Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Re: Group Policy not being applied
Re: Group Policy not being applied [message #372744] Wed, 20 January 2010 10:12 Go to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Robert Jacobs" <robertjacobsit@gmail.com> wrote in message
news:d977a4db-0fa2-4f7c-a2b1-10e143e4c053@l30g2000yqb.googlegroups.com...
> Hello experts - I know I'm not posting this in a Group Policy group,
> but there were only 6 or 7 members of those groups, so I'm guessing I
> might have better luck here (plus, it might not just be a group policy
> problem).
>
> On a Windows Server (2003 R1 Standard) I have setup automatic logon
> for a domain admin account (in a locked/secured room) that
> automatically launches a piece of software after logged in. The
> problem is, the screensaver starts after 900 seconds, and a password
> is required to get back into the machine afterwords. However, users
> who access the program launched on this computer should not be given
> the admin's password.
>
> Therefore, I added a new OU, put this domain admin's user account in
> the OU, and created a group policy to disable the screensaver requires
> password option.
>
> Nothing happened. I ran gpupdate /force. Nothing. I ran gpresult,
> and sure enough, the policy I just added did not show up. I rebooted
> the server, rebooted the domain server, same result.
>
> I then ran rsop.msc. When this box appears, red x's appear on
> Computer Configuration and User Configuration (as well as the top
> level where it says username on computername - RSoP). Clicking on any
> of the twisties/plus signs freezes the rsop.msc program. I right
> clicked User and Computer Configuration, clicked the Error Information
> tab, and it says:
> _________________________________________________
> Group Policy Infrastructure failed due to the error listed below.
> The system cannot find the path specified.
>
> Note: Due to the GP Core failure, none of the other Group Policy
> components processed their policy. Consequently, status information
> for the other components is not available.
> Additional Information:
> Windows cannot query for the list of Group Policy objects. Check the
> event log for possible messages previously logged by the policy engine
> that describes the reason for this.
>
> Windows cannot access the file gpt.ini for GPO cn=
> {1DDFFB81-0EE1-4103-8F53-
> A2C2F1ED2D21},cn=policies,cn=system,DC=domainname,DC=local. The file
> must be present at the location <\\domainname.local\sysvol
> \domainname.local\Policies\{1DDFFB81-0EE1-4103-8F53-
> A2C2F1ED2D21}\gpt.ini>. (The system cannot find the path specified. ).
> Group Policy processing aborted.
>
> What in the world am I supposed to do? Does it have anything to do
> with the auto logon feature? Where else can I look? All of your
> answers are GREATLY appreciated, and essential!
>
> Thank!



Hi Robert,

First, you could have posted this to the AD group and GPO groups, which are
more specific to the question. But not a prob that you posted it here. I
actually cross-posted my response to both groups. When you reply, make sure
you have both groups in the "To:" field.


What I would suggest is to not host such an application on a DC. When
creating a GPO for users to apply for something such as this, you may need
to use Loopback. However, I highly suggest and recommend to not do this
because it is a domain controller. A DC has a specific Default Domain
Controller Policy that affects it by default, and the loopback can possibly
cause problems with it.

As for the errors you are seeing, they may be stemming from an underlying
issue that may be something more serious. To better diagnose this, we'll
need additional information. Please post the following:

Unedited ipconfig /all from the DC
Sample workstation unedited ipconfig /all
Event log errors on the DC (EventID# and Source name).
Event log errors on the workstation (EventID# and Source name).
Indicate how many DCs and domains you have.

Thank you,

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please
contact Microsoft PSS directly. Please check http://support.microsoft.com
for regional support phone numbers.
Re: Group Policy not being applied [message #373667 is a reply to message #372744] Thu, 21 January 2010 06:31 Go to previous messageGo to next message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
I'm sorry if this comes across rude it is not intended to.

You are handing over the keys to your enterprise by providing this sort of
access. I don't believe you need to have this program run as a domain
admin. All some user has to do is run a command (At this terminal) to have
them be joined to the domain admins (DA) group and they are then full DA
right's and can go about doing what they please anywhere in the enterprise.
Putting this in a secure location means nothing. If I were your supervisor
I would remove your admin rights and contemplate terminating you. I am
serious!

