled installationsNot configured
> No auto-restart with logged on users for scheduled automatic updates
> installations   Enabled
> Automatic Updates detection frequency   Enabled
> Allow Automatic Updates immediate installation  Enabled
> Delay Restart for scheduled installations   Enabled
> Re-prompt for restart with scheduled installations  Enabled
> Allow non-administrators to receive update notificationsNot
> configured
> Enable recommended updates via Automatic UpdatesNot configured
> Enabling Windows Update Power Management to automatically wake up the
> system to install scheduled updates Enabled
> Allow signed content from intranet Microsoft update service location
>  Enabled
>
>
> On Fri, Oct 15, 2010 at 13:18, Andrew S. Baker  wrote:
> > Why can't you export the GPO settings from the GPMC?
> >
> > ASB (My XeeSM Profile)
> > Exploiting Technology for Business Advantage...
> >
> >
> >
> > On Fri, Oct 15, 2010 at 3:54 PM, Kurt Buff  wrote:
> >>
> >> All,
> >>
> >> Early last week, I set up a GPO to setup WSUS entries for
> >> workstations. I've probably fubar'ed something, but I can't figure it
> >> out.
> >>
> >> The issue today is that I've got some random updates (starting last
> >> night and continuing on through today) installing and rebooting
> >> machines - I haven't yet figured out how many machines.
> >>
> >> When I look into the WSUS administrative interface, I see that some of
> >> the updates were approved on Monday evening with a deadline of 4am
> >> Tuesday, and some of the updates were not approved at all, yet
> >> installed anyway starting last night. In particular we don't use WSUS
> >> to distribute the Junk email filters.
> >>
> >> By looking at c:\Windows\WindowsUpdate.log, I see that all of the
> >> updates are being downloaded from the WSUS server, however.
> >>
> >> The 4 updates that seem to be in common so far are:
> >>
> >> - Update for Root Certificates [August 2010] (KB931125)
> >> - Update for Internet Explorer 8 Compatibility View List for
> >> Windows XP (KB2362765)
> >> - Update for Microsoft Office Outlook 2003 Junk Email Filter
> >> (KB2291595)
> >> - Security Update for Microsoft Office Outlook 2003 (KB2293428)
> >>
> >> The above are what installed on my machine, but others have gotten
> >> them, plus others.
> >>
> >> I tried to find a way to export the GPO settings directly, but had to
> >> resort to going into my workstation's registry and exporting the
> >> HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate subtree.
> >>
> >> The Group Policy settings that have been applied to the workstations
> >> are below - can anyone see what I might have done wrong?
> >>
> >> Thanks,
> >>
> >> Kurt
> >>
> >> Key Name:
> >> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
> >> Class Name:
> >> Last Write Time:   2010-10-09 - 17:55
> >> Value 0
> >>  Name:WUServer
> >>  Type:REG_SZ
> >>  Data:http://wsus
> >>
> >> Value 1
> >>  Name:WUStatusServer
> >>  Type:REG_SZ
> >>  Data:http://wsus
> >>
> >> Value 2
> >>  Name:AcceptTrustedPublisherCerts
> >>  Type:REG_DWORD
> >>  Data:0x1
> >>
> >>
> >> Key Name:
> >> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
> >> Class Name:
> >> Last Write Time:   2010-10-09 - 17:55
> >> Value 0
> >>  Name:NoAutoRebootWithLoggedOnUsers
> >>  Type:REG_DWORD
> >>  Data:0x1
> >>
> >> Value 1
> >>  Name:RescheduleWaitTime
> >>  Type:REG_DWORD
> >>  Data:0x1
> >>
> >> Value 2
> >>  Name:UseWUServer
> >>  Type:REG_DWORD
> >>  Data:0x1
> >>
> >> Value 3
> >>  Name:DetectionFrequencyEnabled
> >>  Type:REG_DWORD
> >>  Data:0x1
> >>
> >> Value 4
> >>  Name:DetectionFrequency
> >>  Type:REG_DWORD
> >>  Data:0x8
> >>
> >> Value 5
> >>  Name:AutoInstallMinorUpdates
> >>  Type:REG_DWORD
> >>  Data:   

Re: Group Policy setup for WSUS?

[Jeff Steward]

Here are the relevant sections from the policy that I use:

Policy Setting
Allow Automatic Updates immediate installation Enabled
Automatic Updates detection frequency Enabled
Check for updates at the following
interval (hours):  4

Policy Setting
Configure Automatic Updates Enabled
Configure automatic updating: 4 - Auto download and schedule the install
The following settings are only required
and applicable if 4 is selected.
Scheduled install day:  0 - Every day
Scheduled install time: 02:00

Not sure why unapproved updates would fire though.

-Jeff Steward


On Fri, Oct 15, 2010 at 4:45 PM, Kurt Buff  wrote:

> Because I'm a complete idio^H^H^H^newb at GPO stuff, and didn't know?
> I even googled, and didn't find that, but it's completely obvious once
> you said it.
>
> Sigh.
>
> Setting State
> Do not display 'Install Updates and Shut Down' option in Shut Down
> Windows dialog box  Enabled
> Do not adjust default option to 'Install Updates and Shut Down' in
> Shut Down Windows dialog boxDisabled
> Configure Automatic Updates Enabled
> Specify intranet Microsoft update service location  Enabled
> Enable client-side targetingNot configured
> Reschedule Automatic Updates scheduled installationsNot configured
> No auto-restart with logged on users for scheduled automatic updates
> installations   Enabled
> Automatic Updates detection frequency   Enabled
> Allow Automatic Updates immediate installation  Enabled
> Delay Restart for scheduled installations   Enabled
> Re-prompt for restart with scheduled installations  Enabled
> Allow non-administrators to receive update notificationsNot
> configured
> Enable recommended updates via Automatic UpdatesNot configured
> Enabling Windows Update Power Management to automatically wake up the
> system to install scheduled updates Enabled
> Allow signed content from intranet Microsoft update service location
>  Enabled
>
>
> On Fri, Oct 15, 2010 at 13:18, Andrew S. Baker  wrote:
> > Why can't you export the GPO settings from the GPMC?
> >
> > ASB (My XeeSM Profile)
> > Exploiting Technology for Business Advantage...
> >
> >
> >
> > On Fri, Oct 15, 2010 at 3:54 PM, Kurt Buff  wrote:
> >>
> >> All,
> >>
> >> Early last week, I set up a GPO to setup WSUS entries for
> >> workstations. I've probably fubar'ed something, but I can't figure it
> >> out.
> >>
> >> The issue today is that I've got some random updates (starting last
> >> night and continuing on through today) installing and rebooting
> >> machines - I haven't yet figured out how many machines.
> >>
> >> When I look into the WSUS administrative interface, I see that some of
> >> the updates were approved on Monday evening with a deadline of 4am
> >> Tuesday, and some of the updates were not approved at all, yet
> >> installed anyway starting last night. In particular we don't use WSUS
> >> to distribute the Junk email filters.
> >>
> >> By looking at c:\Windows\WindowsUpdate.log, I see that all of the
> >> updates are being downloaded from the WSUS server, however.
> >>
> >> The 4 updates that seem to be in common so far are:
> >>
> >> - Update for Root Certificates [August 2010] (KB931125)
> >> - Update for Internet Explorer 8 Compatibility View List for
> >> Windows XP (KB2362765)
> >> - Update for Microsoft Office Outlook 2003 Junk Email Filter
> >> (KB2291595)
> >> - Security Update for Microsoft Office Outlook 2003 (KB2293428)
> >>
> >> The above are what installed on my machine, but others have gotten
> >> them, plus others.
> >>
> >> I tried to find a way to export the GPO settings directly, but had to
> >> resort to going into my workstation's registry and exporting the
> >> HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate subtree.
> >>
> >> The Group Policy settings that have been applied to the workstations
> >> are below - can anyone see what I might have done wrong?
> >>
> >> Thanks,
> >>
> >> Kurt
> >>
> >> Key Name:
> >> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
> >> Class Name:
> >> Last Write Time:   2010-10-09 - 17:55
> >> Value 0
> >>  Name:WUServer
> >>  Type:REG_SZ
> >>  Data:http://wsus
> >>
> >> Value 1
> >>  Name:WUStatusServer
> >>  Type:REG_SZ
> >>  Data:http://wsus
> >>
> >> Value 2
> >>  Name:AcceptTrustedPublisherCerts
> >>  Type:REG_DWORD
> >>  Data:0x1
> >>
> >>
> >> Key Name:
> >> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
> >> Class Name:
> >> Last Write Time:   2010-10-09 - 17:55
> >> Value 0
> >>  Name:NoAutoRebootWithLoggedOnUsers
> >>  Type:REG_DWORD
> >>  Data:0x1
> >>
> >> Value 1
> >>  Name:RescheduleWaitTime
> >>  Type:REG_DWORD
> >>  Data:0x1
> >>
> >> Value 2
> >>  Name:UseWUServer
> >>  Type:REG_DWORD
> >>  Data:0x

Re: Group Policy Problems Over Wireless

[Jon Harris]

Lucky you I have to wait until 1 am for it to be here.

Jon

On Fri, Oct 15, 2010 at 8:23 AM, Maglinger, Paul wrote:

>  It’s here!  It’s here!
>
>
>
> *From:* Jon Harris [mailto:jk.har...@gmail.com]
> *Sent:* Thursday, October 14, 2010 5:58 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Group Policy Problems Over Wireless
>
>
>
> Nope one more day, sorry.
>
>
>
> Jon
>
> On Thu, Oct 14, 2010 at 12:25 PM, Raper, Jonathan - Eagle <
> jra...@eaglemds.com> wrote:
>
> Yeah, I obviously missed that too.
>
>
>
> So much for trying to be helpful.
>
>
>
> Is it Friday yet?
>
> Jonathan L. Raper, A+, MCSA, MCSE
> Technology Coordinator
> Eagle Physicians & Associates, PA*
> *jra...@eaglemds.com*
> *www.eaglemds.com
>  --
>
> *From:* Webster [mailto:carlwebs...@gmail.com]
> *Sent:* Thursday, October 14, 2010 12:18 PM
>
>
> *To:* NT System Admin Issues
>
> *Subject:* RE: Group Policy Problems Over Wireless
>
>
>
> From John’s response on Wednesday the 13th:
>
>
>
> There’s “Always wait for the network at computer startup and logon,” but
> I’ve already got that enabled.
>
>
>
>
>
> Webster
>
>
>
> *From:* Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
> *Subject:* RE: Group Policy Problems Over Wireless
>
>
>
> Ok, my mistake – thanks for the clarification.
>
>
>
> If you’re getting all of your policies, but not getting software install,
> then this policy setting will hopefully be your friend:
>
> Computer Configuration à Administrative Templates à System à Logon àAlways 
> wait for the network at computer startup and logon
>
> Straight from the explanation of the GPO setting: “*Note: If you want to
> guarantee the application of Folder Redirection, Software Installation, or
> roaming user profile settings in just one logon, enable this setting to
> ensure that Windows waits for the network to be available before applying
> policy.*”
>
> Note: this GPO setting does not exist prior to AD2003.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>  --
>
> Any medical information contained in this electronic message is
> CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to
> view, copy, disclose, or disseminate CONFIDENTIAL information. This
> electronic message may contain information that is confidential and/or
> legally privileged. It is intended only for the use of the individual(s)
> and/or entity named as recipients in the message. If you are not an intended
> recipient of this message, please notify the sender immediately and delete
> this material from your computer. Do not deliver, distribute or copy this
> message, and do not disclose its contents or take any action in reliance on
> the information that it contains.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Problems Over Wireless

[Raper, Jonathan - Eagle]

John – see point #5. I’m wondering if this is somehow updated/changed in 2008 
to account for Vista, but the policy setting “Always wait for the network at 
computer startup and logon” in 2003 does not natively apply to Vista (as was 
alluded to in this thread yesterday…)



http://www.itechtalk.com/thread1978.html





I’m wondering if there is an Administrative Template for Vista that could be 
loaded into 2003 that would address this. I don’t have a test environment that 
I can load the admx files into right now…



http://www.microsoft.com/downloads/en/details.aspx?FamilyID=05d0598b-95f9-4bdd-af36-b365d68ec5f6&DisplayLang=en



I’m sure you’ve already seen this, but in case it is helpful to anyone else:



http://technet.microsoft.com/en-us/library/cc758898(WS.10).aspx



Note the “grey note” section about software installation toward the bottom of 
that section:



“The Software Installation and Folder Redirection extensions process policy 
only during the initial run because it is risky to process policy in the 
background. For example, with Software Installation application upgrades, 
applications are installed during the initial run and not in the background. If 
it were done in the background, a user could be running an application, and 
then have it uninstalled and a new version installed. The application could 
also have a shared component that is in use by another application. This would 
prevent the installation from completing successfully.”



Someone else has run into the same situation with win7, it seems. Just for 
kicks, have you tried turning off UAC on one of your clients as a test?



http://social.technet.microsoft.com/Forums/en-US/w7itproinstall/thread/bcf38d47-c4b6-4355-a79f-1f256bbed933



HTH... Have a good weekend.



Jonathan L. Raper, A+, MCSA, MCSE

Technology Coordinator

Eagle Physicians & Associates, PA

jra...@eaglemds.com

www.eaglemds.com



From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]

Sent: Friday, October 15, 2010 3:07 PM

To: NT System Admin Issues

Subject: RE: Group Policy Problems Over Wireless



Today, one of my technicians disabled the wired interfaces on a few machines. 
It’ll take a little testing to see if this fixes things.



But I’ve had some other thoughts about this, relating to the wireless 
network—so I’m trying a couple of other tricks.



I’ll definitely post an update to the list as soon as I come up with something.







From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]

Sent: Friday, October 15, 2010 3:04 PM

To: NT System Admin Issues

Subject: RE: Group Policy Problems Over Wireless



Hey John – any luck?



Jonathan L. Raper, A+, MCSA, MCSE

Technology Coordinator

Eagle Physicians & Associates, PA

jra...@eaglemds.com

www.eaglemds.com



From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]

Sent: Thursday, October 14, 2010 2:02 PM

To: NT System Admin Issues

Subject: RE: Group Policy Problems Over Wireless



It’s hard to keep up with the information flow. Heck, I missed Carl’s 
suggestion that I disable the wired interfaces. Thank goodness he repeated 
himself. Well, unless that doesn’t work.  :)







From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]

Sent: Thursday, October 14, 2010 12:25 PM

To: NT System Admin Issues

Subject: RE: Group Policy Problems Over Wireless



Yeah, I obviously missed that too.



So much for trying to be helpful.



Is it Friday yet?

Jonathan L. Raper, A+, MCSA, MCSE

Technology Coordinator

Eagle Physicians & Associates, PA

jra...@eaglemds.com

www.eaglemds.com



From: Webster [mailto:carlwebs...@gmail.com]

Sent: Thursday, October 14, 2010 12:18 PM

To: NT System Admin Issues

Subject: RE: Group Policy Problems Over Wireless



From John’s response on Wednesday the 13th:



There’s “Always wait for the network at computer startup and logon,” but I’ve 
already got that enabled.





Webster



From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]

Subject: RE: Group Policy Problems Over Wireless



Ok, my mistake – thanks for the clarification.



If you’re getting all of your policies, but not getting software install, then 
this policy setting will hopefully be your friend:

Computer Configuration → Administrative Templates → System → Logon → Always 
wait for the network at computer startup and logon



Straight from the explanation of the GPO setting: “Note: If you want to 
guarantee the application of Folder Redirection, Software Installation, or 
roaming user profile settings in just one logon, enable this setting to ensure 
that Windows waits for the network to be available before applying policy.”



Note: this GPO setting does not exist prior to AD2003.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~

~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~



---

To

Re: Group Policy setup for WSUS?

[Kurt Buff]

Because I'm a complete idio^H^H^H^newb at GPO stuff, and didn't know?
I even googled, and didn't find that, but it's completely obvious once
you said it.

Sigh.

Setting State
Do not display 'Install Updates and Shut Down' option in Shut Down
Windows dialog box  Enabled
Do not adjust default option to 'Install Updates and Shut Down' in
Shut Down Windows dialog boxDisabled
Configure Automatic Updates Enabled
Specify intranet Microsoft update service location  Enabled
Enable client-side targetingNot configured
Reschedule Automatic Updates scheduled installationsNot configured
No auto-restart with logged on users for scheduled automatic updates
installations   Enabled
Automatic Updates detection frequency   Enabled
Allow Automatic Updates immediate installation  Enabled
Delay Restart for scheduled installations   Enabled
Re-prompt for restart with scheduled installations  Enabled
Allow non-administrators to receive update notificationsNot configured
Enable recommended updates via Automatic UpdatesNot configured
Enabling Windows Update Power Management to automatically wake up the
system to install scheduled updates Enabled
Allow signed content from intranet Microsoft update service locationEnabled


On Fri, Oct 15, 2010 at 13:18, Andrew S. Baker  wrote:
> Why can't you export the GPO settings from the GPMC?
>
> ASB (My XeeSM Profile)
> Exploiting Technology for Business Advantage...
>
>
>
> On Fri, Oct 15, 2010 at 3:54 PM, Kurt Buff  wrote:
>>
>> All,
>>
>> Early last week, I set up a GPO to setup WSUS entries for
>> workstations. I've probably fubar'ed something, but I can't figure it
>> out.
>>
>> The issue today is that I've got some random updates (starting last
>> night and continuing on through today) installing and rebooting
>> machines - I haven't yet figured out how many machines.
>>
>> When I look into the WSUS administrative interface, I see that some of
>> the updates were approved on Monday evening with a deadline of 4am
>> Tuesday, and some of the updates were not approved at all, yet
>> installed anyway starting last night. In particular we don't use WSUS
>> to distribute the Junk email filters.
>>
>> By looking at c:\Windows\WindowsUpdate.log, I see that all of the
>> updates are being downloaded from the WSUS server, however.
>>
>> The 4 updates that seem to be in common so far are:
>>
>>     - Update for Root Certificates [August 2010] (KB931125)
>>     - Update for Internet Explorer 8 Compatibility View List for
>> Windows XP (KB2362765)
>>     - Update for Microsoft Office Outlook 2003 Junk Email Filter
>> (KB2291595)
>>     - Security Update for Microsoft Office Outlook 2003 (KB2293428)
>>
>> The above are what installed on my machine, but others have gotten
>> them, plus others.
>>
>> I tried to find a way to export the GPO settings directly, but had to
>> resort to going into my workstation's registry and exporting the
>> HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate subtree.
>>
>> The Group Policy settings that have been applied to the workstations
>> are below - can anyone see what I might have done wrong?
>>
>> Thanks,
>>
>> Kurt
>>
>> Key Name:
>> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
>> Class Name:        
>> Last Write Time:   2010-10-09 - 17:55
>> Value 0
>>  Name:            WUServer
>>  Type:            REG_SZ
>>  Data:            http://wsus
>>
>> Value 1
>>  Name:            WUStatusServer
>>  Type:            REG_SZ
>>  Data:            http://wsus
>>
>> Value 2
>>  Name:            AcceptTrustedPublisherCerts
>>  Type:            REG_DWORD
>>  Data:            0x1
>>
>>
>> Key Name:
>> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
>> Class Name:        
>> Last Write Time:   2010-10-09 - 17:55
>> Value 0
>>  Name:            NoAutoRebootWithLoggedOnUsers
>>  Type:            REG_DWORD
>>  Data:            0x1
>>
>> Value 1
>>  Name:            RescheduleWaitTime
>>  Type:            REG_DWORD
>>  Data:            0x1
>>
>> Value 2
>>  Name:            UseWUServer
>>  Type:            REG_DWORD
>>  Data:            0x1
>>
>> Value 3
>>  Name:            DetectionFrequencyEnabled
>>  Type:            REG_DWORD
>>  Data:            0x1
>>
>> Value 4
>>  Name:            DetectionFrequency
>>  Type:            REG_DWORD
>>  Data:            0x8
>>
>> Value 5
>>  Name:            AutoInstallMinorUpdates
>>  Type:            REG_DWORD
>>  Data:            0x1
>>
>> Value 6
>>  Name:            RebootWarningTimeoutEnabled
>>  Type:            REG_DWORD
>>  Data:            0x1
>>
>> Value 7
>>  Name:            RebootWarningTimeout
>>  Type:            REG_DWORD
>>  Data:            0x5
>>
>> Value 8
>>  Name:            RebootRelaunchTimeoutEnabled
>>  Type:            REG_DWORD
>>  Data:            0x1
>>
>> Value 9
>>  Name:            RebootRelaunchTimeout
>>  Type:            REG_DWORD
>>  Data:            0xa
>>
>> Value 10
>>  Name:            AUPowerMan

Re: Group Policy setup for WSUS?

