none
Local GPO Works but Domain GPO Won't

    Question

  • I created a bat file to map network resources as network location. This bat file will run at user logon. I tested to run bat file and to test it with local gpo and it worked fine. the same setting, now I set it up on domain gpo and it does NOT work. PC is part of domain and test account has admin rights to local PC.

    I even set 'Always wait for the network at computer startup and logon' but it does NOT help.

    I ran GPResult and that gpo I created does not apply. Other GPOs applied fine.

    What do I miss in this one? any help is appreciated, thanks.

    This is my bat file and it is located on domain controller.

    @echo off

    xcopy /v /y \\servername\sharename\subfolder\*.* %userprofile%nethood

    END



    Thang Mo

    Monday, December 08, 2014 7:20 PM

Answers

All replies

  • whats the result of the GP result ( why doesnt it apply) is this linked correctly, does the OU contain user objects or computers?
    Tuesday, December 09, 2014 8:30 AM
  • To answer your questions:

    1. OU has one computer object that is my virtual windows 7 (a member of domain). I am testing first  before deploying. Workstation and servers are in the same domain.

    2. GPO link to its OU correctly

    3. I ran gpresult /scope computer /v and it showed my gpo applied in 'Applied Group Policy Objects' section

    However, I ran gpresult /scope user /v that gpo is not listed as applied in 'applied group policy objects' section. I logged on with a domain account that has rights to both workstation and servers

    My GPO setting is at User Configuration > Preferences > Windows Settings > Shortcuts

    Action: Create

    Target type: File System Object

    Location: All Users Desktop

    Target Path: \\servername\sharename

    In Common tab, I have 'run in logged-on user's security context (user policy option)' checked.

    I also enable "Always wait for the network at computer startup and logon" in computer Configuration.

    I can't think of what missing here! Thanks Zanderol24, I really hit dead-wall here!


    Thang Mo

    Tuesday, December 09, 2014 3:35 PM
  • So you have created a user policy and linked to an OU with a computer in?
    Tuesday, December 09, 2014 3:50 PM
  • Correct! I created a user policy and linked to an OU with a computer in. My goal is that if anyone logging on to this computer, the gpo will applied.

    I have 'Authenticate Users' group in GPO Security Filtering section. I even tested to add my sole account into it (it has both authenticate users group and my domain account) but the gpo does not apply, there's no 'shortcut' on desktop at all, thanks.


    Thang Mo

    Tuesday, December 09, 2014 4:38 PM
  • then apply to an OU with users in not computers

    FYI authenticated users also includes computers

    • Edited by AlexAdkin Tuesday, December 09, 2014 4:44 PM
    Tuesday, December 09, 2014 4:43 PM
  • it does not work! I tried both linking GPO to OUs and linking GPO to Groups and Users. I found a work around but I don't know if it is a true cause.

    I created a new Domain Local security group, created a new user in this group, and it worked good. I realized that all my domain security groups are Global, should this be a problem? thanks.


    Thang Mo

    Thursday, December 11, 2014 4:09 PM
  • i don't think this is fixed theres something else. how did you link gpis to groups and users? you me Ous with groups and Ous with users? 
    Thursday, December 11, 2014 4:25 PM
  • In GPO Scope,

    In 'Security Filtering', I added domain groups. I also tried to add my domain account individually for testing and nothing in 'Location'. I leave default Authenticated Users group there - nothing works!

    In 'Location', I linked GPO to a domain OU. In 'Security Filtering' section, only Authenticated Users there - nothing works!

    This is very odd!

    I have a gpo pushing out desktop shortcuts successfully. This gpo pushing out URL shortcuts and applied to OU in 'Location'. The same steps I am doing for shortcuts to network resources and it does NOT work!

    There must be something wrong or missing!


    Thang Mo

    Thursday, December 11, 2014 5:02 PM
  • think the best things to do is post gpresult, were not getting very far with this. 

    Thanks

    Thursday, December 11, 2014 6:52 PM
  • > In 'Location', I linked GPO to a domain OU. In 'Security Filtering'
    > section, only Authenticated Users there - nothing works!
     
    And who is in this OU? Users? Computers? Or Groups only?
     

    Martin

    Mal ein GUTES Buch über GPOs lesen?

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))
    Friday, December 12, 2014 7:29 AM
  • > In 'Location', I linked GPO to a domain OU. In 'Security Filtering'
    > section, only Authenticated Users there - nothing works!
     
    And who is in this OU? Users? Computers? Or Groups only?
     

    Martin

    Mal ein GUTES Buch über GPOs lesen?

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))
    Getting Confusing right? Tally!! :)
    Friday, December 12, 2014 9:36 AM