Forget about the screensaver not working and due the work to get this
application running w/o the elevated rights.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message
news:eWFO6OfmKHA.3840@TK2MSFTNGP06.phx.gbl...
> "Robert Jacobs" <robertjacobsit@gmail.com> wrote in message
> news:d977a4db-0fa2-4f7c-a2b1-10e143e4c053@l30g2000yqb.googlegroups.com...
>> Hello experts - I know I'm not posting this in a Group Policy group,
>> but there were only 6 or 7 members of those groups, so I'm guessing I
>> might have better luck here (plus, it might not just be a group policy
>> problem).
>>
>> On a Windows Server (2003 R1 Standard) I have setup automatic logon
>> for a domain admin account (in a locked/secured room) that
>> automatically launches a piece of software after logged in. The
>> problem is, the screensaver starts after 900 seconds, and a password
>> is required to get back into the machine afterwords. However, users
>> who access the program launched on this computer should not be given
>> the admin's password.
>>
>> Therefore, I added a new OU, put this domain admin's user account in
>> the OU, and created a group policy to disable the screensaver requires
>> password option.
>>
>> Nothing happened. I ran gpupdate /force. Nothing. I ran gpresult,
>> and sure enough, the policy I just added did not show up. I rebooted
>> the server, rebooted the domain server, same result.
>>
>> I then ran rsop.msc. When this box appears, red x's appear on
>> Computer Configuration and User Configuration (as well as the top
>> level where it says username on computername - RSoP). Clicking on any
>> of the twisties/plus signs freezes the rsop.msc program. I right
>> clicked User and Computer Configuration, clicked the Error Information
>> tab, and it says:
>> _________________________________________________
>> Group Policy Infrastructure failed due to the error listed below.
>> The system cannot find the path specified.
>>
>> Note: Due to the GP Core failure, none of the other Group Policy
>> components processed their policy. Consequently, status information
>> for the other components is not available.
>> Additional Information:
>> Windows cannot query for the list of Group Policy objects. Check the
>> event log for possible messages previously logged by the policy engine
>> that describes the reason for this.
>>
>> Windows cannot access the file gpt.ini for GPO cn=
>> {1DDFFB81-0EE1-4103-8F53-
>> A2C2F1ED2D21},cn=policies,cn=system,DC=domainname,DC=local. The file
>> must be present at the location <\\domainname.local\sysvol
>> \domainname.local\Policies\{1DDFFB81-0EE1-4103-8F53-
>> A2C2F1ED2D21}\gpt.ini>. (The system cannot find the path specified. ).
>> Group Policy processing aborted.
>>
>> What in the world am I supposed to do? Does it have anything to do
>> with the auto logon feature? Where else can I look? All of your
>> answers are GREATLY appreciated, and essential!
>>
>> Thank!
>
>
>
> Hi Robert,
>
> First, you could have posted this to the AD group and GPO groups, which
> are more specific to the question. But not a prob that you posted it here.
> I actually cross-posted my response to both groups. When you reply, make
> sure you have both groups in the "To:" field.
>
>
> What I would suggest is to not host such an application on a DC. When
> creating a GPO for users to apply for something such as this, you may need
> to use Loopback. However, I highly suggest and recommend to not do this
> because it is a domain controller. A DC has a specific Default Domain
> Controller Policy that affects it by default, and the loopback can
> possibly cause problems with it.
>
> As for the errors you are seeing, they may be stemming from an underlying
> issue that may be something more serious. To better diagnose this, we'll
> need additional information. Please post the following:
>
> Unedited ipconfig /all from the DC
> Sample workstation unedited ipconfig /all
> Event log errors on the DC (EventID# and Source name).
> Event log errors on the workstation (EventID# and Source name).
> Indicate how many DCs and domains you have.
>
> Thank you,
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup or forum for collaboration benefit
> among responding engineers, and to help others benefit from your
> resolution.
>
> Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
> MCSA 2003/2000, MCSA Messaging 2003
> Microsoft Certified Trainer
> Microsoft MVP - Directory Services
>
> If you feel this is an urgent issue and require immediate assistance,
> please contact Microsoft PSS directly. Please check
> http://support.microsoft.com for regional support phone numbers.
>
>
Re: Group Policy not being applied [message #373728 is a reply to message #373667] Thu, 21 January 2010 07:51 Go to previous messageGo to next message
Robert Jacobs  is currently offline Robert Jacobs  United States
Messages: 7
Registered: January 2010
Junior Member
On Jan 21, 7:31 am, "Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com>
wrote:
> I'm sorry if this comes across rude it is not intended to.
>
> You are handing over the keys to your enterprise by providing this sort of
> access.  I don't believe you need to have this program run as a domain
> admin.  All some user has to do is run a command (At this terminal) to have
> them be joined to the domain admins (DA) group and they are then full DA
> right's and can go about doing what they please anywhere in the enterprise.
> Putting this in a secure location means nothing.  If I were your supervisor
> I would remove your admin rights and contemplate terminating you.  I am
> serious!
>
> Forget about the screensaver not working and due the work to get this
> application running w/o the elevated rights.
>
> --
> Paul Bergson
> MVP - Directory Services
> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
> 2008, 2003, 2000 (Early Achiever), NT4
> Microsoft's Thrive IT Pro of the Month - June 2009
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup This
> posting is provided "AS IS" with no warranties, and confers no rights.
>
> "Ace Fekay [MVP-DS, MCT]" <ace...@mvps.RemoveThisPart.org> wrote in messagenews:eWFO6OfmKHA.3840@TK2MSFTNGP06.phx.gbl...
>
>
>
> > "Robert Jacobs" <robertjacob...@gmail.com> wrote in message
> >news:d977a4db-0fa2-4f7c-a2b1-10e143e4c053@l30g2000yqb.googlegroups.com....
> >> Hello experts - I know I'm not posting this in a Group Policy group,
> >> but there were only 6 or 7 members of those groups, so I'm guessing I
> >> might have better luck here (plus, it might not just be a group policy
> >> problem).
>
> >> On a Windows Server (2003 R1 Standard) I have setup automatic logon
> >> for a domain admin account (in a locked/secured room) that
> >> automatically launches a piece of software after logged in.  The
> >> problem is, the screensaver starts after 900 seconds, and a password
> >> is required to get back into the machine afterwords.  However, users
> >> who access the program launched on this computer should not be given
> >> the admin's password.
>
> >> Therefore, I added a new OU, put this domain admin's user account in
> >> the OU, and created a group policy to disable the screensaver requires
> >> password option.
>
> >> Nothing happened.  I ran gpupdate /force.  Nothing.  I ran gpresult,
> >> and sure enough, the policy I just added did not show up.  I rebooted
> >> the server, rebooted the domain server, same result.
>
> >> I then ran rsop.msc.  When this box appears, red x's appear on
> >> Computer Configuration and User Configuration (as well as the top
> >> level where it says username on computername - RSoP).  Clicking on any
> >> of the twisties/plus signs freezes the rsop.msc program.  I right
> >> clicked User and Computer Configuration, clicked the Error Information
> >> tab, and it says:
> >> _________________________________________________
> >> Group Policy Infrastructure failed due to the error listed below.
> >> The system cannot find the path specified.
>
> >> Note:  Due to the GP Core failure, none of the other Group Policy
> >> components processed their policy.  Consequently, status information
> >> for the other components is not available.
> >> Additional Information:
> >> Windows cannot query for the list of Group Policy objects. Check the
> >> event log for possible messages previously logged by the policy engine
> >> that describes the reason for this.
>
> >> Windows cannot access the file gpt.ini for GPO cn=
> >> {1DDFFB81-0EE1-4103-8F53-
> >> A2C2F1ED2D21},cn=policies,cn=system,DC=domainname,DC=local. The file
> >> must be present at the location <\\domainname.local\sysvol
> >> \domainname.local\Policies\{1DDFFB81-0EE1-4103-8F53-
> >> A2C2F1ED2D21}\gpt.ini>. (The system cannot find the path specified. ).
> >> Group Policy processing aborted.
>
> >> What in the world am I supposed to do?  Does it have anything to do
> >> with the auto logon feature?  Where else can I look?  All of your
> >> answers are GREATLY appreciated, and essential!
>
> >> Thank!
>
> > Hi Robert,
>
> > First, you could have posted this to the AD group and GPO groups, which
> > are more specific to the question. But not a prob that you posted it here.
> > I actually cross-posted my response to both groups. When you reply, make
> > sure you have both groups in the "To:" field.
>
> > What I would suggest is to not host such an application on a DC. When
> > creating a GPO for users to apply for something such as this, you may need
> > to use Loopback. However, I highly suggest and recommend to not do this
> > because it is a domain controller. A DC has a specific Default Domain
> > Controller Policy that affects it by default, and the loopback can
> > possibly cause problems with it.
>
> > As for the errors you are seeing, they may be stemming from an underlying
> > issue that may be something more serious. To better diagnose this, we'll
> > need additional information. Please post the following:
>
> > Unedited ipconfig /all from the DC
> > Sample workstation unedited ipconfig /all
> > Event log errors on the DC (EventID# and Source name).
> > Event log errors on the workstation (EventID# and Source name).
> > Indicate how many DCs and domains you have.
>
> > Thank you,
>
> > --
> > Ace
>
> > This posting is provided "AS-IS" with no warranties or guarantees and
> > confers no rights.
>
> > Please reply back to the newsgroup or forum for collaboration benefit
> > among responding engineers, and to help others benefit from your
> > resolution.
>
> > Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
> > MCSA 2003/2000, MCSA Messaging 2003
> > Microsoft Certified Trainer
> > Microsoft MVP - Directory Services
>
> > If you feel this is an urgent issue and require immediate assistance,
> > please contact Microsoft PSS directly. Please check
> >http://support.microsoft.comfor regional support phone numbers.- Hide quoted text -
>
> - Show quoted text -