[Andrew S. Baker]

Why can't you export the GPO settings from the GPMC?


*ASB *(My XeeSM Profile) 
*Exploiting Technology for Business Advantage...*
* *



On Fri, Oct 15, 2010 at 3:54 PM, Kurt Buff  wrote:

> All,
>
> Early last week, I set up a GPO to setup WSUS entries for
> workstations. I've probably fubar'ed something, but I can't figure it
> out.
>
> The issue today is that I've got some random updates (starting last
> night and continuing on through today) installing and rebooting
> machines - I haven't yet figured out how many machines.
>
> When I look into the WSUS administrative interface, I see that some of
> the updates were approved on Monday evening with a deadline of 4am
> Tuesday, and some of the updates were not approved at all, yet
> installed anyway starting last night. In particular we don't use WSUS
> to distribute the Junk email filters.
>
> By looking at c:\Windows\WindowsUpdate.log, I see that all of the
> updates are being downloaded from the WSUS server, however.
>
> The 4 updates that seem to be in common so far are:
>
> - Update for Root Certificates [August 2010] (KB931125)
> - Update for Internet Explorer 8 Compatibility View List for
> Windows XP (KB2362765)
> - Update for Microsoft Office Outlook 2003 Junk Email Filter
> (KB2291595)
> - Security Update for Microsoft Office Outlook 2003 (KB2293428)
>
> The above are what installed on my machine, but others have gotten
> them, plus others.
>
> I tried to find a way to export the GPO settings directly, but had to
> resort to going into my workstation's registry and exporting the
> HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate subtree.
>
> The Group Policy settings that have been applied to the workstations
> are below - can anyone see what I might have done wrong?
>
> Thanks,
>
> Kurt
>
> Key Name:
> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
> Class Name:
> Last Write Time:   2010-10-09 - 17:55
> Value 0
>  Name:WUServer
>  Type:REG_SZ
>  Data:http://wsus
>
> Value 1
>  Name:WUStatusServer
>  Type:REG_SZ
>  Data:http://wsus
>
> Value 2
>  Name:AcceptTrustedPublisherCerts
>  Type:REG_DWORD
>  Data:0x1
>
>
> Key Name:
> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
> Class Name:
> Last Write Time:   2010-10-09 - 17:55
> Value 0
>  Name:NoAutoRebootWithLoggedOnUsers
>  Type:REG_DWORD
>  Data:0x1
>
> Value 1
>  Name:RescheduleWaitTime
>  Type:REG_DWORD
>  Data:0x1
>
> Value 2
>  Name:UseWUServer
>  Type:REG_DWORD
>  Data:0x1
>
> Value 3
>  Name:DetectionFrequencyEnabled
>  Type:REG_DWORD
>  Data:0x1
>
> Value 4
>  Name:DetectionFrequency
>  Type:REG_DWORD
>  Data:0x8
>
> Value 5
>  Name:AutoInstallMinorUpdates
>  Type:REG_DWORD
>  Data:0x1
>
> Value 6
>  Name:RebootWarningTimeoutEnabled
>  Type:REG_DWORD
>  Data:0x1
>
> Value 7
>  Name:RebootWarningTimeout
>  Type:REG_DWORD
>  Data:0x5
>
> Value 8
>  Name:RebootRelaunchTimeoutEnabled
>  Type:REG_DWORD
>  Data:0x1
>
> Value 9
>  Name:RebootRelaunchTimeout
>  Type:REG_DWORD
>  Data:0xa
>
> Value 10
>  Name:AUPowerManagement
>  Type:REG_DWORD
>  Data:0x1
>
> Value 11
>  Name:NoAutoUpdate
>  Type:REG_DWORD
>  Data:0x0
>
> Value 12
>  Name:AUOptions
>  Type:REG_DWORD
>  Data:0x4
>
> Value 13
>  Name:ScheduledInstallDay
>  Type:REG_DWORD
>  Data:0x0
>
> Value 14
>  Name:ScheduledInstallTime
>  Type:REG_DWORD
>  Data:0x3
>
> Value 15
>  Name:NoAUShutdownOption
>  Type:REG_DWORD
>  Data:0x1
>
> Value 16
>  Name:NoAUAsDefaultShutdownOption
>  Type:REG_DWORD
>  Data:0x0
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Problems Over Wireless

[John Hornbuckle]

Today, one of my technicians disabled the wired interfaces on a few machines. 
It'll take a little testing to see if this fixes things.

But I've had some other thoughts about this, relating to the wireless 
network-so I'm trying a couple of other tricks.

I'll definitely post an update to the list as soon as I come up with something.



From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
Sent: Friday, October 15, 2010 3:04 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Hey John - any luck?


Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.commailto:%20jra...@eaglemds.com>
www.eaglemds.comhttp://www.eaglemds.com/>


From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Thursday, October 14, 2010 2:02 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

It's hard to keep up with the information flow. Heck, I missed Carl's 
suggestion that I disable the wired interfaces. Thank goodness he repeated 
himself. Well, unless that doesn't work.  :)



From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
Sent: Thursday, October 14, 2010 12:25 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Yeah, I obviously missed that too.

So much for trying to be helpful.

Is it Friday yet?

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.commailto:%20jra...@eaglemds.com>
www.eaglemds.comhttp://www.eaglemds.com/>


From: Webster [mailto:carlwebs...@gmail.com]
Sent: Thursday, October 14, 2010 12:18 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

>From John's response on Wednesday the 13th:

There's "Always wait for the network at computer startup and 
logon," but I've already got that enabled.


Webster

From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
Subject: RE: Group Policy Problems Over Wireless

Ok, my mistake - thanks for the clarification.

If you're getting all of your policies, but not getting software install, then 
this policy setting will hopefully be your friend:

Computer Configuration --> Administrative Templates --> System --> Logon --> 
Always wait for the network at computer startup and logon

Straight from the explanation of the GPO setting: "Note: If you want to 
guarantee the application of Folder Redirection, Software Installation, or 
roaming user profile settings in just one logon, enable this setting to ensure 
that Windows waits for the network to be available before applying policy."

Note: this GPO setting does not exist prior to AD2003.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


Any medical information contained in this electronic message is CONFIDENTIAL 
and privileged. It is unlawful for unauthorized persons to view, copy, 
disclose, or disseminate CONFIDENTIAL information. This electronic message may 
contain information that is confidential and/or legally privileged. It is 
intended only for the use of the individual(s) and/or entity named as 
recipients in the message. If you are not an intended recipient of this 
message, please notify the sender immediately and delete this material from 
your computer. Do not deliver, distribute or copy this message, and do not 
disclose its contents or take any action in reliance on the information that it 
contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyr

RE: Group Policy Problems Over Wireless

[Raper, Jonathan - Eagle]

Hey John - any luck?


Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.commailto:%20jra...@eaglemds.com>
www.eaglemds.comhttp://www.eaglemds.com/>


From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Thursday, October 14, 2010 2:02 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

It's hard to keep up with the information flow. Heck, I missed Carl's 
suggestion that I disable the wired interfaces. Thank goodness he repeated 
himself. Well, unless that doesn't work.  :)



From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
Sent: Thursday, October 14, 2010 12:25 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Yeah, I obviously missed that too.

So much for trying to be helpful.

Is it Friday yet?

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.commailto:%20jra...@eaglemds.com>
www.eaglemds.comhttp://www.eaglemds.com/>


From: Webster [mailto:carlwebs...@gmail.com]
Sent: Thursday, October 14, 2010 12:18 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

>From John's response on Wednesday the 13th:

There's "Always wait for the network at computer startup and 
logon," but I've already got that enabled.


Webster

From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
Subject: RE: Group Policy Problems Over Wireless

Ok, my mistake - thanks for the clarification.

If you're getting all of your policies, but not getting software install, then 
this policy setting will hopefully be your friend:

Computer Configuration --> Administrative Templates --> System --> Logon --> 
Always wait for the network at computer startup and logon

Straight from the explanation of the GPO setting: "Note: If you want to 
guarantee the application of Folder Redirection, Software Installation, or 
roaming user profile settings in just one logon, enable this setting to ensure 
that Windows waits for the network to be available before applying policy."

Note: this GPO setting does not exist prior to AD2003.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


Any medical information contained in this electronic message is CONFIDENTIAL 
and privileged. It is unlawful for unauthorized persons to view, copy, 
disclose, or disseminate CONFIDENTIAL information. This electronic message may 
contain information that is confidential and/or legally privileged. It is 
intended only for the use of the individual(s) and/or entity named as 
recipients in the message. If you are not an intended recipient of this 
message, please notify the sender immediately and delete this material from 
your computer. Do not deliver, distribute or copy this message, and do not 
disclose its contents or take any action in reliance on the information that it 
contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Problems Over Wireless

[Maglinger, Paul]

It's here!  It's here!

 

From: Jon Harris [mailto:jk.har...@gmail.com] 
Sent: Thursday, October 14, 2010 5:58 PM
To: NT System Admin Issues
Subject: Re: Group Policy Problems Over Wireless

 

Nope one more day, sorry.

 

Jon

On Thu, Oct 14, 2010 at 12:25 PM, Raper, Jonathan - Eagle  
wrote:

Yeah, I obviously missed that too.

 

So much for trying to be helpful.

 

Is it Friday yet?

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.com
www.eaglemds.com 



From: Webster [mailto:carlwebs...@gmail.com] 
Sent: Thursday, October 14, 2010 12:18 PM 


To: NT System Admin Issues

Subject: RE: Group Policy Problems Over Wireless

 

>From John's response on Wednesday the 13th:

 

There's "Always wait for the network at computer startup and logon," but I've 
already got that enabled.

 

 

Webster

 

From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] 
Subject: RE: Group Policy Problems Over Wireless

 

Ok, my mistake - thanks for the clarification.

 

If you're getting all of your policies, but not getting software install, then 
this policy setting will hopefully be your friend:

Computer Configuration à Administrative Templates à System à Logon à Always 
wait for the network at computer startup and logon 

Straight from the explanation of the GPO setting: "Note: If you want to 
guarantee the application of Folder Redirection, Software Installation, or 
roaming user profile settings in just one logon, enable this setting to ensure 
that Windows waits for the network to be available before applying policy."

Note: this GPO setting does not exist prior to AD2003.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 



Any medical information contained in this electronic message is CONFIDENTIAL 
and privileged. It is unlawful for unauthorized persons to view, copy, 
disclose, or disseminate CONFIDENTIAL information. This electronic message may 
contain information that is confidential and/or legally privileged. It is 
intended only for the use of the individual(s) and/or entity named as 
recipients in the message. If you are not an intended recipient of this 
message, please notify the sender immediately and delete this material from 
your computer. Do not deliver, distribute or copy this message, and do not 
disclose its contents or take any action in reliance on the information that it 
contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Group Policy Problems Over Wireless

[Jon Harris]

Nope one more day, sorry.

Jon

On Thu, Oct 14, 2010 at 12:25 PM, Raper, Jonathan - Eagle <
jra...@eaglemds.com> wrote:

>  Yeah, I obviously missed that too.
>
>
>
> So much for trying to be helpful.
>
>
>
> Is it Friday yet?
>
> Jonathan L. Raper, A+, MCSA, MCSE
> Technology Coordinator
> Eagle Physicians & Associates, PA*
> *jra...@eaglemds.com*
> *www.eaglemds.com
>  --
>
> *From:* Webster [mailto:carlwebs...@gmail.com]
> *Sent:* Thursday, October 14, 2010 12:18 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Group Policy Problems Over Wireless
>
>
>
> From John’s response on Wednesday the 13th:
>
>
>
> There’s “Always wait for the network at computer startup and logon,” but
> I’ve already got that enabled.
>
>
>
>
>
> Webster
>
>
>
> *From:* Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
> *Subject:* RE: Group Policy Problems Over Wireless
>
>
>
> Ok, my mistake – thanks for the clarification.
>
>
>
> If you’re getting all of your policies, but not getting software install,
> then this policy setting will hopefully be your friend:
>
> Computer Configuration à Administrative Templates à System à Logon àAlways 
> wait for the network at computer startup and logon
>
> Straight from the explanation of the GPO setting: “*Note: If you want to
> guarantee the application of Folder Redirection, Software Installation, or
> roaming user profile settings in just one logon, enable this setting to
> ensure that Windows waits for the network to be available before applying
> policy.*”
>
> Note: this GPO setting does not exist prior to AD2003.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>  --
> Any medical information contained in this electronic message is
> CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to
> view, copy, disclose, or disseminate CONFIDENTIAL information. This
> electronic message may contain information that is confidential and/or
> legally privileged. It is intended only for the use of the individual(s)
> and/or entity named as recipients in the message. If you are not an intended
> recipient of this message, please notify the sender immediately and delete
> this material from your computer. Do not deliver, distribute or copy this
> message, and do not disclose its contents or take any action in reliance on
> the information that it contains.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Problems Over Wireless

[Glen Johnson]

Makes sense, and thanks for the explanation.
But this makes me wonder if the maybe the gp setting, wait for network and 
startup policy processing, aren't waiting for valid network data, but just a 
link being established.
Anyway, on to the next issue.
Glen.

-Original Message-
From: Phil Brutsche [mailto:p...@optimumdata.com] 
Sent: Thursday, October 14, 2010 2:49 PM
To: NT System Admin Issues
Subject: Re: Group Policy Problems Over Wireless

Portfast is a spanning tree feature; it refers to how quickly a switch port 
will move from the learning state to the forwarding state.

Portfast enabled -> plug the cable in, the port is immediately in the 
forwarding state, but you run the risk of brief ethernet loops.

Portfast disabled -> plug the cable in, the switch will listen for 802.1d or 
802.1w spanning tree PDUs for either 30 seconds (normal 802.1d spanning trees) 
or 10 seconds (802.1w rapid spanning trees) before passing traffic.

Wireless gear tends to not have such a thing; access points typically do not 
forward STP PDUs.

I'm not saying your problem isn't related, it's that in my environment I ALWAYS 
have portfast enabled on "edge" (ie end-user station) ports; I am 110% certain 
that spanning tree configuration was not *my* problem, nor are spanning trees 
the OP's problem.

On 10/14/2010 1:26 PM, Glen Johnson wrote:
> I've been fighting a similar problem here and just solved it Although 
> our connections are wired, we've been seeing some strange GP problems.
> Had all the group policy settings, wait for network, startup policy 
> processing set.  Ran dcdiag and several other tests, nothing came up.
> Finally found an error in the even log. Unable to establish a secure session 
> with any domain controllers, error number 5719.
> Googled that and MS had a note about enabling  portfast on the switch.
> Bingo.
> Now anyone know of a similar config for wireless that would be similar?

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Problems Over Wireless

[Raper, Jonathan - Eagle]

I don't THINK it will, but I could be wrong. Let us know!


Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.commailto:%20jra...@eaglemds.com>
www.eaglemds.comhttp://www.eaglemds.com/>


From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Thursday, October 14, 2010 2:02 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

It's hard to keep up with the information flow. Heck, I missed Carl's 
suggestion that I disable the wired interfaces. Thank goodness he repeated 
himself. Well, unless that doesn't work.  :)



From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
Sent: Thursday, October 14, 2010 12:25 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Yeah, I obviously missed that too.

So much for trying to be helpful.

Is it Friday yet?

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.commailto:%20jra...@eaglemds.com>
www.eaglemds.comhttp://www.eaglemds.com/>


From: Webster [mailto:carlwebs...@gmail.com]
Sent: Thursday, October 14, 2010 12:18 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

>From John's response on Wednesday the 13th:

There's "Always wait for the network at computer startup and 
logon," but I've already got that enabled.


Webster

From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
Subject: RE: Group Policy Problems Over Wireless

Ok, my mistake - thanks for the clarification.

If you're getting all of your policies, but not getting software install, then 
this policy setting will hopefully be your friend:

Computer Configuration --> Administrative Templates --> System --> Logon --> 
Always wait for the network at computer startup and logon

Straight from the explanation of the GPO setting: "Note: If you want to 
guarantee the application of Folder Redirection, Software Installation, or 
roaming user profile settings in just one logon, enable this setting to ensure 
that Windows waits for the network to be available before applying policy."

Note: this GPO setting does not exist prior to AD2003.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


Any medical information contained in this electronic message is CONFIDENTIAL 
and privileged. It is unlawful for unauthorized persons to view, copy, 
disclose, or disseminate CONFIDENTIAL information. This electronic message may 
contain information that is confidential and/or legally privileged. It is 
intended only for the use of the individual(s) and/or entity named as 
recipients in the message. If you are not an intended recipient of this 
message, please notify the sender immediately and delete this material from 
your computer. Do not deliver, distribute or copy this message, and do not 
disclose its contents or take any action in reliance on the information that it 
contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Problems Over Wireless

[Raper, Jonathan - Eagle]

+1 Agreed.

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.com
www.eaglemds.com


-Original Message-
From: Phil Brutsche [mailto:p...@optimumdata.com]
Sent: Thursday, October 14, 2010 2:49 PM
To: NT System Admin Issues
Subject: Re: Group Policy Problems Over Wireless

Portfast is a spanning tree feature; it refers to how quickly a switch
port will move from the learning state to the forwarding state.

Portfast enabled -> plug the cable in, the port is immediately in the
forwarding state, but you run the risk of brief ethernet loops.

Portfast disabled -> plug the cable in, the switch will listen for
802.1d or 802.1w spanning tree PDUs for either 30 seconds (normal 802.1d
spanning trees) or 10 seconds (802.1w rapid spanning trees) before
passing traffic.

Wireless gear tends to not have such a thing; access points typically do
not forward STP PDUs.

I'm not saying your problem isn't related, it's that in my environment I
ALWAYS have portfast enabled on "edge" (ie end-user station) ports; I am
110% certain that spanning tree configuration was not *my* problem, nor
are spanning trees the OP's problem.

On 10/14/2010 1:26 PM, Glen Johnson wrote:
> I've been fighting a similar problem here and just solved it
> Although our connections are wired, we've been seeing some strange GP 
> problems.
> Had all the group policy settings, wait for network, startup policy 
> processing set.  Ran dcdiag and several other tests, nothing came up.
> Finally found an error in the even log. Unable to establish a secure session 
> with any domain controllers, error number 5719.
> Googled that and MS had a note about enabling  portfast on the switch.
> Bingo.
> Now anyone know of a similar config for wireless that would be similar?

--

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Any medical information contained in this electronic message is CONFIDENTIAL 
and privileged. It is unlawful for unauthorized persons to view, copy, 
disclose, or disseminate CONFIDENTIAL information. This electronic message may 
contain information that is confidential and/or legally privileged. It is 
intended only for the use of the individual(s) and/or entity named as 
recipients in the message. If you are not an intended recipient of this 
message, please notify the sender immediately and delete this material from 
your computer. Do not deliver, distribute or copy this message, and do not 
disclose its contents or take any action in reliance on the information that it 
contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Group Policy Problems Over Wireless

[Phil Brutsche]

Portfast is a spanning tree feature; it refers to how quickly a switch
port will move from the learning state to the forwarding state.

Portfast enabled -> plug the cable in, the port is immediately in the
forwarding state, but you run the risk of brief ethernet loops.

Portfast disabled -> plug the cable in, the switch will listen for
802.1d or 802.1w spanning tree PDUs for either 30 seconds (normal 802.1d
spanning trees) or 10 seconds (802.1w rapid spanning trees) before
passing traffic.

