Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Group policies
Group policies [message #155888] Sun, 07 June 2009 08:27 Go to next message
ADVILE  is currently offline ADVILE
Messages: 1
Registered: June 2009
Junior Member
Hi Gents,

Got a question with regards to Link order in Group policies.

I have an OU with 10 GPO's Linked directly. Group policies are applying
fine. One day by mistake one deletes the GPT (sysvol) from one of the 10
GPO's however the GPC still exists in AD. The deleted one has the Link order
5 in the list of linked GPO. The deleted one had the feature security
filtering enabled and had the Authenticated Users group removed. This means
that only set of specific users where either able to read and apply group
policies.

What we saw is policies with the lower link order were not applying. We were
getting Userenv 1030 and 1058 stating the GUID for the Deleted policy not
able to find.

We restore the GPT and the issue got resolved. No Userenv.

Can you guys help me in understanding two things.

One, the GPO was only enabled to be applied to Set of users. However the
issue occured for all the users in the domain

Second, Does deletion of a GPT for one of the linked GPO's will cause other
GPO's not to be applied to the Users.

Looking for some inputs.
Re: Group policies [message #155889 is a reply to message #155888] Sun, 07 June 2009 09:45 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"ADVILE" <ADVILE@discussions.microsoft.com> wrote in message
news:AAB7821F-DF06-4189-A460-2703DD6D8937@microsoft.com...
> Hi Gents,
>
> Got a question with regards to Link order in Group policies.
>
> I have an OU with 10 GPO's Linked directly. Group policies are applying
> fine. One day by mistake one deletes the GPT (sysvol) from one of the 10
> GPO's however the GPC still exists in AD. The deleted one has the Link
> order
> 5 in the list of linked GPO. The deleted one had the feature security
> filtering enabled and had the Authenticated Users group removed. This
> means
> that only set of specific users where either able to read and apply group
> policies.
>
> What we saw is policies with the lower link order were not applying. We
> were
> getting Userenv 1030 and 1058 stating the GUID for the Deleted policy not
> able to find.
>
> We restore the GPT and the issue got resolved. No Userenv.
>
> Can you guys help me in understanding two things.
>
> One, the GPO was only enabled to be applied to Set of users. However the
> issue occured for all the users in the domain
>
> Second, Does deletion of a GPT for one of the linked GPO's will cause
> other
> GPO's not to be applied to the Users.
>
> Looking for some inputs.
>
>


For question1 - How many DCs do you have? I would imagine if it were the one
DC, but remember, anything in Sysvol gets replicated to other DCs, so yes,
it would affect all who the GPO is applied/linked to in an OU.

For question 2 - The system must enumerate each one in the order you've
specified. If one fails, it stops. I used to have a link on this to an
article on Technet's site, but I can't seem to find it.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
aceman@mvps.RemoveThisPart.org

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

"Efficiency is doing things right; effectiveness is doing the right
things." - Peter F. Drucker
http://twitter.com/acefekay
Re: Group policies [message #155896 is a reply to message #155888] Sun, 07 June 2009 11:21 Go to previous message
Marcin  is currently offline Marcin  United States
Messages: 273
Registered: July 2009
Senior Member
As far as I understand, during GPO processing, a client enumerates all GPOs
that are applicable to it based on the location of its object in AD
hierarchy (OU, domain, site). Once this list is constructed, it applies each
in sequence (according to precedence). Permission check (based on the ACL on
a corresponding GPT subfolder on the SYSVOL) is part of this process.
Absence of the GPT will trigger a failure and prevent further actions within
the same GPO processing cycle...

hth
Marcin

"ADVILE" <ADVILE@discussions.microsoft.com> wrote in message
news:AAB7821F-DF06-4189-A460-2703DD6D8937@microsoft.com...
> Hi Gents,
>
> Got a question with regards to Link order in Group policies.
>
> I have an OU with 10 GPO's Linked directly. Group policies are applying
> fine. One day by mistake one deletes the GPT (sysvol) from one of the 10
> GPO's however the GPC still exists in AD. The deleted one has the Link
> order
> 5 in the list of linked GPO. The deleted one had the feature security
> filtering enabled and had the Authenticated Users group removed. This
> means
> that only set of specific users where either able to read and apply group
> policies.
>
> What we saw is policies with the lower link order were not applying. We
> were
> getting Userenv 1030 and 1058 stating the GUID for the Deleted policy not
> able to find.
>
> We restore the GPT and the issue got resolved. No Userenv.
>
> Can you guys help me in understanding two things.
>
> One, the GPO was only enabled to be applied to Set of users. However the
> issue occured for all the users in the domain
>
> Second, Does deletion of a GPT for one of the linked GPO's will cause
> other
> GPO's not to be applied to the Users.
>
> Looking for some inputs.
>
>
Previous Topic:RE: AD 2008: Logon from Workstations automatically disabled
Next Topic:Want to remove Active Directory
Goto Forum:
  


Current Time: Sun Sep 24 15:29:40 EDT 2017

Total time taken to generate the page: 0.03424 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software