The server is not a DC, it's simply a standard windows server with SQL
running as well as a test program - And thanks Paul for your advice on
my being fired. I would love to tell you that this is being performed
on a utility server domain (only utility servers and utility 'domain
admin' accounts are used (testing domain)), and that none of our
enterprise data is at any risk from any user at any time - and I'd
love to tell you what I'm trying to accomplish is for testing purposes
only - and would be applied on our actual domain in the future with
accounts that only have permissions to specific directories required
for that specific application to run - I'm just trying to get any bugs
worked out on our TESTING domain before attempting to go live with
COMPLETELY DIFFERENT accounts, but accounts that need to auto logon,
none-the-less. And, finally, I would like to thank you for all of
your help in resolving the issues I'm running into - you're a huge
help. Thank goodness you put all of your fancy certifications (Mr.
Early Achiever) to good use, by not asking any follow up questions, or
asking the nature of this project before telling me you are serious
about my lack of intelligence, my threat to my company, and the fact
that I should (seriously) be fired. Again - great help, MVP.
Re: Group Policy not being applied [message #373738 is a reply to message #373728] Thu, 21 January 2010 08:06 Go to previous messageGo to next message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
You are risking your company and its assets, I don't feel you are doing this
properly and it needs to be resolved. The answer I might provide might not
be popular but it is the correct one.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Robert Jacobs" <robertjacobsit@gmail.com> wrote in message
news:e48cb556-2e2e-43f2-a075-b50912e5b455@b2g2000yqi.googlegroups.com...
On Jan 21, 7:31 am, "Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com>
wrote:
> I'm sorry if this comes across rude it is not intended to.
>
> You are handing over the keys to your enterprise by providing this sort of
> access. I don't believe you need to have this program run as a domain
> admin. All some user has to do is run a command (At this terminal) to have
> them be joined to the domain admins (DA) group and they are then full DA
> right's and can go about doing what they please anywhere in the
> enterprise.
> Putting this in a secure location means nothing. If I were your supervisor
> I would remove your admin rights and contemplate terminating you. I am
> serious!
>
> Forget about the screensaver not working and due the work to get this
> application running w/o the elevated rights.
>
> --
> Paul Bergson
> MVP - Directory Services
> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
> 2008, 2003, 2000 (Early Achiever), NT4
> Microsoft's Thrive IT Pro of the Month - June 2009
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup This
> posting is provided "AS IS" with no warranties, and confers no rights.
>
> "Ace Fekay [MVP-DS, MCT]" <ace...@mvps.RemoveThisPart.org> wrote in
> messagenews:eWFO6OfmKHA.3840@TK2MSFTNGP06.phx.gbl...
>
>
>
> > "Robert Jacobs" <robertjacob...@gmail.com> wrote in message
> >news:d977a4db-0fa2-4f7c-a2b1-10e143e4c053@l30g2000yqb.googlegroups.com...
> >> Hello experts - I know I'm not posting this in a Group Policy group,
> >> but there were only 6 or 7 members of those groups, so I'm guessing I
> >> might have better luck here (plus, it might not just be a group policy
> >> problem).
>
> >> On a Windows Server (2003 R1 Standard) I have setup automatic logon
> >> for a domain admin account (in a locked/secured room) that
> >> automatically launches a piece of software after logged in. The
> >> problem is, the screensaver starts after 900 seconds, and a password
> >> is required to get back into the machine afterwords. However, users
> >> who access the program launched on this computer should not be given
> >> the admin's password.
>
> >> Therefore, I added a new OU, put this domain admin's user account in
> >> the OU, and created a group policy to disable the screensaver requires
> >> password option.
>
> >> Nothing happened. I ran gpupdate /force. Nothing. I ran gpresult,
> >> and sure enough, the policy I just added did not show up. I rebooted
> >> the server, rebooted the domain server, same result.
>
> >> I then ran rsop.msc. When this box appears, red x's appear on
> >> Computer Configuration and User Configuration (as well as the top
> >> level where it says username on computername - RSoP). Clicking on any
> >> of the twisties/plus signs freezes the rsop.msc program. I right
> >> clicked User and Computer Configuration, clicked the Error Information
> >> tab, and it says:
> >> _________________________________________________
> >> Group Policy Infrastructure failed due to the error listed below.
> >> The system cannot find the path specified.
>
> >> Note: Due to the GP Core failure, none of the other Group Policy
> >> components processed their policy. Consequently, status information
> >> for the other components is not available.
> >> Additional Information:
> >> Windows cannot query for the list of Group Policy objects. Check the
> >> event log for possible messages previously logged by the policy engine
> >> that describes the reason for this.
>
> >> Windows cannot access the file gpt.ini for GPO cn=
> >> {1DDFFB81-0EE1-4103-8F53-
> >> A2C2F1ED2D21},cn=policies,cn=system,DC=domainname,DC=local. The file
> >> must be present at the location <\\domainname.local\sysvol
> >> \domainname.local\Policies\{1DDFFB81-0EE1-4103-8F53-
> >> A2C2F1ED2D21}\gpt.ini>. (The system cannot find the path specified. ).
> >> Group Policy processing aborted.
>
> >> What in the world am I supposed to do? Does it have anything to do
> >> with the auto logon feature? Where else can I look? All of your
> >> answers are GREATLY appreciated, and essential!
>
> >> Thank!
>
> > Hi Robert,
>
> > First, you could have posted this to the AD group and GPO groups, which
> > are more specific to the question. But not a prob that you posted it
> > here.
> > I actually cross-posted my response to both groups. When you reply, make
> > sure you have both groups in the "To:" field.
>
> > What I would suggest is to not host such an application on a DC. When
> > creating a GPO for users to apply for something such as this, you may
> > need
> > to use Loopback. However, I highly suggest and recommend to not do this
> > because it is a domain controller. A DC has a specific Default Domain
> > Controller Policy that affects it by default, and the loopback can
> > possibly cause problems with it.
>
> > As for the errors you are seeing, they may be stemming from an
> > underlying
> > issue that may be something more serious. To better diagnose this, we'll
> > need additional information. Please post the following:
>
> > Unedited ipconfig /all from the DC
> > Sample workstation unedited ipconfig /all
> > Event log errors on the DC (EventID# and Source name).
> > Event log errors on the workstation (EventID# and Source name).
> > Indicate how many DCs and domains you have.
>
> > Thank you,
>
> > --
> > Ace
>
> > This posting is provided "AS-IS" with no warranties or guarantees and
> > confers no rights.
>
> > Please reply back to the newsgroup or forum for collaboration benefit
> > among responding engineers, and to help others benefit from your
> > resolution.
>
> > Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
> > MCSA 2003/2000, MCSA Messaging 2003
> > Microsoft Certified Trainer
> > Microsoft MVP - Directory Services
>
> > If you feel this is an urgent issue and require immediate assistance,
> > please contact Microsoft PSS directly. Please check
> >http://support.microsoft.comfor regional support phone numbers.- Hide
> >quoted text -
>
> - Show quoted text -