Wireless gear tends to not have such a thing; access points typically do
not forward STP PDUs.

I'm not saying your problem isn't related, it's that in my environment I
ALWAYS have portfast enabled on "edge" (ie end-user station) ports; I am
110% certain that spanning tree configuration was not *my* problem, nor
are spanning trees the OP's problem.

On 10/14/2010 1:26 PM, Glen Johnson wrote:
> I've been fighting a similar problem here and just solved it
> Although our connections are wired, we've been seeing some strange GP 
> problems.
> Had all the group policy settings, wait for network, startup policy 
> processing set.  Ran dcdiag and several other tests, nothing came up.
> Finally found an error in the even log. Unable to establish a secure session 
> with any domain controllers, error number 5719.
> Googled that and MS had a note about enabling  portfast on the switch.
> Bingo.
> Now anyone know of a similar config for wireless that would be similar?

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Problems Over Wireless

[Glen Johnson]

I've been  fighting a similar problem here and just solved it
Although our connections are wired, we've been seeing some strange GP problems.
Had all the group policy settings, wait for network, startup policy processing 
set.  Ran dcdiag and several other tests, nothing came up.
Finally found an error in the even log. Unable to establish a secure session 
with any domain controllers, error number 5719.
Googled that and MS had a note about enabling  portfast on the switch.
Bingo.
Now anyone know of a similar config for wireless that would be similar?

-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Thursday, October 14, 2010 2:07 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

According to the documentation for that setting, not configuring it at all 
causes the default setting of 30 seconds to use. So if you enable the setting 
and put it at 30 seconds, theoretically you're not really changing anything, 
right?



-Original Message-
From: Phil Brutsche [mailto:p...@optimumdata.com]
Sent: Thursday, October 14, 2010 1:07 PM
To: NT System Admin Issues
Subject: Re: Group Policy Problems Over Wireless

I've had a similar problem with some of our Windows 7 machines - the machine 
comes up faster than the network connection, and software installation policies 
weren't taking affect due to the missing network connectivity. The machine in 
question is a desktop connected via gigabit, but the symptoms are similar.

I had enable the following policy setting:

Computer Configuration \ Administrative Templates \ System \ Group Policy \ 
Startup policy processing wait time

I chose 30 seconds as the wait time.

The policy setting you mention doesn't seem to apply to OSes newer than Windows 
XP.

On 10/14/2010 11:11 AM, Raper, Jonathan - Eagle wrote:
> Ok, my mistake - thanks for the clarification.
> 
>  
> 
> If you're getting all of your policies, but not getting software 
> install, then this policy setting will hopefully be your friend:
> 
> Computer Configuration à Administrative Templates à System à Logon à 
> Always wait for the network at computer startup and logon
> 
> Straight from the explanation of the GPO setting: "/Note: If you want 
> to guarantee the application of Folder Redirection, Software 
> Installation, or roaming user profile settings in just one logon, 
> enable this setting to ensure that Windows waits for the network to be 
> available before applying policy./"
> 
> Note: this GPO setting does not exist prior to AD2003.

-- 

Phil Brutsche
p...@optimumdata.com


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Group Policy Problems Over Wireless

[Phil Brutsche]

That's what the documentation says, but the documentation ran contrary
to my experience.

On 10/14/2010 1:06 PM, John Hornbuckle wrote:
> According to the documentation for that setting, not configuring it
> at all causes the default setting of 30 seconds to use. So if you
> enable the setting and put it at 30 seconds, theoretically you're not
> really changing anything, right?

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Problems Over Wireless

[John Hornbuckle]

According to the documentation for that setting, not configuring it at all 
causes the default setting of 30 seconds to use. So if you enable the setting 
and put it at 30 seconds, theoretically you're not really changing anything, 
right?



-Original Message-
From: Phil Brutsche [mailto:p...@optimumdata.com] 
Sent: Thursday, October 14, 2010 1:07 PM
To: NT System Admin Issues
Subject: Re: Group Policy Problems Over Wireless

I've had a similar problem with some of our Windows 7 machines - the machine 
comes up faster than the network connection, and software installation policies 
weren't taking affect due to the missing network connectivity. The machine in 
question is a desktop connected via gigabit, but the symptoms are similar.

I had enable the following policy setting:

Computer Configuration \ Administrative Templates \ System \ Group Policy \ 
Startup policy processing wait time

I chose 30 seconds as the wait time.

The policy setting you mention doesn't seem to apply to OSes newer than Windows 
XP.

On 10/14/2010 11:11 AM, Raper, Jonathan - Eagle wrote:
> Ok, my mistake - thanks for the clarification.
> 
>  
> 
> If you're getting all of your policies, but not getting software 
> install, then this policy setting will hopefully be your friend:
> 
> Computer Configuration à Administrative Templates à System à Logon à 
> Always wait for the network at computer startup and logon
> 
> Straight from the explanation of the GPO setting: "/Note: If you want 
> to guarantee the application of Folder Redirection, Software 
> Installation, or roaming user profile settings in just one logon, 
> enable this setting to ensure that Windows waits for the network to be 
> available before applying policy./"
> 
> Note: this GPO setting does not exist prior to AD2003.

-- 

Phil Brutsche
p...@optimumdata.com


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Problems Over Wireless

[John Hornbuckle]

It's hard to keep up with the information flow. Heck, I missed Carl's 
suggestion that I disable the wired interfaces. Thank goodness he repeated 
himself. Well, unless that doesn't work.  :)



From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
Sent: Thursday, October 14, 2010 12:25 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Yeah, I obviously missed that too.

So much for trying to be helpful.

Is it Friday yet?

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.commailto:%20jra...@eaglemds.com>
www.eaglemds.comhttp://www.eaglemds.com/>


From: Webster [mailto:carlwebs...@gmail.com]
Sent: Thursday, October 14, 2010 12:18 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

>From John's response on Wednesday the 13th:

There's "Always wait for the network at computer startup and 
logon," but I've already got that enabled.


Webster

From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
Subject: RE: Group Policy Problems Over Wireless

Ok, my mistake - thanks for the clarification.

If you're getting all of your policies, but not getting software install, then 
this policy setting will hopefully be your friend:

Computer Configuration --> Administrative Templates --> System --> Logon --> 
Always wait for the network at computer startup and logon

Straight from the explanation of the GPO setting: "Note: If you want to 
guarantee the application of Folder Redirection, Software Installation, or 
roaming user profile settings in just one logon, enable this setting to ensure 
that Windows waits for the network to be available before applying policy."

Note: this GPO setting does not exist prior to AD2003.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


Any medical information contained in this electronic message is CONFIDENTIAL 
and privileged. It is unlawful for unauthorized persons to view, copy, 
disclose, or disseminate CONFIDENTIAL information. This electronic message may 
contain information that is confidential and/or legally privileged. It is 
intended only for the use of the individual(s) and/or entity named as 
recipients in the message. If you are not an intended recipient of this 
message, please notify the sender immediately and delete this material from 
your computer. Do not deliver, distribute or copy this message, and do not 
disclose its contents or take any action in reliance on the information that it 
contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Problems Over Wireless

[Raper, Jonathan - Eagle]

I wondered that, but I haven't been able to find anything that would confirm or 
deny whether or not that policy setting would impact Vista clients...

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.com
www.eaglemds.com


-Original Message-
From: Phil Brutsche [mailto:p...@optimumdata.com]
Sent: Thursday, October 14, 2010 1:07 PM
To: NT System Admin Issues
Subject: Re: Group Policy Problems Over Wireless

I've had a similar problem with some of our Windows 7 machines - the
machine comes up faster than the network connection, and software
installation policies weren't taking affect due to the missing network
connectivity. The machine in question is a desktop connected via
gigabit, but the symptoms are similar.

I had enable the following policy setting:

Computer Configuration \ Administrative Templates \ System \ Group
Policy \ Startup policy processing wait time

I chose 30 seconds as the wait time.

The policy setting you mention doesn't seem to apply to OSes newer than
Windows XP.

On 10/14/2010 11:11 AM, Raper, Jonathan - Eagle wrote:
> Ok, my mistake - thanks for the clarification.
>
>
>
> If you're getting all of your policies, but not getting software
> install, then this policy setting will hopefully be your friend:
>
> Computer Configuration à Administrative Templates à System à Logon à
> Always wait for the network at computer startup and logon
>
> Straight from the explanation of the GPO setting: "/Note: If you want to
> guarantee the application of Folder Redirection, Software Installation,
> or roaming user profile settings in just one logon, enable this setting
> to ensure that Windows waits for the network to be available before
> applying policy./"
>
> Note: this GPO setting does not exist prior to AD2003.

--

Phil Brutsche
p...@optimumdata.com


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


Any medical information contained in this electronic message is CONFIDENTIAL 
and privileged. It is unlawful for unauthorized persons to view, copy, 
disclose, or disseminate CONFIDENTIAL information. This electronic message may 
contain information that is confidential and/or legally privileged. It is 
intended only for the use of the individual(s) and/or entity named as 
recipients in the message. If you are not an intended recipient of this 
message, please notify the sender immediately and delete this material from 
your computer. Do not deliver, distribute or copy this message, and do not 
disclose its contents or take any action in reliance on the information that it 
contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Group Policy Problems Over Wireless

[Phil Brutsche]

I've had a similar problem with some of our Windows 7 machines - the
machine comes up faster than the network connection, and software
installation policies weren't taking affect due to the missing network
connectivity. The machine in question is a desktop connected via
gigabit, but the symptoms are similar.

I had enable the following policy setting:

Computer Configuration \ Administrative Templates \ System \ Group
Policy \ Startup policy processing wait time

I chose 30 seconds as the wait time.

The policy setting you mention doesn't seem to apply to OSes newer than
Windows XP.

On 10/14/2010 11:11 AM, Raper, Jonathan - Eagle wrote:
> Ok, my mistake – thanks for the clarification.
> 
>  
> 
> If you’re getting all of your policies, but not getting software
> install, then this policy setting will hopefully be your friend:
> 
> Computer Configuration à Administrative Templates à System à Logon à
> Always wait for the network at computer startup and logon
> 
> Straight from the explanation of the GPO setting: “/Note: If you want to
> guarantee the application of Folder Redirection, Software Installation,
> or roaming user profile settings in just one logon, enable this setting
> to ensure that Windows waits for the network to be available before
> applying policy./”
> 
> Note: this GPO setting does not exist prior to AD2003.

-- 

Phil Brutsche
p...@optimumdata.com


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Problems Over Wireless

[Raper, Jonathan - Eagle]

Yeah, I obviously missed that too.

So much for trying to be helpful.

Is it Friday yet?

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.commailto:%20jra...@eaglemds.com>
www.eaglemds.comhttp://www.eaglemds.com/>


From: Webster [mailto:carlwebs...@gmail.com]
Sent: Thursday, October 14, 2010 12:18 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

>From John's response on Wednesday the 13th:

There's "Always wait for the network at computer startup and 
logon," but I've already got that enabled.


Webster

From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
Subject: RE: Group Policy Problems Over Wireless

Ok, my mistake - thanks for the clarification.

If you're getting all of your policies, but not getting software install, then 
this policy setting will hopefully be your friend:

Computer Configuration --> Administrative Templates --> System --> Logon --> 
Always wait for the network at computer startup and logon

Straight from the explanation of the GPO setting: "Note: If you want to 
guarantee the application of Folder Redirection, Software Installation, or 
roaming user profile settings in just one logon, enable this setting to ensure 
that Windows waits for the network to be available before applying policy."

Note: this GPO setting does not exist prior to AD2003.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


Any medical information contained in this electronic message is CONFIDENTIAL 
and privileged. It is unlawful for unauthorized persons to view, copy, 
disclose, or disseminate CONFIDENTIAL information. This electronic message may 
contain information that is confidential and/or legally privileged. It is 
intended only for the use of the individual(s) and/or entity named as 
recipients in the message. If you are not an intended recipient of this 
message, please notify the sender immediately and delete this material from 
your computer. Do not deliver, distribute or copy this message, and do not 
disclose its contents or take any action in reliance on the information that it 
contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Problems Over Wireless

[John Hornbuckle]

To clarify, they're getting policies. The issue came up because software 
deployment wasn't working-but software deployment happens during system boot, 
and the issue seems to be that the machines are trying to have the software 
deployed before WLAN connectivity is initiated.

Once the system is up and running, it gets policy updates just fine. Machine 
policies that can be updated without requiring a reboot seem to be working 
normally.

John


From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
Sent: Thursday, October 14, 2010 11:43 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

If his machines are not getting machine policies, how will they get the "wait 
for network" policy (without touching every single machine)?

(It is a machine policy as well, is it not?)


Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.commailto:%20jra...@eaglemds.com>
www.eaglemds.comhttp://www.eaglemds.com/>


From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Thursday, October 14, 2010 11:34 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Did you disable the wired adapter as I previously suggested?

If there's no wired adapter and the policy to wait for the network is enabled, 
then Windows should wait for the only network that's available before trying to 
contact a DC.

Carl

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Thursday, October 14, 2010 11:21 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Yeah, I just don't know what to do about it.

The NICs are Broadcom, built into the machines (these are iMacs running Vista 
via Boot Camp). Replacing the NICs isn't an option. Plus, Broadcom NICs are 
pretty common. We're using Windows' built-in wireless management, which I've 
generally had good luck with in the past-better luck than with third-party 
supplicants.

Looking in the event log of a machine that was acting up just now, I see where 
WLAN-AutoConfig starts-but it appears *after* a NETLOGON error saying that the 
machine can't contact a DC. Which makes sense; if NETLOGON is starting before 
WLAN-AutoConfig, the machine won't see a DC or anything else on the network.

What's the solution, though? This seems like an OS problem. Why would MS design 
the OS such that the WLAN doesn't start prior to the machine trying to start 
doing Active Directory stuff?




From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
Sent: Thursday, October 14, 2010 10:50 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Well, to be fair, it is really a wireless AND an OS issue. The OS is loading 
too quickly for the wireless or the wireless is loading too slowly for the OS 
(take your pick). Logon is processing before the network is connected, and 
thus, machine group policies are not applying properly, if at all. A better 
supplicant (and likely a better wireless NIC) will help with the problem.

We've standardized on Intel 5300 and 6200 series chipsets for the client side 
of our 802.11n deployment, along with Intel ProSET, and gone through multiple 
hoops to try and get as fast of a connection to the network as possible prior 
to the CTRL-ALT-DEL screen. We don't get GPO on the firt try every time, 
however a gpupdate /force gets it every time (so far, anyway).


Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.commailto:%20jra...@eaglemds.com>
www.eaglemds.comhttp://www.eaglemds.com/>


From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Thursday, October 14, 2010 10:44 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

I should've bet big.

After plugging in one of the machines, group membership updated perfectly and 
the software was deployed.

We tried a second machine and got the same results.

So, this is almost certainly a wireless issue-not an AD issue.



From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Wednesday, October 13, 2010 2:37 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Yeah, but you won't say how much money until you get the results, will you? :)

If wireless is working well enough to use the computer and do other domain 
kinds of things, it doesn't cause wrong results from gpresult /v.

Have you checked for replication issues among the DC's?

Carl

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, October 13, 2010 2:24 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

I'm 99.9% sure this is a wireless issue, but will get that additional .01% 
assurance shortly. I have a technician plugging one of th

RE: Group Policy Problems Over Wireless

[John Hornbuckle]

Oh, wow... I missed that, Carl! Let me give that a shot.



From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Thursday, October 14, 2010 11:34 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Did you disable the wired adapter as I previously suggested?

If there's no wired adapter and the policy to wait for the network is enabled, 
then Windows should wait for the only network that's available before trying to 
contact a DC.

Carl

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Thursday, October 14, 2010 11:21 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Yeah, I just don't know what to do about it.

The NICs are Broadcom, built into the machines (these are iMacs running Vista 
via Boot Camp). Replacing the NICs isn't an option. Plus, Broadcom NICs are 
pretty common. We're using Windows' built-in wireless management, which I've 
generally had good luck with in the past-better luck than with third-party 
supplicants.

Looking in the event log of a machine that was acting up just now, I see where 
WLAN-AutoConfig starts-but it appears *after* a NETLOGON error saying that the 
machine can't contact a DC. Which makes sense; if NETLOGON is starting before 
WLAN-AutoConfig, the machine won't see a DC or anything else on the network.

What's the solution, though? This seems like an OS problem. Why would MS design 
the OS such that the WLAN doesn't start prior to the machine trying to start 
doing Active Directory stuff?




From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
Sent: Thursday, October 14, 2010 10:50 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Well, to be fair, it is really a wireless AND an OS issue. The OS is loading 
too quickly for the wireless or the wireless is loading too slowly for the OS 
(take your pick). Logon is processing before the network is connected, and 
thus, machine group policies are not applying properly, if at all. A better 
supplicant (and likely a better wireless NIC) will help with the problem.

We've standardized on Intel 5300 and 6200 series chipsets for the client side 
of our 802.11n deployment, along with Intel ProSET, and gone through multiple 
hoops to try and get as fast of a connection to the network as possible prior 
to the CTRL-ALT-DEL screen. We don't get GPO on the firt try every time, 
however a gpupdate /force gets it every time (so far, anyway).


Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.commailto:%20jra...@eaglemds.com>
www.eaglemds.comhttp://www.eaglemds.com/>


From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Thursday, October 14, 2010 10:44 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

I should've bet big.

After plugging in one of the machines, group membership updated perfectly and 
the software was deployed.

We tried a second machine and got the same results.

So, this is almost certainly a wireless issue-not an AD issue.



From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Wednesday, October 13, 2010 2:37 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Yeah, but you won't say how much money until you get the results, will you? :)

If wireless is working well enough to use the computer and do other domain 
kinds of things, it doesn't cause wrong results from gpresult /v.

Have you checked for replication issues among the DC's?

Carl

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, October 13, 2010 2:24 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

I'm 99.9% sure this is a wireless issue, but will get that additional .01% 
assurance shortly. I have a technician plugging one of the lab machines in to 
see if the problem goes away. I'd bet money it does.

From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Wednesday, October 13, 2010 2:20 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

All things considered, you appear to have a group policy problem unrelated to 
the wireless, something easily proven by taking a problem machine and 
connecting it wired.  The info you've posted about the event ID's was 
insufficient for me to research them further.

Googling the event ID description text may also be useful.  Good luck.

Carl

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, October 13, 2010 1:47 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Yeah, I've done the force. Half a dozen times.

Been to that website, too, but have come up empty in terms of resolving this 
specific issue.

I'm just stumped. Oddly, the deployment worked fine on one o

RE: Group Policy Problems Over Wireless

[Carl Houseman]

Did you disable the wired adapter as I previously suggested?

 

If there's no wired adapter and the policy to wait for the network is
enabled, then Windows should wait for the only network that's available
before trying to contact a DC.

 

Carl

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Thursday, October 14, 2010 11:21 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

Yeah, I just don't know what to do about it.

 

The NICs are Broadcom, built into the machines (these are iMacs running
Vista via Boot Camp). Replacing the NICs isn't an option. Plus, Broadcom
NICs are pretty common. We're using Windows' built-in wireless management,
which I've generally had good luck with in the past-better luck than with
third-party supplicants.

 

Looking in the event log of a machine that was acting up just now, I see
where WLAN-AutoConfig starts-but it appears *after* a NETLOGON error saying
that the machine can't contact a DC. Which makes sense; if NETLOGON is
starting before WLAN-AutoConfig, the machine won't see a DC or anything else
on the network.

 

What's the solution, though? This seems like an OS problem. Why would MS
design the OS such that the WLAN doesn't start prior to the machine trying
to start doing Active Directory stuff?

 

 

 

 

From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] 
Sent: Thursday, October 14, 2010 10:50 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

Well, to be fair, it is really a wireless AND an OS issue. The OS is loading
too quickly for the wireless or the wireless is loading too slowly for the
OS (take your pick). Logon is processing before the network is connected,
and thus, machine group policies are not applying properly, if at all. A
better supplicant (and likely a better wireless NIC) will help with the
problem.