The server is not a DC, it's simply a standard windows server with SQL
running as well as a test program - And thanks Paul for your advice on
my being fired. I would love to tell you that this is being performed
on a utility server domain (only utility servers and utility 'domain
admin' accounts are used (testing domain)), and that none of our
enterprise data is at any risk from any user at any time - and I'd
love to tell you what I'm trying to accomplish is for testing purposes
only - and would be applied on our actual domain in the future with
accounts that only have permissions to specific directories required
for that specific application to run - I'm just trying to get any bugs
worked out on our TESTING domain before attempting to go live with
COMPLETELY DIFFERENT accounts, but accounts that need to auto logon,
none-the-less. And, finally, I would like to thank you for all of
your help in resolving the issues I'm running into - you're a huge
help. Thank goodness you put all of your fancy certifications (Mr.
Early Achiever) to good use, by not asking any follow up questions, or
asking the nature of this project before telling me you are serious
about my lack of intelligence, my threat to my company, and the fact
that I should (seriously) be fired. Again - great help, MVP.
Re: Group Policy not being applied [message #373924 is a reply to message #373728] Thu, 21 January 2010 11:31 Go to previous messageGo to next message
Phillip Windell  is currently offline Phillip Windell  United States
Messages: 526
Registered: July 2009
Senior Member
"Robert Jacobs" <robertjacobsit@gmail.com> wrote in message
news:e48cb556-2e2e-43f2-a075-b50912e5b455@b2g2000yqi.googlegroups.com...

> help. Thank goodness you put all of your fancy certifications (Mr.
> Early Achiever) to good use, by not asking any follow up questions, or
> asking the nature of this project before telling me ....

We make just as many people mad by asking those "follow up questions"
because people have no patients and want an instant answer without giving
everyone the details they need to make such an answer possible.

So from our position it is a "no win situation". Someone is going to get
ticked off no matter how we approach it.


--
Phillip Windell [not an MVP, MCSE or anything else,...the CCNA is expired]

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Re: Group Policy not being applied [message #374125 is a reply to message #373924] Thu, 21 January 2010 15:27 Go to previous messageGo to next message
Robert Jacobs  is currently offline Robert Jacobs  United States
Messages: 7
Registered: January 2010
Junior Member
On Jan 21, 12:31 pm, "Phillip Windell" <philwind...@hotmail.com>
wrote:
> "Robert Jacobs" <robertjacob...@gmail.com> wrote in message
>
> news:e48cb556-2e2e-43f2-a075-b50912e5b455@b2g2000yqi.googlegroups.com...
>
> > help.  Thank goodness you put all of your fancy certifications (Mr.
> > Early Achiever) to good use, by not asking any follow up questions, or
> > asking the nature of this project before telling me ....
>
> We make just as many people mad by asking those "follow up questions"
> because people have no patients and want an instant answer without giving
> everyone the details they need to make such an answer possible.
>
> So from our position it is a "no win situation".  Someone is going to get
> ticked off no matter how we approach it.
>
> --
> Phillip Windell [not an MVP, MCSE or anything else,...the CCNA is expired]
>
> The views expressed, are my own and not those of my employer, or Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------

However Paul decided to not ask any questions, as well as not answer
any questions - only to tell me I'm doing everything wrong. On top of
that, AFTER I informed him that the problem I'm running into is on a
test domain, and will (when implemented into our enterprise domain)
have completely different user accounts with practically no
permissions to company data or other company computers, he still
decided to tell me I'm risking my company's assets - and I still have
yet to hear one piece of advice on how to resolve my group policy
issue.

It has nothing to do with a popular or correct answer. The simple
fact is that the specialized software that is running on this computer
REQUIRES a user to be logged in at all times, REQUIRES access to only
specific folders (which WILL BE USED, NOT A DOMAIN ADMIN LIKE IN THE
TEEESSSSTTT DOMAIN), and requires other users to use the software
directly from the machine without needing the username/password of the
specialized NON ADMIN account (therefore screen shouldn't lock).
However, the Group Policy changes are not being implemented on the
computer... I'm trying to resolve this on my TEST DOMAIN before
implementing it with different accounts and permissions on my
enterprise domain - but all I hear is I should be fired. Thanks again.
Re: Group Policy not being applied [message #374344 is a reply to message #374125] Thu, 21 January 2010 21:01 Go to previous messageGo to next message
Cary Shultz  is currently offline Cary Shultz  United States
Messages: 127
Registered: August 2009
Senior Member
Robert,

If I might chime in here....

I am a former MVP (a few years ago when I had a lot more time to partake in
the news groups). I spent a lot of time in here and helped a lot of people
and learned a lot from everyone...MVPs and non-MVPs alike. There are lots
of ways to skin a cat, as it were.

Anyway, right off the bat I would like to make very clear that the MVPs are
doing this in their free time. There is no compensation at all from
Microsoft (other than access to some really cool things and trips to the
Redmond campus....never made it there because my wife was pregnant both
years). These MS forums are public and are right up at the top of the list
as far as I am concerned. I used to spend a lot of time in the AD and GPO
and Exchange Admin news groups. Top notch places. There should be no
expectation (and I use that word very specifically) of immediate help or of
useful help. Do not assume that what you receive in the way of advise is
accurate for your specific environment | issue. If you have a really
serious issue then please contact MS - PSS. If you do that then having
those expectations (not saying that YOU have those expectations....just
saying) is completely within reason.