 

We've standardized on Intel 5300 and 6200 series chipsets for the client
side of our 802.11n deployment, along with Intel ProSET, and gone through
multiple hoops to try and get as fast of a connection to the network as
possible prior to the CTRL-ALT-DEL screen. We don't get GPO on the firt try
every time, however a gpupdate /force gets it every time (so far, anyway).

 

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
 mailto:%20jra...@eaglemds.com> jra...@eaglemds.com
 http://www.eaglemds.com/> www.eaglemds.com 

  _  

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Thursday, October 14, 2010 10:44 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

I should've bet big.

 

After plugging in one of the machines, group membership updated perfectly
and the software was deployed.

 

We tried a second machine and got the same results.

 

So, this is almost certainly a wireless issue-not an AD issue.

 

 

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Wednesday, October 13, 2010 2:37 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

Yeah, but you won't say how much money until you get the results, will you?
J

 

If wireless is working well enough to use the computer and do other domain
kinds of things, it doesn't cause wrong results from gpresult /v.

 

Have you checked for replication issues among the DC's?

 

Carl

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, October 13, 2010 2:24 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

I'm 99.9% sure this is a wireless issue, but will get that additional .01%
assurance shortly. I have a technician plugging one of the lab machines in
to see if the problem goes away. I'd bet money it does.

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Wednesday, October 13, 2010 2:20 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

All things considered, you appear to have a group policy problem unrelated
to the wireless, something easily proven by taking a problem machine and
connecting it wired.  The info you've posted about the event ID's was
insufficient for me to research them further.  

 

Googling the event ID description text may also be useful.  Good luck.

 

Carl

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, October 13, 2010 1:47 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

Yeah, I've done the force. Half a dozen times.

 

Been to that website, too, but have come up empty in terms of resolving this
specific issue.

 

I'm just stumped. Oddly, the deployment worked fine on one of the machines
in the lab-and they're all ostensibly the same. I say ostensibly because
clearly there's something different between the one that worked and 

RE: Group Policy Problems Over Wireless

[John Hornbuckle]

Yeah, I just don't know what to do about it.

The NICs are Broadcom, built into the machines (these are iMacs running Vista 
via Boot Camp). Replacing the NICs isn't an option. Plus, Broadcom NICs are 
pretty common. We're using Windows' built-in wireless management, which I've 
generally had good luck with in the past-better luck than with third-party 
supplicants.

Looking in the event log of a machine that was acting up just now, I see where 
WLAN-AutoConfig starts-but it appears *after* a NETLOGON error saying that the 
machine can't contact a DC. Which makes sense; if NETLOGON is starting before 
WLAN-AutoConfig, the machine won't see a DC or anything else on the network.

What's the solution, though? This seems like an OS problem. Why would MS design 
the OS such that the WLAN doesn't start prior to the machine trying to start 
doing Active Directory stuff?




From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
Sent: Thursday, October 14, 2010 10:50 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Well, to be fair, it is really a wireless AND an OS issue. The OS is loading 
too quickly for the wireless or the wireless is loading too slowly for the OS 
(take your pick). Logon is processing before the network is connected, and 
thus, machine group policies are not applying properly, if at all. A better 
supplicant (and likely a better wireless NIC) will help with the problem.

We've standardized on Intel 5300 and 6200 series chipsets for the client side 
of our 802.11n deployment, along with Intel ProSET, and gone through multiple 
hoops to try and get as fast of a connection to the network as possible prior 
to the CTRL-ALT-DEL screen. We don't get GPO on the firt try every time, 
however a gpupdate /force gets it every time (so far, anyway).


Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.commailto:%20jra...@eaglemds.com>
www.eaglemds.comhttp://www.eaglemds.com/>


From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Thursday, October 14, 2010 10:44 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

I should've bet big.

After plugging in one of the machines, group membership updated perfectly and 
the software was deployed.

We tried a second machine and got the same results.

So, this is almost certainly a wireless issue-not an AD issue.



From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Wednesday, October 13, 2010 2:37 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Yeah, but you won't say how much money until you get the results, will you? :)

If wireless is working well enough to use the computer and do other domain 
kinds of things, it doesn't cause wrong results from gpresult /v.

Have you checked for replication issues among the DC's?

Carl

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, October 13, 2010 2:24 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

I'm 99.9% sure this is a wireless issue, but will get that additional .01% 
assurance shortly. I have a technician plugging one of the lab machines in to 
see if the problem goes away. I'd bet money it does.

From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Wednesday, October 13, 2010 2:20 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

All things considered, you appear to have a group policy problem unrelated to 
the wireless, something easily proven by taking a problem machine and 
connecting it wired.  The info you've posted about the event ID's was 
insufficient for me to research them further.

Googling the event ID description text may also be useful.  Good luck.

Carl

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, October 13, 2010 1:47 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Yeah, I've done the force. Half a dozen times.

Been to that website, too, but have come up empty in terms of resolving this 
specific issue.

I'm just stumped. Oddly, the deployment worked fine on one of the machines in 
the lab-and they're all ostensibly the same. I say ostensibly because clearly 
there's something different between the one that worked and the ones that 
didn't, but I have no clue what.



From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Wednesday, October 13, 2010 1:02 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

gpupdate /force

Also eventid.net is your friend.

Carl

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, October 13, 2010 12:38 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Gpresult /v shows something

RE: Group Policy Problems Over Wireless

[Raper, Jonathan - Eagle]

Well, to be fair, it is really a wireless AND an OS issue. The OS is loading 
too quickly for the wireless or the wireless is loading too slowly for the OS 
(take your pick). Logon is processing before the network is connected, and 
thus, machine group policies are not applying properly, if at all. A better 
supplicant (and likely a better wireless NIC) will help with the problem.

We've standardized on Intel 5300 and 6200 series chipsets for the client side 
of our 802.11n deployment, along with Intel ProSET, and gone through multiple 
hoops to try and get as fast of a connection to the network as possible prior 
to the CTRL-ALT-DEL screen. We don't get GPO on the firt try every time, 
however a gpupdate /force gets it every time (so far, anyway).


Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.commailto:%20jra...@eaglemds.com>
www.eaglemds.comhttp://www.eaglemds.com/>


From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Thursday, October 14, 2010 10:44 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

I should've bet big.

After plugging in one of the machines, group membership updated perfectly and 
the software was deployed.

We tried a second machine and got the same results.

So, this is almost certainly a wireless issue-not an AD issue.



From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Wednesday, October 13, 2010 2:37 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Yeah, but you won't say how much money until you get the results, will you? :)

If wireless is working well enough to use the computer and do other domain 
kinds of things, it doesn't cause wrong results from gpresult /v.

Have you checked for replication issues among the DC's?

Carl

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, October 13, 2010 2:24 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

I'm 99.9% sure this is a wireless issue, but will get that additional .01% 
assurance shortly. I have a technician plugging one of the lab machines in to 
see if the problem goes away. I'd bet money it does.

From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Wednesday, October 13, 2010 2:20 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

All things considered, you appear to have a group policy problem unrelated to 
the wireless, something easily proven by taking a problem machine and 
connecting it wired.  The info you've posted about the event ID's was 
insufficient for me to research them further.

Googling the event ID description text may also be useful.  Good luck.

Carl

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, October 13, 2010 1:47 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Yeah, I've done the force. Half a dozen times.

Been to that website, too, but have come up empty in terms of resolving this 
specific issue.

I'm just stumped. Oddly, the deployment worked fine on one of the machines in 
the lab-and they're all ostensibly the same. I say ostensibly because clearly 
there's something different between the one that worked and the ones that 
didn't, but I have no clue what.



From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Wednesday, October 13, 2010 1:02 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

gpupdate /force

Also eventid.net is your friend.

Carl

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, October 13, 2010 12:38 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Gpresult /v shows something odd. Below is an edited version of the results. The 
"TCHS SMART Sync 2010 Student Computer Assignment Policy" is the policy that 
pushes down the app. But it only does so to machines that are members of a 
group called "TCHS SMART Sync 2010 Student Computers." Now, the computer in 
question (TCHS-115-S02) *is* a member of that group, as confirmed by looking in 
ADUC. Yet gpresult says it's not.

So if the machine doesn't know it's a member of the group, why is it trying to 
apply the software assignment policy at all? I don't get that.

And the assignment is failing with event IDs 101, 102, and 108.


Applied Group Policy Objects
-
TCHS SMART Sync 2010 Student Computer Assignment Policy

The following GPOs were not applied because they were filtered out
---

The computer is a part of the following security groups
---
BUILTIN\Administrators
Everyone
BUILT

RE: Group Policy Problems Over Wireless

[John Hornbuckle]

I should've bet big.

After plugging in one of the machines, group membership updated perfectly and 
the software was deployed.

We tried a second machine and got the same results.

So, this is almost certainly a wireless issue-not an AD issue.



From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Wednesday, October 13, 2010 2:37 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Yeah, but you won't say how much money until you get the results, will you? :)

If wireless is working well enough to use the computer and do other domain 
kinds of things, it doesn't cause wrong results from gpresult /v.

Have you checked for replication issues among the DC's?

Carl

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, October 13, 2010 2:24 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

I'm 99.9% sure this is a wireless issue, but will get that additional .01% 
assurance shortly. I have a technician plugging one of the lab machines in to 
see if the problem goes away. I'd bet money it does.

From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Wednesday, October 13, 2010 2:20 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

All things considered, you appear to have a group policy problem unrelated to 
the wireless, something easily proven by taking a problem machine and 
connecting it wired.  The info you've posted about the event ID's was 
insufficient for me to research them further.

Googling the event ID description text may also be useful.  Good luck.

Carl

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, October 13, 2010 1:47 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Yeah, I've done the force. Half a dozen times.

Been to that website, too, but have come up empty in terms of resolving this 
specific issue.

I'm just stumped. Oddly, the deployment worked fine on one of the machines in 
the lab-and they're all ostensibly the same. I say ostensibly because clearly 
there's something different between the one that worked and the ones that 
didn't, but I have no clue what.



From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Wednesday, October 13, 2010 1:02 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

gpupdate /force

Also eventid.net is your friend.

Carl

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, October 13, 2010 12:38 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Gpresult /v shows something odd. Below is an edited version of the results. The 
"TCHS SMART Sync 2010 Student Computer Assignment Policy" is the policy that 
pushes down the app. But it only does so to machines that are members of a 
group called "TCHS SMART Sync 2010 Student Computers." Now, the computer in 
question (TCHS-115-S02) *is* a member of that group, as confirmed by looking in 
ADUC. Yet gpresult says it's not.

So if the machine doesn't know it's a member of the group, why is it trying to 
apply the software assignment policy at all? I don't get that.

And the assignment is failing with event IDs 101, 102, and 108.


Applied Group Policy Objects
-
TCHS SMART Sync 2010 Student Computer Assignment Policy

The following GPOs were not applied because they were filtered out
---

The computer is a part of the following security groups
---
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
This Organization
TCHS-115-S02$
FCS Computers
TCHS Admin Policy Computers
Domain Computers
System Mandatory Level




From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Wednesday, October 13, 2010 11:50 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

What are you using for a wireless supplicant (program that configures the SSID 
etc.)?  Windows WZC or something specific to the wireless?   Whichever one you 
are using, turn it off and try the other.

Also download and install the latest wireless NIC drivers.

All else being OK, generally the "trick" is to use WZC, but as some have 
indicated, sometimes the vendor utility, assuming it runs as a service, might 
be OK.  I would also disable any wired adapter that may be present.

Also make sure your group policies are in effect using gpresult /v - especially 
the one about always waiting for network.

Carl

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, October 13, 2010 10:26 AM
To: NT System Admin Issues
Subj

RE: Group Policy Prefs

[Joseph L. Casale]

Simple enough, thanks!
jlc

From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu]
Sent: Thursday, October 14, 2010 8:04 AM
To: NT System Admin Issues
Subject: RE: Group Policy Prefs

Yes, you'll have to add a delete action to remove a file, as the remove when no 
longer applied simply won't copy it again when the action is create, replace, 
or update.  I would put the delete at #1.

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Thursday, October 14, 2010 6:35 AM
To: NT System Admin Issues
Subject: Group Policy Prefs

Preparing to do away with a logon script as it looks like GPP's will do all I 
need wrt this script.
I do have a question about File/Folder prefs, we have some access db's that get 
copied from a master red only location to a folder created for a user if he is  
member of a Sec Group. One pain is cleaning this up if/when they are removed 
from the group and no longer need access to it.

If I set "Remove this item when it is no longer applied" it changes the 
behavior to replace so I presume it will copy the db's each time the user logs 
on?
Is there a way around this such that it cleans up after itself if the user is 
removed? I guess I could do item level targeting and use a "Delete" if "Not" in 
the group? Is that the most elegant way to do this?

Thanks guys!
jlc

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Prefs

[Miller Bonnie L .]

Yes, you'll have to add a delete action to remove a file, as the remove when no 
longer applied simply won't copy it again when the action is create, replace, 
or update.  I would put the delete at #1.

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Thursday, October 14, 2010 6:35 AM
To: NT System Admin Issues
Subject: Group Policy Prefs

Preparing to do away with a logon script as it looks like GPP's will do all I 
need wrt this script.
I do have a question about File/Folder prefs, we have some access db's that get 
copied from a master red only location to a folder created for a user if he is  
member of a Sec Group. One pain is cleaning this up if/when they are removed 
from the group and no longer need access to it.

If I set "Remove this item when it is no longer applied" it changes the 
behavior to replace so I presume it will copy the db's each time the user logs 
on?
Is there a way around this such that it cleans up after itself if the user is 
removed? I guess I could do item level targeting and use a "Delete" if "Not" in 
the group? Is that the most elegant way to do this?

Thanks guys!
jlc

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Problems Over Wireless

[Carl Houseman]

Time to revise the understanding.  PSK or 802.1x authentication makes no
difference.  What makes a difference is that the wireless supplicant starts
before login.  If you use Windows to configure wireless, the Windows
supplicant service ("Wireless zero config" or "WLAN AutoConfig") starts prior
to login.

 

Carl

 

From: Mike Gill [mailto:lis...@canbyfoursquare.com] 
Sent: Wednesday, October 13, 2010 7:19 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

I was of the understanding that you have to use 802.1x machine based
authentication for application deployment (and some other group policy
settings) with wireless connected computers, due to the network not being
available until after logon. Oddly, this option is not available if I use the
Win7 RSAT to connect to my Win2K3 DC.

 

-- 
Mike Gill

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, October 13, 2010 11:24 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

I'm 99.9% sure this is a wireless issue, but will get that additional .01%
assurance shortly. I have a technician plugging one of the lab machines in to
see if the problem goes away. I'd bet money it does.

 

 

 

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Wednesday, October 13, 2010 2:20 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

All things considered, you appear to have a group policy problem unrelated to
the wireless, something easily proven by taking a problem machine and
connecting it wired.  The info you've posted about the event ID's was
insufficient for me to research them further.  

 

Googling the event ID description text may also be useful.  Good luck.

 

Carl

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, October 13, 2010 1:47 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

Yeah, I've done the force. Half a dozen times.

 

Been to that website, too, but have come up empty in terms of resolving this
specific issue.

 

I'm just stumped. Oddly, the deployment worked fine on one of the machines in
the lab-and they're all ostensibly the same. I say ostensibly because clearly
there's something different between the one that worked and the ones that
didn't, but I have no clue what.

 

 

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Wednesday, October 13, 2010 1:02 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

gpupdate /force

 

Also eventid.net is your friend.

 

Carl

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, October 13, 2010 12:38 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

Gpresult /v shows something odd. Below is an edited version of the results.
The "TCHS SMART Sync 2010 Student Computer Assignment Policy" is the policy
that pushes down the app. But it only does so to machines that are members of
a group called "TCHS SMART Sync 2010 Student Computers." Now, the computer in
question (TCHS-115-S02) *is* a member of that group, as confirmed by looking
in ADUC. Yet gpresult says it's not. 

 

So if the machine doesn't know it's a member of the group, why is it trying
to apply the software assignment policy at all? I don't get that.

 

And the assignment is failing with event IDs 101, 102, and 108.

 

 

Applied Group Policy Objects

-

TCHS SMART Sync 2010 Student Computer Assignment Policy

 

The following GPOs were not applied because they were filtered out

---

 

The computer is a part of the following security groups

---

BUILTIN\Administrators

Everyone

BUILTIN\Users

NT AUTHORITY\NETWORK

NT AUTHORITY\Authenticated Users

This Organization

TCHS-115-S02$

FCS Computers

TCHS Admin Policy Computers

Domain Computers

System Mandatory Level

 

 

 

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Wednesday, October 13, 2010 11:50 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

What are you using for a wireless supplicant (program that configures the
SSID etc.)?  Windows WZC or something specific to the wireless?   Whichever
one you are using, turn it off and try the other.

 

Also download and install the latest wireless NIC drivers.

 

All else being OK, generally the "trick" is to use WZC, but as some have
indicated, sometimes the vendor utility, assuming it runs as a service, might
be OK.  I would also disable any wired adapter that may be present.

 

Also make sure your group poli

RE: Group Policy Problems Over Wireless

[Mike Gill]

I was of the understanding that you have to use 802.1x machine based
authentication for application deployment (and some other group policy
settings) with wireless connected computers, due to the network not being
available until after logon. Oddly, this option is not available if I use
the Win7 RSAT to connect to my Win2K3 DC.

 

-- 
Mike Gill

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, October 13, 2010 11:24 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

I'm 99.9% sure this is a wireless issue, but will get that additional .01%
assurance shortly. I have a technician plugging one of the lab machines in
to see if the problem goes away. I'd bet money it does.

 

 

 

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Wednesday, October 13, 2010 2:20 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

All things considered, you appear to have a group policy problem unrelated
to the wireless, something easily proven by taking a problem machine and
connecting it wired.  The info you've posted about the event ID's was
insufficient for me to research them further.  

 

Googling the event ID description text may also be useful.  Good luck.

 

Carl

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, October 13, 2010 1:47 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

Yeah, I've done the force. Half a dozen times.

 

Been to that website, too, but have come up empty in terms of resolving this
specific issue.

 

I'm just stumped. Oddly, the deployment worked fine on one of the machines
in the lab-and they're all ostensibly the same. I say ostensibly because
clearly there's something different between the one that worked and the ones
that didn't, but I have no clue what.

 

 

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Wednesday, October 13, 2010 1:02 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

gpupdate /force

 

Also eventid.net is your friend.

 

Carl

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, October 13, 2010 12:38 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

Gpresult /v shows something odd. Below is an edited version of the results.
The "TCHS SMART Sync 2010 Student Computer Assignment Policy" is the policy
that pushes down the app. But it only does so to machines that are members
of a group called "TCHS SMART Sync 2010 Student Computers." Now, the
computer in question (TCHS-115-S02) *is* a member of that group, as
confirmed by looking in ADUC. Yet gpresult says it's not. 

 

So if the machine doesn't know it's a member of the group, why is it trying
to apply the software assignment policy at all? I don't get that.

 

And the assignment is failing with event IDs 101, 102, and 108.

 

 

Applied Group Policy Objects

-

TCHS SMART Sync 2010 Student Computer Assignment Policy

 

The following GPOs were not applied because they were filtered out

---

 

The computer is a part of the following security groups

---

BUILTIN\Administrators

Everyone

BUILTIN\Users

NT AUTHORITY\NETWORK

NT AUTHORITY\Authenticated Users

This Organization

TCHS-115-S02$

FCS Computers

TCHS Admin Policy Computers

Domain Computers

System Mandatory Level

 

 

 

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Wednesday, October 13, 2010 11:50 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

What are you using for a wireless supplicant (program that configures the
SSID etc.)?  Windows WZC or something specific to the wireless?   Whichever
one you are using, turn it off and try the other.

 

Also download and install the latest wireless NIC drivers.

 

All else being OK, generally the "trick" is to use WZC, but as some have
indicated, sometimes the vendor utility, assuming it runs as a service,
might be OK.  I would also disable any wired adapter that may be present.

 

Also make sure your group policies are in effect using gpresult /v -
especially the one about always waiting for network.