Paul is one of the good guys. He helps a lot of people, does a lot of great
work - in and out of the new groups - and is always willing to share his
knowledge and ideas and insight. If Paul states that you could get fired
for doing what you are doing then I might respectfully suggest that you take
a step back and evaluate what it is that Paul is saying and look at why he
is saying it.

For you to attack Paul the way you did is really uncalled for and not cool
at all. Paul would not ever say this - so I will: you really need to
rethink your personal attack on him and make that right. But, that is
between you and Paul.

It is not easy knowing what is happening in an environment. It is not easy
knowing what the thought process is of the person making a post. I can tell
you that there is a lot of crappola out there. I see it every day. The
clients that we take over from other IT Consultants and in-house IT staff
are seriously messed up. There is - I can assure you - a lot of that out
there. I just shake my head (actually, most of the time) when we take over
a new client. Absolutely incredible what people do. There are also
different levels of 'competency'. So, what I am saying is that no one in
this forum knows your skill set level and how you do things (I know - and I
speak for myself - that I do things a very specific way...which is very very
very different from all of my colleagues...if I have done something at one
of our clients EVERYONE at my company knows who did it!). It is prudent to
ask questions (which - as Phillip stated - often pi$$es off people).
Remember, it is sometimes rather difficult to help with an issue where we
have never seen the environment, can not touch the environment and can
simply go on "what I know".

Ace also initiated contact with you and suggested that you reconsider what
you are doing. Ace is also one of the good guys. Now, from what I can
see - there was no mention of a test domain (which, btw, is *EXACTLY* the
correct way to do things....so, megekudos there). I do not want to speak
for either Paul or Ace, but I can only ass/u/me that the thought process was
that this was in a production environment. It is my opinion that anyone who
intentionally learns / tests / plays in a production environment ought to be
fired. Granted, no one knows everything so that is sometimes necessary
(well.......).

Anyway, if you would like or need help I will gladly assist you.

Cary

"Robert Jacobs" <robertjacobsit@gmail.com> wrote in message
news:e7d34b91-3b6e-40ee-939c-1c2bd18a5da1@e16g2000yqc.googlegroups.com...
On Jan 21, 12:31 pm, "Phillip Windell" <philwind...@hotmail.com>
wrote:
> "Robert Jacobs" <robertjacob...@gmail.com> wrote in message
>
> news:e48cb556-2e2e-43f2-a075-b50912e5b455@b2g2000yqi.googlegroups.com...
>
> > help. Thank goodness you put all of your fancy certifications (Mr.
> > Early Achiever) to good use, by not asking any follow up questions, or
> > asking the nature of this project before telling me ....
>
> We make just as many people mad by asking those "follow up questions"
> because people have no patients and want an instant answer without giving
> everyone the details they need to make such an answer possible.
>
> So from our position it is a "no win situation". Someone is going to get
> ticked off no matter how we approach it.
>
> --
> Phillip Windell [not an MVP, MCSE or anything else,...the CCNA is expired]
>
> The views expressed, are my own and not those of my employer, or
> Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------

However Paul decided to not ask any questions, as well as not answer
any questions - only to tell me I'm doing everything wrong. On top of
that, AFTER I informed him that the problem I'm running into is on a
test domain, and will (when implemented into our enterprise domain)
have completely different user accounts with practically no
permissions to company data or other company computers, he still
decided to tell me I'm risking my company's assets - and I still have
yet to hear one piece of advice on how to resolve my group policy
issue.

It has nothing to do with a popular or correct answer. The simple
fact is that the specialized software that is running on this computer
REQUIRES a user to be logged in at all times, REQUIRES access to only
specific folders (which WILL BE USED, NOT A DOMAIN ADMIN LIKE IN THE
TEEESSSSTTT DOMAIN), and requires other users to use the software
directly from the machine without needing the username/password of the
specialized NON ADMIN account (therefore screen shouldn't lock).
However, the Group Policy changes are not being implemented on the
computer... I'm trying to resolve this on my TEST DOMAIN before
implementing it with different accounts and permissions on my
enterprise domain - but all I hear is I should be fired. Thanks again.
Re: Group Policy not being applied [message #374405 is a reply to message #374344] Thu, 21 January 2010 23:08 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Cary Shultz" <cshultz@outsourceit.com> wrote in message
news:enVWUexmKHA.5520@TK2MSFTNGP06.phx.gbl...
> Robert,
>
> If I might chime in here....
>
> I am a former MVP (a few years ago when I had a lot more time to partake
> in the news groups). I spent a lot of time in here and helped a lot of
> people and learned a lot from everyone...MVPs and non-MVPs alike. There
> are lots of ways to skin a cat, as it were.
>
> Anyway, right off the bat I would like to make very clear that the MVPs
> are doing this in their free time. There is no compensation at all from
> Microsoft (other than access to some really cool things and trips to the
> Redmond campus....never made it there because my wife was pregnant both
> years). These MS forums are public and are right up at the top of the
> list as far as I am concerned. I used to spend a lot of time in the AD
> and GPO and Exchange Admin news groups. Top notch places. There should
> be no expectation (and I use that word very specifically) of immediate
> help or of useful help. Do not assume that what you receive in the way of
> advise is accurate for your specific environment | issue. If you have a
> really serious issue then please contact MS - PSS. If you do that then
> having those expectations (not saying that YOU have those
> expectations....just saying) is completely within reason.
>
> Paul is one of the good guys. He helps a lot of people, does a lot of
> great work - in and out of the new groups - and is always willing to share
> his knowledge and ideas and insight. If Paul states that you could get
> fired for doing what you are doing then I might respectfully suggest that
> you take a step back and evaluate what it is that Paul is saying and look
> at why he is saying it.
>
> For you to attack Paul the way you did is really uncalled for and not cool
> at all. Paul would not ever say this - so I will: you really need to
> rethink your personal attack on him and make that right. But, that is
> between you and Paul.
>
> It is not easy knowing what is happening in an environment. It is not
> easy knowing what the thought process is of the person making a post. I
> can tell you that there is a lot of crappola out there. I see it every
> day. The clients that we take over from other IT Consultants and in-house
> IT staff are seriously messed up. There is - I can assure you - a lot of
> that out there. I just shake my head (actually, most of the time) when we
> take over a new client. Absolutely incredible what people do. There are
> also different levels of 'competency'. So, what I am saying is that no
> one in this forum knows your skill set level and how you do things (I
> know - and I speak for myself - that I do things a very specific
> way...which is very very very different from all of my colleagues...if I
> have done something at one of our clients EVERYONE at my company knows who
> did it!). It is prudent to ask questions (which - as Phillip stated -
> often pi$$es off people). Remember, it is sometimes rather difficult to
> help with an issue where we have never seen the environment, can not touch
> the environment and can simply go on "what I know".
>
> Ace also initiated contact with you and suggested that you reconsider what
> you are doing. Ace is also one of the good guys. Now, from what I can
> see - there was no mention of a test domain (which, btw, is *EXACTLY* the
> correct way to do things....so, megekudos there). I do not want to speak
> for either Paul or Ace, but I can only ass/u/me that the thought process
> was that this was in a production environment. It is my opinion that
> anyone who intentionally learns / tests / plays in a production
> environment ought to be fired. Granted, no one knows everything so that
> is sometimes necessary (well.......).
>
> Anyway, if you would like or need help I will gladly assist you.
>
> Cary
>
> "Robert Jacobs" <robertjacobsit@gmail.com> wrote in message
> news:e7d34b91-3b6e-40ee-939c-1c2bd18a5da1@e16g2000yqc.googlegroups.com...
> On Jan 21, 12:31 pm, "Phillip Windell" <philwind...@hotmail.com>
> wrote:
>> "Robert Jacobs" <robertjacob...@gmail.com> wrote in message
>>
>> news:e48cb556-2e2e-43f2-a075-b50912e5b455@b2g2000yqi.googlegroups.com...
>>
>> > help. Thank goodness you put all of your fancy certifications (Mr.
>> > Early Achiever) to good use, by not asking any follow up questions, or
>> > asking the nature of this project before telling me ....
>>
>> We make just as many people mad by asking those "follow up questions"
>> because people have no patients and want an instant answer without giving
>> everyone the details they need to make such an answer possible.
>>
>> So from our position it is a "no win situation". Someone is going to get
>> ticked off no matter how we approach it.
>>
>> --
>> Phillip Windell [not an MVP, MCSE or anything else,...the CCNA is
>> expired]
>>
>> The views expressed, are my own and not those of my employer, or
>> Microsoft,
>> or anyone else associated with me, including my cats.
>> -----------------------------------------------------
>
> However Paul decided to not ask any questions, as well as not answer
> any questions - only to tell me I'm doing everything wrong. On top of
> that, AFTER I informed him that the problem I'm running into is on a
> test domain, and will (when implemented into our enterprise domain)
> have completely different user accounts with practically no
> permissions to company data or other company computers, he still
> decided to tell me I'm risking my company's assets - and I still have
> yet to hear one piece of advice on how to resolve my group policy
> issue.
>
> It has nothing to do with a popular or correct answer. The simple
> fact is that the specialized software that is running on this computer
> REQUIRES a user to be logged in at all times, REQUIRES access to only
> specific folders (which WILL BE USED, NOT A DOMAIN ADMIN LIKE IN THE
> TEEESSSSTTT DOMAIN), and requires other users to use the software
> directly from the machine without needing the username/password of the
> specialized NON ADMIN account (therefore screen shouldn't lock).
> However, the Group Policy changes are not being implemented on the
> computer... I'm trying to resolve this on my TEST DOMAIN before
> implementing it with different accounts and permissions on my
> enterprise domain - but all I hear is I should be fired. Thanks again.


Cary,

Very well put.

From Robert's original post, he stated symptoms without configuration
information and *hinted* that it's on a DC, hence all of our reactions. I
did request configuration information, however that seemed to be overlooked
among the barrage of personal attacks against Paul and I ass/u/me Phillip
and I.

As you stated, we do try to help, and we never know what skill level a
poster owns, and sometimes we do lend personal comments regarding a
scenario. When there isn't enough provided in an intial post, we always ask
for additional information in order to diagnose the issue, which I had
asked, otherwise it leads to assumptions. I must admit I also fell under
that category in my response, but that stemmed from the original post's
context believing this was a DC and using a domain admin account to allow
users to logon with. It was never stated this was a test environment and the
eventual production rollout would be on a non-DC using plain-Jane user
accounts.

My bet is because it's a domain admin account, it may be due to the
AdminSDHolder, but we will never know, and I will no longer ass/u/me
anything at this point in this thread.