 

Carl

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, October 13, 2010 10:26 AM
To: NT System Admin Issues
Subject: Group Policy Problems Over Wireless

 

Short version:

Is there a trick to improving group policy processing when accessing the
network wirelessly?

 

 

Long version:

We have a lab with machines that have Broadcom wireless NICs in them. Vista
OS, connecting

Re: Group Policy Problems Over Wireless

[Andrew S. Baker]

I'm inclined to agree here.   This looks to be an issue beyond mere group
policy.

What does RSoP indicate for various systems?


*-ASB*
On Wed, Oct 13, 2010 at 2:20 PM, Carl Houseman  wrote:

>  All things considered, you appear to have a group policy problem
> unrelated to the wireless, something easily proven by taking a problem
> machine and connecting it wired.  The info you've posted about the event
> ID's was insufficient for me to research them further.
>
>
>
> Googling the event ID description text may also be useful.  Good luck.
>
>
>
> Carl
>
>
>
> *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> *Sent:* Wednesday, October 13, 2010 1:47 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Group Policy Problems Over Wireless
>
>
>
> Yeah, I’ve done the force. Half a dozen times.
>
>
>
> Been to that website, too, but have come up empty in terms of resolving
> this specific issue.
>
>
>
> I’m just stumped. Oddly, the deployment worked fine on one of the machines
> in the lab—and they’re all ostensibly the same. I say ostensibly because
> clearly there’s something different between the one that worked and the ones
> that didn’t, but I have no clue what.
>
>
>
>
>
>
>
> *From:* Carl Houseman [mailto:c.house...@gmail.com]
> *Sent:* Wednesday, October 13, 2010 1:02 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Group Policy Problems Over Wireless
>
>
>
> gpupdate /force
>
>
>
> Also eventid.net is your friend.
>
>
>
> Carl
>
>
>
> *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> *Sent:* Wednesday, October 13, 2010 12:38 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Group Policy Problems Over Wireless
>
>
>
> Gpresult /v shows something odd. Below is an edited version of the results.
> The “TCHS SMART Sync 2010 Student Computer Assignment Policy” is the policy
> that pushes down the app. But it only does so to machines that are members
> of a group called “TCHS SMART Sync 2010 Student Computers.” Now, the
> computer in question (TCHS-115-S02) **is** a member of that group, as
> confirmed by looking in ADUC. Yet gpresult says it’s not.
>
>
>
> So if the machine doesn’t know it’s a member of the group, why is it trying
> to apply the software assignment policy at all? I don’t get that.
>
>
>
> And the assignment is failing with event IDs 101, 102, and 108.
>
>
>
>
>
> Applied Group Policy Objects
>
> -
>
> TCHS SMART Sync 2010 Student Computer Assignment Policy
>
>
>
> The following GPOs were not applied because they were filtered out
>
> ---
>
>
>
> The computer is a part of the following security groups
>
> ---
>
> BUILTIN\Administrators
>
> Everyone
>
> BUILTIN\Users
>
> NT AUTHORITY\NETWORK
>
> NT AUTHORITY\Authenticated Users
>
> This Organization
>
> TCHS-115-S02$
>
> FCS Computers
>
> TCHS Admin Policy Computers
>
> Domain Computers
>
> System Mandatory Level
>
>
>
>
>
>
>
>
>
> *From:* Carl Houseman [mailto:c.house...@gmail.com]
> *Sent:* Wednesday, October 13, 2010 11:50 AM
> *To:* NT System Admin Issues
> *Subject:* RE: Group Policy Problems Over Wireless
>
>
>
> What are you using for a wireless supplicant (program that configures the
> SSID etc.)?  Windows WZC or something specific to the wireless?   Whichever
> one you are using, turn it off and try the other.
>
>
>
> Also download and install the latest wireless NIC drivers.
>
>
>
> All else being OK, generally the "trick" is to use WZC, but as some have
> indicated, sometimes the vendor utility, assuming it runs as a service,
> might be OK.  I would also disable any wired adapter that may be present.
>
>
>
> Also make sure your group policies are in effect using gpresult /v –
> especially the one about always waiting for network.
>
>
>
> Carl
>
>
>
> *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> *Sent:* Wednesday, October 13, 2010 10:26 AM
> *To:* NT System Admin Issues
> *Subject:* Group Policy Problems Over Wireless
>
>
>
> Short version:
>
> *Is there a trick to improving group policy processing when accessing the
> network wirelessly?*
>
>
>
>
>
> Long version:
>
> We have a lab with machines that have Broadcom wireless NICs in the

RE: Group Policy Problems Over Wireless

[Carl Houseman]

Yeah, but you won't say how much money until you get the results, will you? J

 

If wireless is working well enough to use the computer and do other domain
kinds of things, it doesn't cause wrong results from gpresult /v.

 

Have you checked for replication issues among the DC's?

 

Carl

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, October 13, 2010 2:24 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

I'm 99.9% sure this is a wireless issue, but will get that additional .01%
assurance shortly. I have a technician plugging one of the lab machines in to
see if the problem goes away. I'd bet money it does.

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Wednesday, October 13, 2010 2:20 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

All things considered, you appear to have a group policy problem unrelated to
the wireless, something easily proven by taking a problem machine and
connecting it wired.  The info you've posted about the event ID's was
insufficient for me to research them further.  

 

Googling the event ID description text may also be useful.  Good luck.

 

Carl

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, October 13, 2010 1:47 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

Yeah, I've done the force. Half a dozen times.

 

Been to that website, too, but have come up empty in terms of resolving this
specific issue.

 

I'm just stumped. Oddly, the deployment worked fine on one of the machines in
the lab-and they're all ostensibly the same. I say ostensibly because clearly
there's something different between the one that worked and the ones that
didn't, but I have no clue what.

 

 

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Wednesday, October 13, 2010 1:02 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

gpupdate /force

 

Also eventid.net is your friend.

 

Carl

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, October 13, 2010 12:38 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

Gpresult /v shows something odd. Below is an edited version of the results.
The "TCHS SMART Sync 2010 Student Computer Assignment Policy" is the policy
that pushes down the app. But it only does so to machines that are members of
a group called "TCHS SMART Sync 2010 Student Computers." Now, the computer in
question (TCHS-115-S02) *is* a member of that group, as confirmed by looking
in ADUC. Yet gpresult says it's not. 

 

So if the machine doesn't know it's a member of the group, why is it trying
to apply the software assignment policy at all? I don't get that.

 

And the assignment is failing with event IDs 101, 102, and 108.

 

 

Applied Group Policy Objects

-

TCHS SMART Sync 2010 Student Computer Assignment Policy

 

The following GPOs were not applied because they were filtered out

---

 

The computer is a part of the following security groups

---

BUILTIN\Administrators

Everyone

BUILTIN\Users

NT AUTHORITY\NETWORK

NT AUTHORITY\Authenticated Users

This Organization

TCHS-115-S02$

FCS Computers

TCHS Admin Policy Computers

Domain Computers

System Mandatory Level

 

 

 

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Wednesday, October 13, 2010 11:50 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

What are you using for a wireless supplicant (program that configures the
SSID etc.)?  Windows WZC or something specific to the wireless?   Whichever
one you are using, turn it off and try the other.

 

Also download and install the latest wireless NIC drivers.

 

All else being OK, generally the "trick" is to use WZC, but as some have
indicated, sometimes the vendor utility, assuming it runs as a service, might
be OK.  I would also disable any wired adapter that may be present.

 

Also make sure your group policies are in effect using gpresult /v -
especially the one about always waiting for network.

 

Carl

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, October 13, 2010 10:26 AM
To: NT System Admin Issues
Subject: Group Policy Problems Over Wireless

 

Short version:

Is there a trick to improving group policy processing when accessing the
network wirelessly?

 

 

Long version:

We have a lab with machines that have Broadcom wireless NICs in them. Vista
OS, connecting to Server 2008 R2 DC.

 

I'm trying to deploy 

RE: Group Policy Problems Over Wireless

[John Hornbuckle]

D'oh!


From: Webster [mailto:carlwebs...@gmail.com]
Sent: Wednesday, October 13, 2010 2:34 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Then you will be 99.91% sure!


Webster

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Subject: RE: Group Policy Problems Over Wireless

I'm 99.9% sure this is a wireless issue, but will get that additional .01% 
assurance shortly. I have a technician plugging one of the lab machines in to 
see if the problem goes away. I'd bet money it does.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Problems Over Wireless

[Webster]

Then you will be 99.91% sure!

 

 

Webster

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Subject: RE: Group Policy Problems Over Wireless

 

I'm 99.9% sure this is a wireless issue, but will get that additional .01%
assurance shortly. I have a technician plugging one of the lab machines in
to see if the problem goes away. I'd bet money it does.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Problems Over Wireless

[John Hornbuckle]

I'm 99.9% sure this is a wireless issue, but will get that additional .01% 
assurance shortly. I have a technician plugging one of the lab machines in to 
see if the problem goes away. I'd bet money it does.




From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Wednesday, October 13, 2010 2:20 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

All things considered, you appear to have a group policy problem unrelated to 
the wireless, something easily proven by taking a problem machine and 
connecting it wired.  The info you've posted about the event ID's was 
insufficient for me to research them further.

Googling the event ID description text may also be useful.  Good luck.

Carl

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, October 13, 2010 1:47 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Yeah, I've done the force. Half a dozen times.

Been to that website, too, but have come up empty in terms of resolving this 
specific issue.

I'm just stumped. Oddly, the deployment worked fine on one of the machines in 
the lab-and they're all ostensibly the same. I say ostensibly because clearly 
there's something different between the one that worked and the ones that 
didn't, but I have no clue what.



From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Wednesday, October 13, 2010 1:02 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

gpupdate /force

Also eventid.net is your friend.

Carl

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, October 13, 2010 12:38 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Gpresult /v shows something odd. Below is an edited version of the results. The 
"TCHS SMART Sync 2010 Student Computer Assignment Policy" is the policy that 
pushes down the app. But it only does so to machines that are members of a 
group called "TCHS SMART Sync 2010 Student Computers." Now, the computer in 
question (TCHS-115-S02) *is* a member of that group, as confirmed by looking in 
ADUC. Yet gpresult says it's not.

So if the machine doesn't know it's a member of the group, why is it trying to 
apply the software assignment policy at all? I don't get that.

And the assignment is failing with event IDs 101, 102, and 108.


Applied Group Policy Objects
-
TCHS SMART Sync 2010 Student Computer Assignment Policy

The following GPOs were not applied because they were filtered out
---

The computer is a part of the following security groups
---
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
This Organization
TCHS-115-S02$
FCS Computers
TCHS Admin Policy Computers
Domain Computers
System Mandatory Level




From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Wednesday, October 13, 2010 11:50 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

What are you using for a wireless supplicant (program that configures the SSID 
etc.)?  Windows WZC or something specific to the wireless?   Whichever one you 
are using, turn it off and try the other.

Also download and install the latest wireless NIC drivers.

All else being OK, generally the "trick" is to use WZC, but as some have 
indicated, sometimes the vendor utility, assuming it runs as a service, might 
be OK.  I would also disable any wired adapter that may be present.

Also make sure your group policies are in effect using gpresult /v - especially 
the one about always waiting for network.

Carl

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, October 13, 2010 10:26 AM
To: NT System Admin Issues
Subject: Group Policy Problems Over Wireless

Short version:
Is there a trick to improving group policy processing when accessing the 
network wirelessly?


Long version:
We have a lab with machines that have Broadcom wireless NICs in them. Vista OS, 
connecting to Server 2008 R2 DC.

I'm trying to deploy a piece of software to these machines via Group Policy. I 
have things setup so that if the machine is a member of a certain group, the 
software is deployed. Unfortunately, it only worked correctly on one of the 
machines-on all the rest, the software isn't being deployed.

So I connect to any of the machines that didn't get the software, and run 
gpresult. It doesn't show me that those machines are members of the group that 
gets the software. But I know they are; I've confirmed in ADUC on the DC. 
They're just not picking up group membership.

Looking at the event log

RE: Group Policy Problems Over Wireless

[Carl Houseman]

All things considered, you appear to have a group policy problem unrelated to
the wireless, something easily proven by taking a problem machine and
connecting it wired.  The info you've posted about the event ID's was
insufficient for me to research them further.  

 

Googling the event ID description text may also be useful.  Good luck.

 

Carl

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, October 13, 2010 1:47 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

Yeah, I've done the force. Half a dozen times.

 

Been to that website, too, but have come up empty in terms of resolving this
specific issue.

 

I'm just stumped. Oddly, the deployment worked fine on one of the machines in
the lab-and they're all ostensibly the same. I say ostensibly because clearly
there's something different between the one that worked and the ones that
didn't, but I have no clue what.

 

 

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Wednesday, October 13, 2010 1:02 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

gpupdate /force

 

Also eventid.net is your friend.

 

Carl

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, October 13, 2010 12:38 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

Gpresult /v shows something odd. Below is an edited version of the results.
The "TCHS SMART Sync 2010 Student Computer Assignment Policy" is the policy
that pushes down the app. But it only does so to machines that are members of
a group called "TCHS SMART Sync 2010 Student Computers." Now, the computer in
question (TCHS-115-S02) *is* a member of that group, as confirmed by looking
in ADUC. Yet gpresult says it's not. 

 

So if the machine doesn't know it's a member of the group, why is it trying
to apply the software assignment policy at all? I don't get that.

 

And the assignment is failing with event IDs 101, 102, and 108.

 

 

Applied Group Policy Objects

-

TCHS SMART Sync 2010 Student Computer Assignment Policy

 

The following GPOs were not applied because they were filtered out

---

 

The computer is a part of the following security groups

---

BUILTIN\Administrators

Everyone

BUILTIN\Users

NT AUTHORITY\NETWORK

NT AUTHORITY\Authenticated Users

This Organization

TCHS-115-S02$

FCS Computers

TCHS Admin Policy Computers

Domain Computers

System Mandatory Level

 

 

 

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Wednesday, October 13, 2010 11:50 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

What are you using for a wireless supplicant (program that configures the
SSID etc.)?  Windows WZC or something specific to the wireless?   Whichever
one you are using, turn it off and try the other.

 

Also download and install the latest wireless NIC drivers.

 

All else being OK, generally the "trick" is to use WZC, but as some have
indicated, sometimes the vendor utility, assuming it runs as a service, might
be OK.  I would also disable any wired adapter that may be present.

 

Also make sure your group policies are in effect using gpresult /v -
especially the one about always waiting for network.

 

Carl

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, October 13, 2010 10:26 AM
To: NT System Admin Issues
Subject: Group Policy Problems Over Wireless

 

Short version:

Is there a trick to improving group policy processing when accessing the
network wirelessly?

 

 

Long version:

We have a lab with machines that have Broadcom wireless NICs in them. Vista
OS, connecting to Server 2008 R2 DC.

 

I'm trying to deploy a piece of software to these machines via Group Policy.
I have things setup so that if the machine is a member of a certain group,
the software is deployed. Unfortunately, it only worked correctly on one of
the machines-on all the rest, the software isn't being deployed.

 

So I connect to any of the machines that didn't get the software, and run
gpresult. It doesn't show me that those machines are members of the group
that gets the software. But I know they are; I've confirmed in ADUC on the
DC. They're just not picking up group membership.

 

Looking at the event log for events that happen around startup, I see things
that make me think group policy processing is trying to happen prior to the
wireless network being initialized. Things like:

 

Event ID 5719 (There are currently no logon servers available to service the
logon request.)

Event ID 129 

RE: Group Policy Problems Over Wireless

[John Hornbuckle]

Yeah, I've done the force. Half a dozen times.

Been to that website, too, but have come up empty in terms of resolving this 
specific issue.

I'm just stumped. Oddly, the deployment worked fine on one of the machines in 
the lab-and they're all ostensibly the same. I say ostensibly because clearly 
there's something different between the one that worked and the ones that 
didn't, but I have no clue what.



From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Wednesday, October 13, 2010 1:02 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

gpupdate /force

Also eventid.net is your friend.

Carl

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, October 13, 2010 12:38 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Gpresult /v shows something odd. Below is an edited version of the results. The 
"TCHS SMART Sync 2010 Student Computer Assignment Policy" is the policy that 
pushes down the app. But it only does so to machines that are members of a 
group called "TCHS SMART Sync 2010 Student Computers." Now, the computer in 
question (TCHS-115-S02) *is* a member of that group, as confirmed by looking in 
ADUC. Yet gpresult says it's not.

So if the machine doesn't know it's a member of the group, why is it trying to 
apply the software assignment policy at all? I don't get that.

And the assignment is failing with event IDs 101, 102, and 108.


Applied Group Policy Objects
-
TCHS SMART Sync 2010 Student Computer Assignment Policy

The following GPOs were not applied because they were filtered out
---

The computer is a part of the following security groups
---
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
This Organization
TCHS-115-S02$
FCS Computers
TCHS Admin Policy Computers
Domain Computers
System Mandatory Level




From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Wednesday, October 13, 2010 11:50 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

What are you using for a wireless supplicant (program that configures the SSID 
etc.)?  Windows WZC or something specific to the wireless?   Whichever one you 
are using, turn it off and try the other.

Also download and install the latest wireless NIC drivers.

All else being OK, generally the "trick" is to use WZC, but as some have 
indicated, sometimes the vendor utility, assuming it runs as a service, might 
be OK.  I would also disable any wired adapter that may be present.

Also make sure your group policies are in effect using gpresult /v - especially 
the one about always waiting for network.

Carl

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, October 13, 2010 10:26 AM
To: NT System Admin Issues
Subject: Group Policy Problems Over Wireless

Short version:
Is there a trick to improving group policy processing when accessing the 
network wirelessly?


Long version:
We have a lab with machines that have Broadcom wireless NICs in them. Vista OS, 
connecting to Server 2008 R2 DC.

I'm trying to deploy a piece of software to these machines via Group Policy. I 
have things setup so that if the machine is a member of a certain group, the 
software is deployed. Unfortunately, it only worked correctly on one of the 
machines-on all the rest, the software isn't being deployed.

So I connect to any of the machines that didn't get the software, and run 
gpresult. It doesn't show me that those machines are members of the group that 
gets the software. But I know they are; I've confirmed in ADUC on the DC. 
They're just not picking up group membership.

Looking at the event log for events that happen around startup, I see things 
that make me think group policy processing is trying to happen prior to the 
wireless network being initialized. Things like:

Event ID 5719 (There are currently no logon servers available to service the 
logon request.)
Event ID 129 (NtpClient was unable to set a domain peer to use as a time source 
because of discovery error.)
Event ID 1129 (The processing of Group Policy failed because of lack of network 
connectivity to a domain controller.)

Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del] window. 
You can log in (including as someone who has never logged into the machine 
before), ping the DC, browse to \\domain\syvol, and so 
on. It's just that at that point, group policy processing seems to have given 
up. My machines aren't figuring out that they've been added to a new group.



John Hornbuckle
MIS Department
Taylor C

RE: Group Policy Problems Over Wireless

[Carl Houseman]

gpupdate /force

 

Also eventid.net is your friend.

 

Carl

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, October 13, 2010 12:38 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

Gpresult /v shows something odd. Below is an edited version of the results.
The "TCHS SMART Sync 2010 Student Computer Assignment Policy" is the policy
that pushes down the app. But it only does so to machines that are members of
a group called "TCHS SMART Sync 2010 Student Computers." Now, the computer in
question (TCHS-115-S02) *is* a member of that group, as confirmed by looking
in ADUC. Yet gpresult says it's not. 

 

So if the machine doesn't know it's a member of the group, why is it trying
to apply the software assignment policy at all? I don't get that.

 

And the assignment is failing with event IDs 101, 102, and 108.

 

 

Applied Group Policy Objects

-

TCHS SMART Sync 2010 Student Computer Assignment Policy

 

The following GPOs were not applied because they were filtered out

---

 

The computer is a part of the following security groups

---

BUILTIN\Administrators

Everyone

BUILTIN\Users

NT AUTHORITY\NETWORK

NT AUTHORITY\Authenticated Users

This Organization

TCHS-115-S02$

FCS Computers

TCHS Admin Policy Computers

Domain Computers

System Mandatory Level

 

 

 

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Wednesday, October 13, 2010 11:50 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

 

What are you using for a wireless supplicant (program that configures the
SSID etc.)?  Windows WZC or something specific to the wireless?   Whichever
one you are using, turn it off and try the other.

 

Also download and install the latest wireless NIC drivers.

 

All else being OK, generally the "trick" is to use WZC, but as some have
indicated, sometimes the vendor utility, assuming it runs as a service, might
be OK.  I would also disable any wired adapter that may be present.

 

Also make sure your group policies are in effect using gpresult /v -
especially the one about always waiting for network.

 

Carl

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, October 13, 2010 10:26 AM
To: NT System Admin Issues
Subject: Group Policy Problems Over Wireless

 

Short version:

Is there a trick to improving group policy processing when accessing the
network wirelessly?

 

 

Long version:

We have a lab with machines that have Broadcom wireless NICs in them. Vista
OS, connecting to Server 2008 R2 DC.

 

I'm trying to deploy a piece of software to these machines via Group Policy.
I have things setup so that if the machine is a member of a certain group,
the software is deployed. Unfortunately, it only worked correctly on one of
the machines-on all the rest, the software isn't being deployed.

 

So I connect to any of the machines that didn't get the software, and run
gpresult. It doesn't show me that those machines are members of the group
that gets the software. But I know they are; I've confirmed in ADUC on the
DC. They're just not picking up group membership.

 

Looking at the event log for events that happen around startup, I see things
that make me think group policy processing is trying to happen prior to the
wireless network being initialized. Things like:

 

Event ID 5719 (There are currently no logon servers available to service the
logon request.)

Event ID 129 (NtpClient was unable to set a domain peer to use as a time
source because of discovery error.)

Event ID 1129 (The processing of Group Policy failed because of lack of
network connectivity to a domain controller.)

 

Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del]
window. You can log in (including as someone who has never logged into the
machine before), ping the DC, browse to \\domain\syvol
 , and so on. It's just that at that point, group
policy processing seems to have given up. My machines aren't figuring out
that they've been added to a new group.

 

 

 

John Hornbuckle

MIS Department

Taylor County School District

www.taylor.k12.fl.us

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 
 
NOTICE: Florida has a broad public records law. Most written communications
to or from this entity are public records that will be dis

RE: Group Policy Problems Over Wireless

[John Hornbuckle]

Gpresult /v shows something odd. Below is an edited version of the results. The 
"TCHS SMART Sync 2010 Student Computer Assignment Policy" is the policy that 
pushes down the app. But it only does so to machines that are members of a 
group called "TCHS SMART Sync 2010 Student Computers." Now, the computer in 
question (TCHS-115-S02) *is* a member of that group, as confirmed by looking in 
ADUC. Yet gpresult says it's not.

So if the machine doesn't know it's a member of the group, why is it trying to 
apply the software assignment policy at all? I don't get that.

And the assignment is failing with event IDs 101, 102, and 108.


Applied Group Policy Objects
-
TCHS SMART Sync 2010 Student Computer Assignment Policy

The following GPOs were not applied because they were filtered out
---

The computer is a part of the following security groups
---
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
This Organization
TCHS-115-S02$
FCS Computers
TCHS Admin Policy Computers
Domain Computers
System Mandatory Level




From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Wednesday, October 13, 2010 11:50 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

What are you using for a wireless supplicant (program that configures the SSID 
etc.)?  Windows WZC or something specific to the wireless?   Whichever one you 
are using, turn it off and try the other.

Also download and install the latest wireless NIC drivers.

All else being OK, generally the "trick" is to use WZC, but as some have 
indicated, sometimes the vendor utility, assuming it runs as a service, might 
be OK.  I would also disable any wired adapter that may be present.

Also make sure your group policies are in effect using gpresult /v - especially 
the one about always waiting for network.

Carl

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, October 13, 2010 10:26 AM
To: NT System Admin Issues
Subject: Group Policy Problems Over Wireless

Short version:
Is there a trick to improving group policy processing when accessing the 
network wirelessly?


Long version:
We have a lab with machines that have Broadcom wireless NICs in them. Vista OS, 
connecting to Server 2008 R2 DC.

I'm trying to deploy a piece of software to these machines via Group Policy. I 
have things setup so that if the machine is a member of a certain group, the 
software is deployed. Unfortunately, it only worked correctly on one of the 
machines-on all the rest, the software isn't being deployed.

So I connect to any of the machines that didn't get the software, and run 
gpresult. It doesn't show me that those machines are members of the group that 
gets the software. But I know they are; I've confirmed in ADUC on the DC. 
They're just not picking up group membership.

Looking at the event log for events that happen around startup, I see things 
that make me think group policy processing is trying to happen prior to the 
wireless network being initialized. Things like:

Event ID 5719 (There are currently no logon servers available to service the 
logon request.)
Event ID 129 (NtpClient was unable to set a domain peer to use as a time source 
because of discovery error.)
Event ID 1129 (The processing of Group Policy failed because of lack of network 
connectivity to a domain controller.)

Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del] window. 
You can log in (including as someone who has never logged into the machine 
before), ping the DC, browse to \\domain\syvol, and so 
on. It's just that at that point, group policy processing seems to have given 
up. My machines aren't figuring out that they've been added to a new group.



John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin





NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  

RE: Group Policy Problems Over Wireless

[John Hornbuckle]

The wireless NICs are Broadcom, though, in this case.



From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
Sent: Wednesday, October 13, 2010 11:02 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Good point, but I've experienced the same symptoms he is describing with a 2003 
AD as well. In my specific experience with this type of issue, it seems to boil 
down to the client and the wireless network stack not being fully 
loaded/connected at the time the system is ready to start processing logon to 
the domain. The wireless negotiation/association/authentication/DHCP 
reservation request all take considerably longer than a wired connection does.

I've overcome some of this with the Intel ProSET (which IMHO) is one of the 
most stable wireless supplicants out there for enterprise use. But I still end 
up having to run "gpupdate /force" sometimes.

YMMV, HTH

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.commailto:%20jra...@eaglemds.com>
www.eaglemds.comhttp://www.eaglemds.com/>


From: Webster [mailto:carlwebs...@gmail.com]
Sent: Wednesday, October 13, 2010 10:55 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Software Installation will not happen over what GP determines is a Slow Link on 
2008 and R2.  So turn off Slow Link detection and see if that helps.


Webster

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Subject: Group Policy Problems Over Wireless

Short version:
Is there a trick to improving group policy processing when accessing the 
network wirelessly?


Long version:
We have a lab with machines that have Broadcom wireless NICs in them. Vista OS, 
connecting to Server 2008 R2 DC.

I'm trying to deploy a piece of software to these machines via Group Policy. I 
have things setup so that if the machine is a member of a certain group, the 
software is deployed. Unfortunately, it only worked correctly on one of the 
machines-on all the rest, the software isn't being deployed.

So I connect to any of the machines that didn't get the software, and run 
gpresult. It doesn't show me that those machines are members of the group that 
gets the software. But I know they are; I've confirmed in ADUC on the DC. 
They're just not picking up group membership.

Looking at the event log for events that happen around startup, I see things 
that make me think group policy processing is trying to happen prior to the 
wireless network being initialized. Things like:

Event ID 5719 (There are currently no logon servers available to service the 
logon request.)
Event ID 129 (NtpClient was unable to set a domain peer to use as a time source 
because of discovery error.)
Event ID 1129 (The processing of Group Policy failed because of lack of network 
connectivity to a domain controller.)

Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del] window. 
You can log in (including as someone who has never logged into the machine 
before), ping the DC, browse to \\domain\syvol, and so 
on. It's just that at that point, group policy processing seems to have given 
up. My machines aren't figuring out that they've been added to a new group.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


Any medical information contained in this electronic message is CONFIDENTIAL 
and privileged. It is unlawful for unauthorized persons to view, copy, 
disclose, or disseminate CONFIDENTIAL information. This electronic message may 
contain information that is confidential and/or legally privileged. It is 
intended only for the use of the individual(s) and/or entity named as 
recipients in the message. If you are not an intended recipient of this 
message, please notify the sender immediately and delete this material from 
your computer. Do not deliver, distribute or copy this message, and do not 
disclose its contents or take any action in reliance on the information that it 
contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to t

RE: Group Policy Problems Over Wireless

[John Hornbuckle]

Okay-I've just enabled the "Group Policy slow link detection" setting and set 
the connection speed to 0, which should have the effect of ignoring slow links.

Just for good measure, I also enabled "Software Installation policy processing" 
and selected the "Allow processing across a slow network connection" option.

We'll see what happens.



From: Webster [mailto:carlwebs...@gmail.com]
Sent: Wednesday, October 13, 2010 10:55 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Software Installation will not happen over what GP determines is a Slow Link on 
2008 and R2.  So turn off Slow Link detection and see if that helps.


Webster

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Subject: Group Policy Problems Over Wireless

Short version:
Is there a trick to improving group policy processing when accessing the 
network wirelessly?


Long version:
We have a lab with machines that have Broadcom wireless NICs in them. Vista OS, 
connecting to Server 2008 R2 DC.

I'm trying to deploy a piece of software to these machines via Group Policy. I 
have things setup so that if the machine is a member of a certain group, the 
software is deployed. Unfortunately, it only worked correctly on one of the 
machines-on all the rest, the software isn't being deployed.

So I connect to any of the machines that didn't get the software, and run 
gpresult. It doesn't show me that those machines are members of the group that 
gets the software. But I know they are; I've confirmed in ADUC on the DC. 
They're just not picking up group membership.

Looking at the event log for events that happen around startup, I see things 
that make me think group policy processing is trying to happen prior to the 
wireless network being initialized. Things like:

Event ID 5719 (There are currently no logon servers available to service the 
logon request.)
Event ID 129 (NtpClient was unable to set a domain peer to use as a time source 
because of discovery error.)
Event ID 1129 (The processing of Group Policy failed because of lack of network 
connectivity to a domain controller.)

Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del] window. 
You can log in (including as someone who has never logged into the machine 
before), ping the DC, browse to \\domain\syvol, and so 
on. It's just that at that point, group policy processing seems to have given 
up. My machines aren't figuring out that they've been added to a new group.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Problems Over Wireless

[John Hornbuckle]

These are Vista machines, not XP, if that matters.

I've done gpupdate /force, and it always says that there are policy changes 
that require a reboot. But after the reboot, nothing.

Here's the weird thing... It's one thing for the software to not deploy, but 
what I don't get is why the machines don't show the proper group membership. At 
the very least, I'd have thought that would've worked.



From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
Sent: Wednesday, October 13, 2010 10:57 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

There is one possibility - I've run into this before, but not had a chance to 
test my theory. Fast Sign-on in Windows XP. If it is disabled (which is not 
default) then that might solve the issue. Of course, that will increase your 
logon times, and that policy is a machine policy, so you'd have to connect the 
machines wired, boot them up...and that would apply the GPO you're trying to 
apply in the first place...

*eyeroll*

Have you tried a gpupdate /force once the client is booted, and if so, does 
that work? I've had success with that... If that works, you could script that 
to run once the user logs in, which would force them to reboot for the policies 
to take affect...


Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.commailto:%20jra...@eaglemds.com>
www.eaglemds.comhttp://www.eaglemds.com/>


From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, October 13, 2010 10:46 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

The policy for installing the software is a computer policy, not a user 
policy-so it should be happening before login ever occurs.

The user policies and scripts work just fine, all the time. Because it seems 
that once you get to the login screen, things are up and running-but the system 
seems to have given up on processing computer policies at that point.



From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Wednesday, October 13, 2010 10:43 AM
To: NT System Admin Issues
Subject: Re: Group Policy Problems Over Wireless

Does logging in twice initiate the software install, or not?
On 13 October 2010 15:39, John Hornbuckle 
mailto:john.hornbuc...@taylor.k12.fl.us>> 
wrote:
There's "Always wait for the network at computer startup and logon," but I've 
already got that enabled.




John




From: James Rankin [mailto:kz2...@googlemail.com<mailto:kz2...@googlemail.com>]
Sent: Wednesday, October 13, 2010 10:37 AM
To: NT System Admin Issues
Subject: Re: Group Policy Problems Over Wireless

isn't there a "wait for the network to initialize" GPO setting that you can put 
down so that it won't try to install software until the network is fully 
operational?

I can't get into GPMC at the moment to confirm - keeps crashing cos of the Wyse 
Device Manager snap-in. Grrr
On 13 October 2010 15:25, John Hornbuckle 
mailto:john.hornbuc...@taylor.k12.fl.us>> 
wrote:
Short version:
Is there a trick to improving group policy processing when accessing the 
network wirelessly?


Long version:
We have a lab with machines that have Broadcom wireless NICs in them. Vista OS, 
connecting to Server 2008 R2 DC.

I'm trying to deploy a piece of software to these machines via Group Policy. I 
have things setup so that if the machine is a member of a certain group, the 
software is deployed. Unfortunately, it only worked correctly on one of the 
machines-on all the rest, the software isn't being deployed.

So I connect to any of the machines that didn't get the software, and run 
gpresult. It doesn't show me that those machines are members of the group that 
gets the software. But I know they are; I've confirmed in ADUC on the DC. 
They're just not picking up group membership.

Looking at the event log for events that happen around startup, I see things 
that make me think group policy processing is trying to happen prior to the 
wireless network being initialized. Things like:

Event ID 5719 (There are currently no logon servers available to service the 
logon request.)
Event ID 129 (NtpClient was unable to set a domain peer to use as a time source 
because of discovery error.)
Event ID 1129 (The processing of Group Policy failed because of lack of network 
connectivity to a domain controller.)

Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del] window. 
You can log in (including as someone who has never logged into the machine 
before), ping the DC, browse to \\domain\syvol, and so 
on. It's just that at that point, group policy processing seems to have given 
up. My machines aren't figuring out that they've been added to a new group.



John Hornbuckle
MIS Department
Taylor County School Dist

RE: Group Policy Problems Over Wireless

[Carl Houseman]

What are you using for a wireless supplicant (program that configures the
SSID etc.)?  Windows WZC or something specific to the wireless?   Whichever
one you are using, turn it off and try the other.

 

Also download and install the latest wireless NIC drivers.

 

All else being OK, generally the "trick" is to use WZC, but as some have
indicated, sometimes the vendor utility, assuming it runs as a service, might
be OK.  I would also disable any wired adapter that may be present.

 

Also make sure your group policies are in effect using gpresult /v -
especially the one about always waiting for network.

 

Carl

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, October 13, 2010 10:26 AM
To: NT System Admin Issues
Subject: Group Policy Problems Over Wireless

 

Short version:

Is there a trick to improving group policy processing when accessing the
network wirelessly?

 

 

Long version:

We have a lab with machines that have Broadcom wireless NICs in them. Vista
OS, connecting to Server 2008 R2 DC.

 

I'm trying to deploy a piece of software to these machines via Group Policy.
I have things setup so that if the machine is a member of a certain group,
the software is deployed. Unfortunately, it only worked correctly on one of
the machines-on all the rest, the software isn't being deployed.

 

So I connect to any of the machines that didn't get the software, and run
gpresult. It doesn't show me that those machines are members of the group
that gets the software. But I know they are; I've confirmed in ADUC on the
DC. They're just not picking up group membership.

 

Looking at the event log for events that happen around startup, I see things
that make me think group policy processing is trying to happen prior to the
wireless network being initialized. Things like:

 

Event ID 5719 (There are currently no logon servers available to service the
logon request.)

Event ID 129 (NtpClient was unable to set a domain peer to use as a time
source because of discovery error.)

Event ID 1129 (The processing of Group Policy failed because of lack of
network connectivity to a domain controller.)

 

Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del]
window. You can log in (including as someone who has never logged into the
machine before), ping the DC, browse to \\domain\syvol
 , and so on. It's just that at that point, group
policy processing seems to have given up. My machines aren't figuring out
that they've been added to a new group.

 

 

 

John Hornbuckle

MIS Department

Taylor County School District

www.taylor.k12.fl.us

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 
 
NOTICE: Florida has a broad public records law. Most written communications
to or from this entity are public records that will be disclosed to the
public and the media upon request. E-mail communications may be subject to
public disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Problems Over Wireless

[John Hornbuckle]

Just tried-no difference.



From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Wednesday, October 13, 2010 10:49 AM
To: NT System Admin Issues
Subject: Re: Group Policy Problems Over Wireless

Yes, that is truebut if the network isn't fully operational and the user 
logs in, software installation policy won't occur, as it is supposed to happen 
before login, as you say. I've seen it do the software install when the user 
logs back out and goes to log in again.
On 13 October 2010 15:46, John Hornbuckle 
mailto:john.hornbuc...@taylor.k12.fl.us>> 
wrote:
The policy for installing the software is a computer policy, not a user 
policy-so it should be happening before login ever occurs.

The user policies and scripts work just fine, all the time. Because it seems 
that once you get to the login screen, things are up and running-but the system 
seems to have given up on processing computer policies at that point.



From: James Rankin [mailto:kz2...@googlemail.com<mailto:kz2...@googlemail.com>]
Sent: Wednesday, October 13, 2010 10:43 AM

To: NT System Admin Issues
Subject: Re: Group Policy Problems Over Wireless

Does logging in twice initiate the software install, or not?
On 13 October 2010 15:39, John Hornbuckle 
mailto:john.hornbuc...@taylor.k12.fl.us>> 
wrote:
There's "Always wait for the network at computer startup and logon," but I've 
already got that enabled.




John




From: James Rankin [mailto:kz2...@googlemail.com<mailto:kz2...@googlemail.com>]
Sent: Wednesday, October 13, 2010 10:37 AM
To: NT System Admin Issues
Subject: Re: Group Policy Problems Over Wireless

isn't there a "wait for the network to initialize" GPO setting that you can put 
down so that it won't try to install software until the network is fully 
operational?

I can't get into GPMC at the moment to confirm - keeps crashing cos of the Wyse 
Device Manager snap-in. Grrr
On 13 October 2010 15:25, John Hornbuckle 
mailto:john.hornbuc...@taylor.k12.fl.us>> 
wrote:
Short version:
Is there a trick to improving group policy processing when accessing the 
network wirelessly?


Long version:
We have a lab with machines that have Broadcom wireless NICs in them. Vista OS, 
connecting to Server 2008 R2 DC.

I'm trying to deploy a piece of software to these machines via Group Policy. I 
have things setup so that if the machine is a member of a certain group, the 
software is deployed. Unfortunately, it only worked correctly on one of the 
machines-on all the rest, the software isn't being deployed.

So I connect to any of the machines that didn't get the software, and run 
gpresult. It doesn't show me that those machines are members of the group that 
gets the software. But I know they are; I've confirmed in ADUC on the DC. 
They're just not picking up group membership.

Looking at the event log for events that happen around startup, I see things 
that make me think group policy processing is trying to happen prior to the 
wireless network being initialized. Things like:

Event ID 5719 (There are currently no logon servers available to service the 
logon request.)
Event ID 129 (NtpClient was unable to set a domain peer to use as a time source 
because of discovery error.)
Event ID 1129 (The processing of Group Policy failed because of lack of network 
connectivity to a domain controller.)

Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del] window. 
You can log in (including as someone who has never logged into the machine 
before), ping the DC, browse to \\domain\syvol, and so 
on. It's just that at that point, group policy processing seems to have given 
up. My machines aren't figuring out that they've been added to a new group.



John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us<http://www.taylor.k12.fl.us>



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To mana

RE: Group Policy Problems Over Wireless

[Webster]

I never taught a 2003 AD class but that issue is covered in the 2008/R2 AD
class in the GPO Modules.

 

 

Webster

 

From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] 
Subject: RE: Group Policy Problems Over Wireless

 

Good point, but I've experienced the same symptoms he is describing with a
2003 AD as well. In my specific experience with this type of issue, it seems
to boil down to the client and the wireless network stack not being fully
loaded/connected at the time the system is ready to start processing logon
to the domain. The wireless negotiation/association/authentication/DHCP
reservation request all take considerably longer than a wired connection
does.

 

I've overcome some of this with the Intel ProSET (which IMHO) is one of the
most stable wireless supplicants out there for enterprise use. But I still
end up having to run "gpupdate /force" sometimes.

 

  _  

From: Webster [mailto:carlwebs...@gmail.com] 
Subject: RE: Group Policy Problems Over Wireless

 

Software Installation will not happen over what GP determines is a Slow Link
on 2008 and R2.  So turn off Slow Link detection and see if that helps.

 

 

Webster

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Subject: Group Policy Problems Over Wireless

 

Short version:

Is there a trick to improving group policy processing when accessing the
network wirelessly?

 

 

Long version:

We have a lab with machines that have Broadcom wireless NICs in them. Vista
OS, connecting to Server 2008 R2 DC.

 

I'm trying to deploy a piece of software to these machines via Group Policy.
I have things setup so that if the machine is a member of a certain group,
the software is deployed. Unfortunately, it only worked correctly on one of
the machines-on all the rest, the software isn't being deployed.

 

So I connect to any of the machines that didn't get the software, and run
gpresult. It doesn't show me that those machines are members of the group
that gets the software. But I know they are; I've confirmed in ADUC on the
DC. They're just not picking up group membership.

 

Looking at the event log for events that happen around startup, I see things
that make me think group policy processing is trying to happen prior to the
wireless network being initialized. Things like:

 

Event ID 5719 (There are currently no logon servers available to service the
logon request.)

Event ID 129 (NtpClient was unable to set a domain peer to use as a time
source because of discovery error.)

Event ID 1129 (The processing of Group Policy failed because of lack of
network connectivity to a domain controller.)

 

Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del]
window. You can log in (including as someone who has never logged into the
machine before), ping the DC, browse to \\domain\syvol
 , and so on. It's just that at that point, group
policy processing seems to have given up. My machines aren't figuring out
that they've been added to a new group.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Problems Over Wireless

[Raper, Jonathan - Eagle]

Good point, but I've experienced the same symptoms he is describing with a 2003 
AD as well. In my specific experience with this type of issue, it seems to boil 
down to the client and the wireless network stack not being fully 
loaded/connected at the time the system is ready to start processing logon to 
the domain. The wireless negotiation/association/authentication/DHCP 
reservation request all take considerably longer than a wired connection does.

I've overcome some of this with the Intel ProSET (which IMHO) is one of the 
most stable wireless supplicants out there for enterprise use. But I still end 
up having to run "gpupdate /force" sometimes.

YMMV, HTH

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.commailto:%20jra...@eaglemds.com>
www.eaglemds.comhttp://www.eaglemds.com/>


From: Webster [mailto:carlwebs...@gmail.com]
Sent: Wednesday, October 13, 2010 10:55 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

Software Installation will not happen over what GP determines is a Slow Link on 
2008 and R2.  So turn off Slow Link detection and see if that helps.


Webster

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Subject: Group Policy Problems Over Wireless

Short version:
Is there a trick to improving group policy processing when accessing the 
network wirelessly?


Long version:
We have a lab with machines that have Broadcom wireless NICs in them. Vista OS, 
connecting to Server 2008 R2 DC.

I'm trying to deploy a piece of software to these machines via Group Policy. I 
have things setup so that if the machine is a member of a certain group, the 
software is deployed. Unfortunately, it only worked correctly on one of the 
machines-on all the rest, the software isn't being deployed.

So I connect to any of the machines that didn't get the software, and run 
gpresult. It doesn't show me that those machines are members of the group that 
gets the software. But I know they are; I've confirmed in ADUC on the DC. 
They're just not picking up group membership.

Looking at the event log for events that happen around startup, I see things 
that make me think group policy processing is trying to happen prior to the 
wireless network being initialized. Things like:

Event ID 5719 (There are currently no logon servers available to service the 
logon request.)
Event ID 129 (NtpClient was unable to set a domain peer to use as a time source 
because of discovery error.)
Event ID 1129 (The processing of Group Policy failed because of lack of network 
connectivity to a domain controller.)

Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del] window. 
You can log in (including as someone who has never logged into the machine 
before), ping the DC, browse to \\domain\syvol, and so 
on. It's just that at that point, group policy processing seems to have given 
up. My machines aren't figuring out that they've been added to a new group.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


Any medical information contained in this electronic message is CONFIDENTIAL 
and privileged. It is unlawful for unauthorized persons to view, copy, 
disclose, or disseminate CONFIDENTIAL information. This electronic message may 
contain information that is confidential and/or legally privileged. It is 
intended only for the use of the individual(s) and/or entity named as 
recipients in the message. If you are not an intended recipient of this 
message, please notify the sender immediately and delete this material from 
your computer. Do not deliver, distribute or copy this message, and do not 
disclose its contents or take any action in reliance on the information that it 
contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Group Policy Problems Over Wireless

[James Rankin]

I had some problems with Folder Redirection policies and Fast Logon
Optimization - I turned that off via GPO.

On 13 October 2010 15:57, Raper, Jonathan - Eagle wrote:

>  There is one possibility – I’ve run into this before, but not had a
> chance to test my theory. Fast Sign-on in Windows XP. If it is disabled
> (which is not default) then that might solve the issue. Of course, that will
> increase your logon times, and that policy is a machine policy, so you’d
> have to connect the machines wired, boot them up…and that would apply the
> GPO you’re trying to apply in the first place…
>
>
>
> **eyeroll**
>
>
>
> Have you tried a *gpupdate /force* once the client is booted, and if so,
> does that work? I’ve had success with that… If that works, you could script
> that to run once the user logs in, which would force them to reboot for the
> policies to take affect…
>
>
>
> Jonathan L. Raper, A+, MCSA, MCSE
> Technology Coordinator
> Eagle Physicians & Associates, PA*
> *jra...@eaglemds.com*
> *www.eaglemds.com
>   --
>
> *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> *Sent:* Wednesday, October 13, 2010 10:46 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Group Policy Problems Over Wireless
>
>
>
> The policy for installing the software is a computer policy, not a user
> policy—so it should be happening before login ever occurs.
>
>
>
> The user policies and scripts work just fine, all the time. Because it
> seems that once you get to the login screen, things are up and running—but
> the system seems to have given up on processing computer policies at that
> point.
>
>
>
>
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Wednesday, October 13, 2010 10:43 AM
> *To:* NT System Admin Issues
> *Subject:* Re: Group Policy Problems Over Wireless
>
>
>
> Does logging in twice initiate the software install, or not?
>
> On 13 October 2010 15:39, John Hornbuckle <
> john.hornbuc...@taylor.k12.fl.us> wrote:
>
> There’s “Always wait for the network at computer startup and logon,” but
> I’ve already got that enabled.
>
>
>
>
>
>
>
>
>
> John
>
>
>
>
>
>
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Wednesday, October 13, 2010 10:37 AM
> *To:* NT System Admin Issues
> *Subject:* Re: Group Policy Problems Over Wireless
>
>
>
> isn't there a "wait for the network to initialize" GPO setting that you can
> put down so that it won't try to install software until the network is fully
> operational?
>
> I can't get into GPMC at the moment to confirm - keeps crashing cos of the
> Wyse Device Manager snap-in. Grrr
>
> On 13 October 2010 15:25, John Hornbuckle <
> john.hornbuc...@taylor.k12.fl.us> wrote:
>
> Short version:
>
> *Is there a trick to improving group policy processing when accessing the
> network wirelessly?*
>
>
>
>
>
> Long version:
>
> We have a lab with machines that have Broadcom wireless NICs in them. Vista
> OS, connecting to Server 2008 R2 DC.
>
>
>
> I’m trying to deploy a piece of software to these machines via Group
> Policy. I have things setup so that if the machine is a member of a certain
> group, the software is deployed. Unfortunately, it only worked correctly on
> one of the machines—on all the rest, the software isn’t being deployed.
>
>
>
> So I connect to any of the machines that didn’t get the software, and run
> gpresult. It doesn’t show me that those machines are members of the group
> that gets the software. But I know they are; I’ve confirmed in ADUC on the
> DC. They’re just not picking up group membership.
>
>
>
> Looking at the event log for events that happen around startup, I see
> things that make me think group policy processing is trying to happen prior
> to the wireless network being initialized. Things like:
>
>
>
> Event ID 5719 (There are currently no logon servers available to service
> the logon request.)
>
> Event ID 129 (NtpClient was unable to set a domain peer to use as a time
> source because of discovery error.)
>
> Event ID 1129 (The processing of Group Policy failed because of lack of
> network connectivity to a domain controller.)
>
>
>
> Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del]
> window. You can log in (including as someone who has never logged into the
> machine before), ping the DC, browse to \\domain\syvol, and so on. It’s just
> that at that point, group policy processing seems to have given up. My
> machines aren’t figuring out that they’ve be

RE: Group Policy Problems Over Wireless

[Raper, Jonathan - Eagle]

There is one possibility - I've run into this before, but not had a chance to 
test my theory. Fast Sign-on in Windows XP. If it is disabled (which is not 
default) then that might solve the issue. Of course, that will increase your 
logon times, and that policy is a machine policy, so you'd have to connect the 
machines wired, boot them up...and that would apply the GPO you're trying to 
apply in the first place...

*eyeroll*

Have you tried a gpupdate /force once the client is booted, and if so, does 
that work? I've had success with that... If that works, you could script that 
to run once the user logs in, which would force them to reboot for the policies 
to take affect...


Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.commailto:%20jra...@eaglemds.com>
www.eaglemds.comhttp://www.eaglemds.com/>


From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, October 13, 2010 10:46 AM
To: NT System Admin Issues
Subject: RE: Group Policy Problems Over Wireless

The policy for installing the software is a computer policy, not a user 
policy-so it should be happening before login ever occurs.

The user policies and scripts work just fine, all the time. Because it seems 
that once you get to the login screen, things are up and running-but the system 
seems to have given up on processing computer policies at that point.



From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Wednesday, October 13, 2010 10:43 AM
To: NT System Admin Issues
Subject: Re: Group Policy Problems Over Wireless

Does logging in twice initiate the software install, or not?
On 13 October 2010 15:39, John Hornbuckle 
mailto:john.hornbuc...@taylor.k12.fl.us>> 
wrote:
There's "Always wait for the network at computer startup and logon," but I've 
already got that enabled.




John




From: James Rankin [mailto:kz2...@googlemail.com<mailto:kz2...@googlemail.com>]
Sent: Wednesday, October 13, 2010 10:37 AM
To: NT System Admin Issues
Subject: Re: Group Policy Problems Over Wireless

isn't there a "wait for the network to initialize" GPO setting that you can put 
down so that it won't try to install software until the network is fully 
operational?

I can't get into GPMC at the moment to confirm - keeps crashing cos of the Wyse 
Device Manager snap-in. Grrr
On 13 October 2010 15:25, John Hornbuckle 
mailto:john.hornbuc...@taylor.k12.fl.us>> 
wrote:
Short version:
Is there a trick to improving group policy processing when accessing the 
network wirelessly?


Long version:
We have a lab with machines that have Broadcom wireless NICs in them. Vista OS, 
connecting to Server 2008 R2 DC.

I'm trying to deploy a piece of software to these machines via Group Policy. I 
have things setup so that if the machine is a member of a certain group, the 
software is deployed. Unfortunately, it only worked correctly on one of the 
machines-on all the rest, the software isn't being deployed.

So I connect to any of the machines that didn't get the software, and run 
gpresult. It doesn't show me that those machines are members of the group that 
gets the software. But I know they are; I've confirmed in ADUC on the DC. 
They're just not picking up group membership.

Looking at the event log for events that happen around startup, I see things 
that make me think group policy processing is trying to happen prior to the 
wireless network being initialized. Things like:

Event ID 5719 (There are currently no logon servers available to service the 
logon request.)
Event ID 129 (NtpClient was unable to set a domain peer to use as a time source 
because of discovery error.)
Event ID 1129 (The processing of Group Policy failed because of lack of network 
connectivity to a domain controller.)

Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del] window. 
You can log in (including as someone who has never logged into the machine 
before), ping the DC, browse to \\domain\syvol, and so on. It's just that at 
that point, group policy processing seems to have given up. My machines aren't 
figuring out that they've been added to a new group.



John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us<http://www.taylor.k12.fl.us>



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the me

RE: Group Policy Problems Over Wireless

[Webster]

Software Installation will not happen over what GP determines is a Slow Link
on 2008 and R2.  So turn off Slow Link detection and see if that helps.

 

 

Webster

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Subject: Group Policy Problems Over Wireless

 

Short version:

Is there a trick to improving group policy processing when accessing the
network wirelessly?

 

 

Long version:

We have a lab with machines that have Broadcom wireless NICs in them. Vista
OS, connecting to Server 2008 R2 DC.

 

I'm trying to deploy a piece of software to these machines via Group Policy.
I have things setup so that if the machine is a member of a certain group,
the software is deployed. Unfortunately, it only worked correctly on one of
the machines-on all the rest, the software isn't being deployed.

 

So I connect to any of the machines that didn't get the software, and run
gpresult. It doesn't show me that those machines are members of the group
that gets the software. But I know they are; I've confirmed in ADUC on the
DC. They're just not picking up group membership.

 

Looking at the event log for events that happen around startup, I see things
that make me think group policy processing is trying to happen prior to the
wireless network being initialized. Things like:

 

Event ID 5719 (There are currently no logon servers available to service the
logon request.)

Event ID 129 (NtpClient was unable to set a domain peer to use as a time
source because of discovery error.)

Event ID 1129 (The processing of Group Policy failed because of lack of
network connectivity to a domain controller.)

 

Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del]
window. You can log in (including as someone who has never logged into the
machine before), ping the DC, browse to \\domain\syvol
 , and so on. It's just that at that point, group
policy processing seems to have given up. My machines aren't figuring out
that they've been added to a new group.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Group Policy Problems Over Wireless

[James Rankin]

Yes, that is truebut if the network isn't fully operational and the user
logs in, software installation policy won't occur, as it is supposed to
happen before login, as you say. I've seen it do the software install when
the user logs back out and goes to log in again.

On 13 October 2010 15:46, John Hornbuckle
wrote:

> The policy for installing the software is a computer policy, not a user
> policy—so it should be happening before login ever occurs.
>
>
>
> The user policies and scripts work just fine, all the time. Because it
> seems that once you get to the login screen, things are up and running—but
> the system seems to have given up on processing computer policies at that
> point.
>
>
>
>
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Wednesday, October 13, 2010 10:43 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Group Policy Problems Over Wireless
>
>
>
> Does logging in twice initiate the software install, or not?
>
> On 13 October 2010 15:39, John Hornbuckle <
> john.hornbuc...@taylor.k12.fl.us> wrote:
>
> There’s “Always wait for the network at computer startup and logon,” but
> I’ve already got that enabled.
>
>
>
>
>
>
>
>
>
> John
>
>
>
>
>
>
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Wednesday, October 13, 2010 10:37 AM
> *To:* NT System Admin Issues
> *Subject:* Re: Group Policy Problems Over Wireless
>
>
>
> isn't there a "wait for the network to initialize" GPO setting that you can
> put down so that it won't try to install software until the network is fully
> operational?
>
> I can't get into GPMC at the moment to confirm - keeps crashing cos of the
> Wyse Device Manager snap-in. Grrr
>
> On 13 October 2010 15:25, John Hornbuckle <
> john.hornbuc...@taylor.k12.fl.us> wrote:
>
> Short version:
>
> *Is there a trick to improving group policy processing when accessing the
> network wirelessly?*
>
>
>
>
>
> Long version:
>
> We have a lab with machines that have Broadcom wireless NICs in them. Vista
> OS, connecting to Server 2008 R2 DC.
>
>
>
> I’m trying to deploy a piece of software to these machines via Group
> Policy. I have things setup so that if the machine is a member of a certain
> group, the software is deployed. Unfortunately, it only worked correctly on
> one of the machines—on all the rest, the software isn’t being deployed.
>
>
>
> So I connect to any of the machines that didn’t get the software, and run
> gpresult. It doesn’t show me that those machines are members of the group
> that gets the software. But I know they are; I’ve confirmed in ADUC on the
> DC. They’re just not picking up group membership.
>
>
>
> Looking at the event log for events that happen around startup, I see
> things that make me think group policy processing is trying to happen prior
> to the wireless network being initialized. Things like:
>
>
>
> Event ID 5719 (There are currently no logon servers available to service
> the logon request.)
>
> Event ID 129 (NtpClient was unable to set a domain peer to use as a time
> source because of discovery error.)
>
> Event ID 1129 (The processing of Group Policy failed because of lack of
> network connectivity to a domain controller.)
>
>
>
> Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del]
> window. You can log in (including as someone who has never logged into the
> machine before), ping the DC, browse to \\domain\syvol, and so on. It’s just
> that at that point, group policy processing seems to have given up. My
> machines aren’t figuring out that they’ve been added to a new group.
>
>
>
>
>
>
>
> John Hornbuckle
>
> MIS Department
>
> Taylor County School District
>
> www.taylor.k12.fl.us
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> NOTICE: Florida has a broad public records law. Most written communications 
> to or from this entity are public records that will be disclosed to the 
> public and the media upon request. E-mail communications may be subject to 
> public disclosure.
>
>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am n

RE: Group Policy Problems Over Wireless

[John Hornbuckle]

The policy for installing the software is a computer policy, not a user 
policy-so it should be happening before login ever occurs.

The user policies and scripts work just fine, all the time. Because it seems 
that once you get to the login screen, things are up and running-but the system 
seems to have given up on processing computer policies at that point.



From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Wednesday, October 13, 2010 10:43 AM
To: NT System Admin Issues
Subject: Re: Group Policy Problems Over Wireless

Does logging in twice initiate the software install, or not?
On 13 October 2010 15:39, John Hornbuckle 
mailto:john.hornbuc...@taylor.k12.fl.us>> 
wrote:
There's "Always wait for the network at computer startup and logon," but I've 
already got that enabled.




John




From: James Rankin [mailto:kz2...@googlemail.com<mailto:kz2...@googlemail.com>]
Sent: Wednesday, October 13, 2010 10:37 AM
To: NT System Admin Issues
Subject: Re: Group Policy Problems Over Wireless

isn't there a "wait for the network to initialize" GPO setting that you can put 
down so that it won't try to install software until the network is fully 
operational?

I can't get into GPMC at the moment to confirm - keeps crashing cos of the Wyse 
Device Manager snap-in. Grrr
On 13 October 2010 15:25, John Hornbuckle 
mailto:john.hornbuc...@taylor.k12.fl.us>> 
wrote:
Short version:
Is there a trick to improving group policy processing when accessing the 
network wirelessly?


Long version:
We have a lab with machines that have Broadcom wireless NICs in them. Vista OS, 
connecting to Server 2008 R2 DC.

I'm trying to deploy a piece of software to these machines via Group Policy. I 
have things setup so that if the machine is a member of a certain group, the 
software is deployed. Unfortunately, it only worked correctly on one of the 
machines-on all the rest, the software isn't being deployed.

So I connect to any of the machines that didn't get the software, and run 
gpresult. It doesn't show me that those machines are members of the group that 
gets the software. But I know they are; I've confirmed in ADUC on the DC. 
They're just not picking up group membership.

Looking at the event log for events that happen around startup, I see things 
that make me think group policy processing is trying to happen prior to the 
wireless network being initialized. Things like:

Event ID 5719 (There are currently no logon servers available to service the 
logon request.)
Event ID 129 (NtpClient was unable to set a domain peer to use as a time source 
because of discovery error.)
Event ID 1129 (The processing of Group Policy failed because of lack of network 
connectivity to a domain controller.)

Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del] window. 
You can log in (including as someone who has never logged into the machine 
before), ping the DC, browse to \\domain\syvol, and so on. It's just that at 
that point, group policy processing seems to have given up. My machines aren't 
figuring out that they've been added to a new group.



John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us<http://www.taylor.k12.fl.us>



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

NOTICE

Re: Group Policy Problems Over Wireless

[James Rankin]

Does logging in twice initiate the software install, or not?

On 13 October 2010 15:39, John Hornbuckle
wrote:

> There’s “Always wait for the network at computer startup and logon,” but
> I’ve already got that enabled.
>
>
>
>
>
>
>
>
>
> John
>
>
>
>
>
>
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Wednesday, October 13, 2010 10:37 AM
> *To:* NT System Admin Issues
> *Subject:* Re: Group Policy Problems Over Wireless
>
>
>
> isn't there a "wait for the network to initialize" GPO setting that you can
> put down so that it won't try to install software until the network is fully
> operational?
>
> I can't get into GPMC at the moment to confirm - keeps crashing cos of the
> Wyse Device Manager snap-in. Grrr
>
> On 13 October 2010 15:25, John Hornbuckle <
> john.hornbuc...@taylor.k12.fl.us> wrote:
>
> Short version:
>
> *Is there a trick to improving group policy processing when accessing the
> network wirelessly?*
>
>
>
>
>
> Long version:
>
> We have a lab with machines that have Broadcom wireless NICs in them. Vista
> OS, connecting to Server 2008 R2 DC.
>
>
>
> I’m trying to deploy a piece of software to these machines via Group
> Policy. I have things setup so that if the machine is a member of a certain
> group, the software is deployed. Unfortunately, it only worked correctly on
> one of the machines—on all the rest, the software isn’t being deployed.
>
>
>
> So I connect to any of the machines that didn’t get the software, and run
> gpresult. It doesn’t show me that those machines are members of the group
> that gets the software. But I know they are; I’ve confirmed in ADUC on the
> DC. They’re just not picking up group membership.
>
>
>
> Looking at the event log for events that happen around startup, I see
> things that make me think group policy processing is trying to happen prior
> to the wireless network being initialized. Things like:
>
>
>
> Event ID 5719 (There are currently no logon servers available to service
> the logon request.)
>
> Event ID 129 (NtpClient was unable to set a domain peer to use as a time
> source because of discovery error.)
>
> Event ID 1129 (The processing of Group Policy failed because of lack of
> network connectivity to a domain controller.)
>
>
>
> Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del]
> window. You can log in (including as someone who has never logged into the
> machine before), ping the DC, browse to \\domain\syvol, and so on. It’s
> just that at that point, group policy processing seems to have given up. My
> machines aren’t figuring out that they’ve been added to a new group.
>
>
>
>
>
>
>
> John Hornbuckle
>
> MIS Department
>
> Taylor County School District
>
> www.taylor.k12.fl.us
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> NOTICE: Florida has a broad public records law. Most written communications 
> to or from this entity are public records that will be disclosed to the 
> public and the media upon request. E-mail communications may be subject to 
> public disclosure.
>
>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> NOTICE: Florida has a broad public records law. Most written communications 
> to or from this entity are public records that will be disclosed to the 
> public and the media upon req

RE: Group Policy Problems Over Wireless

[John Hornbuckle]

There's "Always wait for the network at computer startup and 
logon," but I've already got that enabled.




John




From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Wednesday, October 13, 2010 10:37 AM
To: NT System Admin Issues
Subject: Re: Group Policy Problems Over Wireless

isn't there a "wait for the network to initialize" GPO setting that you can put 
down so that it won't try to install software until the network is fully 
operational?

I can't get into GPMC at the moment to confirm - keeps crashing cos of the Wyse 
Device Manager snap-in. Grrr
On 13 October 2010 15:25, John Hornbuckle 
mailto:john.hornbuc...@taylor.k12.fl.us>> 
wrote:
Short version:
Is there a trick to improving group policy processing when accessing the 
network wirelessly?


Long version:
We have a lab with machines that have Broadcom wireless NICs in them. Vista OS, 
connecting to Server 2008 R2 DC.

I'm trying to deploy a piece of software to these machines via Group Policy. I 
have things setup so that if the machine is a member of a certain group, the 
software is deployed. Unfortunately, it only worked correctly on one of the 
machines-on all the rest, the software isn't being deployed.

So I connect to any of the machines that didn't get the software, and run 
gpresult. It doesn't show me that those machines are members of the group that 
gets the software. But I know they are; I've confirmed in ADUC on the DC. 
They're just not picking up group membership.

Looking at the event log for events that happen around startup, I see things 
that make me think group policy processing is trying to happen prior to the 
wireless network being initialized. Things like:

Event ID 5719 (There are currently no logon servers available to service the 
logon request.)
Event ID 129 (NtpClient was unable to set a domain peer to use as a time source 
because of discovery error.)
Event ID 1129 (The processing of Group Policy failed because of lack of network 
connectivity to a domain controller.)

Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del] window. 
You can log in (including as someone who has never logged into the machine 
before), ping the DC, browse to \\domain\syvol, and so 
on. It's just that at that point, group policy processing seems to have given 
up. My machines aren't figuring out that they've been added to a new group.



John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us<http://www.taylor.k12.fl.us>



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Group Policy Problems Over Wireless

[James Rankin]

Think it is something like this

*Always wait for the network at computer startup and logon*
 *Administrative Template:* System  *Policy Node:* MACHINE  *Policy
Path:* Administrative
Templates\System\Logon



On 13 October 2010 15:37, James Rankin  wrote:

> isn't there a "wait for the network to initialize" GPO setting that you can
> put down so that it won't try to install software until the network is fully
> operational?
>
> I can't get into GPMC at the moment to confirm - keeps crashing cos of the
> Wyse Device Manager snap-in. Grrr
>
> On 13 October 2010 15:25, John Hornbuckle <
> john.hornbuc...@taylor.k12.fl.us> wrote:
>
>> Short version:
>>
>> *Is there a trick to improving group policy processing when accessing the
>> network wirelessly?*
>>
>>
>>
>>
>>
>> Long version:
>>
>> We have a lab with machines that have Broadcom wireless NICs in them.
>> Vista OS, connecting to Server 2008 R2 DC.
>>
>>
>>
>> I’m trying to deploy a piece of software to these machines via Group
>> Policy. I have things setup so that if the machine is a member of a certain
>> group, the software is deployed. Unfortunately, it only worked correctly on
>> one of the machines—on all the rest, the software isn’t being deployed.
>>
>>
>>
>> So I connect to any of the machines that didn’t get the software, and run
>> gpresult. It doesn’t show me that those machines are members of the group
>> that gets the software. But I know they are; I’ve confirmed in ADUC on the
>> DC. They’re just not picking up group membership.
>>
>>
>>
>> Looking at the event log for events that happen around startup, I see
>> things that make me think group policy processing is trying to happen prior
>> to the wireless network being initialized. Things like:
>>
>>
>>
>> Event ID 5719 (There are currently no logon servers available to service
>> the logon request.)
>>
>> Event ID 129 (NtpClient was unable to set a domain peer to use as a time
>> source because of discovery error.)
>>
>> Event ID 1129 (The processing of Group Policy failed because of lack of
>> network connectivity to a domain controller.)
>>
>>
>>
>> Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del]
>> window. You can log in (including as someone who has never logged into the
>> machine before), ping the DC, browse to \\domain\syvol, and so on. It’s
>> just that at that point, group policy processing seems to have given up. My
>> machines aren’t figuring out that they’ve been added to a new group.
>>
>>
>>
>>
>>
>>
>>
>> John Hornbuckle
>>
>> MIS Department
>>
>> Taylor County School District
>>
>> www.taylor.k12.fl.us
>>
>>
>>
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> NOTICE: Florida has a broad public records law. Most written communications 
>> to or from this entity are public records that will be disclosed to the 
>> public and the media upon request. E-mail communications may be subject to 
>> public disclosure.
>>
>>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Group Policy Problems Over Wireless

[James Rankin]

isn't there a "wait for the network to initialize" GPO setting that you can
put down so that it won't try to install software until the network is fully
operational?

I can't get into GPMC at the moment to confirm - keeps crashing cos of the
Wyse Device Manager snap-in. Grrr

On 13 October 2010 15:25, John Hornbuckle
wrote:

> Short version:
>
> *Is there a trick to improving group policy processing when accessing the
> network wirelessly?*
>
>
>
>
>
> Long version:
>
> We have a lab with machines that have Broadcom wireless NICs in them. Vista
> OS, connecting to Server 2008 R2 DC.
>
>
>
> I’m trying to deploy a piece of software to these machines via Group
> Policy. I have things setup so that if the machine is a member of a certain
> group, the software is deployed. Unfortunately, it only worked correctly on
> one of the machines—on all the rest, the software isn’t being deployed.
>
>
>
> So I connect to any of the machines that didn’t get the software, and run
> gpresult. It doesn’t show me that those machines are members of the group
> that gets the software. But I know they are; I’ve confirmed in ADUC on the
> DC. They’re just not picking up group membership.
>
>
>
> Looking at the event log for events that happen around startup, I see
> things that make me think group policy processing is trying to happen prior
> to the wireless network being initialized. Things like:
>
>
>
> Event ID 5719 (There are currently no logon servers available to service
> the logon request.)
>
> Event ID 129 (NtpClient was unable to set a domain peer to use as a time
> source because of discovery error.)
>
> Event ID 1129 (The processing of Group Policy failed because of lack of
> network connectivity to a domain controller.)
>
>
>
> Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del]
> window. You can log in (including as someone who has never logged into the
> machine before), ping the DC, browse to \\domain\syvol, and so on. It’s
> just that at that point, group policy processing seems to have given up. My
> machines aren’t figuring out that they’ve been added to a new group.
>
>
>
>
>
>
>
> John Hornbuckle
>
> MIS Department
>
> Taylor County School District
>
> www.taylor.k12.fl.us
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> NOTICE: Florida has a broad public records law. Most written communications 
> to or from this entity are public records that will be disclosed to the 
> public and the media upon request. E-mail communications may be subject to 
> public disclosure.
>
>


-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Group Policy weirdness

[James Rankin]

No, just the corresponding error in the System log saying

*Windows failed to apply the Group Policy Files settings. Group Policy Files
settings might have its own log file. Please click on the "More information"
link.*

On 5 August 2010 14:54, Don Guyer  wrote:

>  Hm. Interesting. Anything else in the Event Logs?
>
>
>
> Don Guyer
>
> Systems Engineer - Information Services
>
> Prudential, Fox & Roach/Trident Group
>
> 431 W. Lancaster Avenue
>
> Devon, PA 19333
>
> Direct: (610) 993-3299
>
> Fax: (610) 650-5306
>
> don.gu...@prufoxroach.com
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Thursday, August 05, 2010 9:46 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Group Policy weirdness
>
>
>
> That was one of my initial thoughts, but it's not borking on every other
> system it applies to. It's just a Group Policy Preference to copy some files
> across, and it works fine if I do the copy manually. The source is actually
> a TeraStation, so there appears to be no file permissions you can set on it
> (it's all just source files so there's no need for any security on it
> anyway). I thought there might be an expired account logged on to the
> system, which is why I restarted it, but that appeared to make no
> difference. AFAIK, there's no particular account associated with executing a
> Group Policy Preference (open to education here).
>
> On 5 August 2010 14:41, Don Guyer  wrote:
>
> Did a user account involved with executing the policy password expire while
> you were away? Maybe take the guts of the policy (script or whatever it’s
> actually performing) and run it manually to see?
>
>
>
>
>
> Don Guyer
>
> Systems Engineer - Information Services
>
> Prudential, Fox & Roach/Trident Group
>
> 431 W. Lancaster Avenue
>
> Devon, PA 19333
>
> Direct: (610) 993-3299
>
> Fax: (610) 650-5306
>
> don.gu...@prufoxroach.com
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Thursday, August 05, 2010 9:32 AM
> *To:* NT System Admin Issues
> *Subject:* Group Policy weirdness
>
>
>
> Just returned from holiday to find one of my servers is throwing an error
> when applying a particular Group Policy Object. The error is shown below:-
>
> *The computer 'SysTools' preference item in the
> 'I_SystemTools_AllServers_0 {AA35E91F-4320-40DC-901C-019F36EB2431}' Group
> Policy object did not apply because it failed with error code '0x8007052e
> Logon failure: unknown user name or bad password.' This error was
> suppressed.*
>
> This GPO applies perfectly well everywhere else and all it does is use the
> Group Policy Files Preference item to copy a set of files down from a
> networked location (just administrative tools such as pstools and other
> things we use in some legacy scripts). I can't understand why it is chucking
> up a logon error. As far as I can tell no permissions on the GPOs or the
> files it accesses have been changed in any way. I tried a restart of the
> problem server and this appears to have made no difference whatsoever apart
> from making a couple of users cranky :-)  Does anyone have any ideas that
> may shed any light on this?
>
> TIA,
>
>
>
> JRR
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
>
>
>
>
>
>
>
>
>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
>
>
>
>
>
>
>
>
>


-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Group Policy weirdness

[Don Guyer]

Hm. Interesting. Anything else in the Event Logs?

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com <mailto:don.gu...@prufoxroach.com> 

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, August 05, 2010 9:46 AM
To: NT System Admin Issues
Subject: Re: Group Policy weirdness

 

That was one of my initial thoughts, but it's not borking on every other
system it applies to. It's just a Group Policy Preference to copy some
files across, and it works fine if I do the copy manually. The source is
actually a TeraStation, so there appears to be no file permissions you
can set on it (it's all just source files so there's no need for any
security on it anyway). I thought there might be an expired account
logged on to the system, which is why I restarted it, but that appeared
to make no difference. AFAIK, there's no particular account associated
with executing a Group Policy Preference (open to education here).

On 5 August 2010 14:41, Don Guyer  wrote:

Did a user account involved with executing the policy password expire
while you were away? Maybe take the guts of the policy (script or
whatever it's actually performing) and run it manually to see?

 

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, August 05, 2010 9:32 AM
To: NT System Admin Issues
Subject: Group Policy weirdness

 

Just returned from holiday to find one of my servers is throwing an
error when applying a particular Group Policy Object. The error is shown
below:-

The computer 'SysTools' preference item in the
'I_SystemTools_AllServers_0 {AA35E91F-4320-40DC-901C-019F36EB2431}'
Group Policy object did not apply because it failed with error code
'0x8007052e Logon failure: unknown user name or bad password.' This
error was suppressed.

This GPO applies perfectly well everywhere else and all it does is use
the Group Policy Files Preference item to copy a set of files down from
a networked location (just administrative tools such as pstools and
other things we use in some legacy scripts). I can't understand why it
is chucking up a logon error. As far as I can tell no permissions on the
GPOs or the files it accesses have been changed in any way. I tried a
restart of the problem server and this appears to have made no
difference whatsoever apart from making a couple of users cranky :-)
Does anyone have any ideas that may shed any light on this?

TIA,



JRR

-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

 

 

 

 




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: Group Policy weirdness

[James Rankin]

That was one of my initial thoughts, but it's not borking on every other
system it applies to. It's just a Group Policy Preference to copy some files
across, and it works fine if I do the copy manually. The source is actually
a TeraStation, so there appears to be no file permissions you can set on it
(it's all just source files so there's no need for any security on it
anyway). I thought there might be an expired account logged on to the
system, which is why I restarted it, but that appeared to make no
difference. AFAIK, there's no particular account associated with executing a
Group Policy Preference (open to education here).

On 5 August 2010 14:41, Don Guyer  wrote:

>  Did a user account involved with executing the policy password expire
> while you were away? Maybe take the guts of the policy (script or whatever
> it’s actually performing) and run it manually to see?
>
>
>
>
>
> Don Guyer
>
> Systems Engineer - Information Services
>
> Prudential, Fox & Roach/Trident Group
>
> 431 W. Lancaster Avenue
>
> Devon, PA 19333
>
> Direct: (610) 993-3299
>
> Fax: (610) 650-5306
>
> don.gu...@prufoxroach.com
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Thursday, August 05, 2010 9:32 AM
> *To:* NT System Admin Issues
> *Subject:* Group Policy weirdness
>
>
>
> Just returned from holiday to find one of my servers is throwing an error
> when applying a particular Group Policy Object. The error is shown below:-
>
> *The computer 'SysTools' preference item in the
> 'I_SystemTools_AllServers_0 {AA35E91F-4320-40DC-901C-019F36EB2431}' Group
> Policy object did not apply because it failed with error code '0x8007052e
> Logon failure: unknown user name or bad password.' This error was
> suppressed.*
>
> This GPO applies perfectly well everywhere else and all it does is use the
> Group Policy Files Preference item to copy a set of files down from a
> networked location (just administrative tools such as pstools and other
> things we use in some legacy scripts). I can't understand why it is chucking
> up a logon error. As far as I can tell no permissions on the GPOs or the
> files it accesses have been changed in any way. I tried a restart of the
> problem server and this appears to have made no difference whatsoever apart
> from making a couple of users cranky :-)  Does anyone have any ideas that
> may shed any light on this?
>
> TIA,
>
>
>
> JRR
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
>
>
>
>
>
>
>
>
>


-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Group Policy weirdness

[Don Guyer]

Did a user account involved with executing the policy password expire
while you were away? Maybe take the guts of the policy (script or
whatever it's actually performing) and run it manually to see?

 

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, August 05, 2010 9:32 AM
To: NT System Admin Issues
Subject: Group Policy weirdness

 

Just returned from holiday to find one of my servers is throwing an
error when applying a particular Group Policy Object. The error is shown
below:-

The computer 'SysTools' preference item in the
'I_SystemTools_AllServers_0 {AA35E91F-4320-40DC-901C-019F36EB2431}'
Group Policy object did not apply because it failed with error code
'0x8007052e Logon failure: unknown user name or bad password.' This
error was suppressed.

This GPO applies perfectly well everywhere else and all it does is use
the Group Policy Files Preference item to copy a set of files down from
a networked location (just administrative tools such as pstools and
other things we use in some legacy scripts). I can't understand why it
is chucking up a logon error. As far as I can tell no permissions on the
GPOs or the files it accesses have been changed in any way. I tried a
restart of the problem server and this appears to have made no
difference whatsoever apart from making a couple of users cranky :-)
Does anyone have any ideas that may shed any light on this?

TIA,



JRR

-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Group Policy Preferences context

[James Rankin]

I think I may have discovered the reason behind the failuresomeone has
apparently been doing some icacls jiggery-pokery via a scheduled task on my
redirected profiles area. Reset the permissions on the whole data structure
after removing this bloody task, and now my GPO has burst into life


Thanks for all the advicenow to find and kill the owner of this
scheduled task...

On 17 March 2010 12:40, Tom Miller  wrote:

> Please show us a snapshot of the GPP you are using.
>
> >>> James Rankin  3/17/2010 5:44 AM >>>
>
> Actually the shortcut is pointing to Notepad, for testing purposes, on the
> local machine. I am using the %systemdrive% variable in it, but no UNC
> stuff.
>
> It's a replace I'm doing.
>
> On 16 March 2010 21:41, James Hill  wrote:
>
>>  Just to clarify, you are creating a shortcut on the users desktop that
>> is pointing to something on a server share? Are you using a unc path?
>>
>> Also are you doing a create, update or replace?
>>
>>  *From:* James Rankin [mailto:kz2...@googlemail.com]
>> *Sent:* Wednesday, 17 March 2010 1:06 AM
>> *To:* NT System Admin Issues
>> *Subject:* Group Policy Preferences context
>>
>> Does anyone know what user context Group Policy Preferences execute in? I
>> have a GPO to apply desktop shortcuts to a redirected area, and it fails
>> unless the *Users* group has *Change* access. I have been testing it with
>> *Administrators*, *System* and the actual user themselves added to the
>> ACL, but unless I explicitly grant *Users* *Change* permission, the Group
>> Policy application fails with an "Access Denied" message.
>>
>> This is a Windows 2008 R2 domain, user logging on to a 2008 R1 terminal
>> server, and the redirection is going to a share on a 2003 FAP server.
>>
>> TIA,
>>
>>
>>
>> JRR
>>
>> --
>> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
>> the machine wrong figures, will the right answers come out?' I am not able
>> rightly to apprehend the kind of confusion of ideas that could provoke such
>> a question."
>>
>>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
>
>
>
>
>
>  Confidentiality Notice: This e-mail message, including attachments, is
> for the sole use of the intended recipient(s) and may contain confidential
> and privileged information. Any unauthorized review, use, disclosure, or
> distribution is prohibited. If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message.
>
>
>
>
>
>


-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~