And quite unfortunate it got this far. <sigh>

Ace
Re: Group Policy not being applied [message #374479 is a reply to message #374405] Fri, 22 January 2010 03:40 Go to previous messageGo to next message
Cary Shultz  is currently offline Cary Shultz  United States
Messages: 127
Registered: August 2009
Senior Member
Good morning, Ace!

Looks like there is no rest for the wicked!

Agree with everything that you put. I read all of the posts (starting with
your reply...did not see the original post from Robert...may be that it is
from some other forum....). It is unfortunate that it came this far. But
sometimes people get really frustrated and then watch out. I am fairly calm
until I reach that point. Then you do not want to know me anymore! ;-)

I hope that Robert makes things right and that Robert comes back so that we
can actually help him. I am sure that we can...

And, no worry about assumption | personal comment. I am a huge advocate of
not assuming anything, yet do it myself all the time. And, for the record,
I will take your 'assumption' and 'personal comment' over most people's fact
every day of the week (and twice on Sunday). And Paul's as well. It is
what makes you two so very good. You have both seen a ton of stuff and have
done a ton of stuff so you can pretty much hear a couple of things and you
already have a pretty good idea of what is going on. Now, that is not
always going to be the case....this post is probably one of those times. I
will tell you, when I read your initial reply (and Robert's original post) I
had pretty much the same picture that you and - seemingly - Paul had. So,
if you had that picture painted in your head and Paul had that picture
painted in his head and I had that picture painted in my head........99
times out of 100 guess what? That picture is probably what is going on.
Well, looks like maybe this is that 1 time out of 100. But only after more
information from the poster.

Look, we are all human. Well, I am pretty close to perfect.....HA! HA! I
hope that Robert understands that it is difficult to diagnose issues when
maybe the picture was not painted so perfectly and we all (seemingly) made a
couple of assumptions based on years and years of experience. Robert did
not necessarily need to react the way that he did. A simple "Hold on, guys.
You are seeing this all wrong. Maybe I did not paint such a good picture.
Okay, here are the details: Windows 2003 production environment, four
domain controllers, two physical locations, two AD Sites, 110 Windows
XP/Vista Clients and one Windows 2003 test environment......" would have
sufficed. He could have posted the ipconfig /all results that you *always*
ask to see and we could have gone from there. I am more than willing to
give Robert the benefit of the doubt. I get very frustrated at times (this
past weekend spent essentially 16 straight hours on a really bad AD issue at
a new client - Saturday afternoon from 3PM to Sunday morning at 6:30AM,
slept for three hours and then worked another three+ hours....was not a
happy camper and would probably not have been too friendly).

No, in my view, the point is what Robert does. How does Robert handle this?
Does he come back and say, "FU" or does he make things right with everyone
and start over. The ball is in his court.

We all know that you and Paul are going to be here all the time. It is
everyone else who comes and goes. Myself included!

Cary


"Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message
news:%23QzvklymKHA.3840@TK2MSFTNGP06.phx.gbl...
> "Cary Shultz" <cshultz@outsourceit.com> wrote in message
> news:enVWUexmKHA.5520@TK2MSFTNGP06.phx.gbl...
>> Robert,
>>
>> If I might chime in here....
>>
>> I am a former MVP (a few years ago when I had a lot more time to partake
>> in the news groups). I spent a lot of time in here and helped a lot of
>> people and learned a lot from everyone...MVPs and non-MVPs alike. There
>> are lots of ways to skin a cat, as it were.
>>
>> Anyway, right off the bat I would like to make very clear that the MVPs
>> are doing this in their free time. There is no compensation at all from
>> Microsoft (other than access to some really cool things and trips to the
>> Redmond campus....never made it there because my wife was pregnant both
>> years). These MS forums are public and are right up at the top of the
>> list as far as I am concerned. I used to spend a lot of time in the AD
>> and GPO and Exchange Admin news groups. Top notch places. There should
>> be no expectation (and I use that word very specifically) of immediate
>> help or of useful help. Do not assume that what you receive in the way
>> of advise is accurate for your specific environment | issue. If you have
>> a really serious issue then please contact MS - PSS. If you do that then
>> having those expectations (not saying that YOU have those
>> expectations....just saying) is completely within reason.
>>
>> Paul is one of the good guys. He helps a lot of people, does a lot of
>> great work - in and out of the new groups - and is always willing to
>> share his knowledge and ideas and insight. If Paul states that you could
>> get fired for doing what you are doing then I might respectfully suggest
>> that you take a step back and evaluate what it is that Paul is saying and
>> look at why he is saying it.
>>
>> For you to attack Paul the way you did is really uncalled for and not
>> cool at all. Paul would not ever say this - so I will: you really need
>> to rethink your personal attack on him and make that right. But, that is
>> between you and Paul.
>>
>> It is not easy knowing what is happening in an environment. It is not
>> easy knowing what the thought process is of the person making a post. I
>> can tell you that there is a lot of crappola out there. I see it every
>> day. The clients that we take over from other IT Consultants and
>> in-house IT staff are seriously messed up. There is - I can assure you -
>> a lot of that out there. I just shake my head (actually, most of the
>> time) when we take over a new client. Absolutely incredible what people
>> do. There are also different levels of 'competency'. So, what I am
>> saying is that no one in this forum knows your skill set level and how
>> you do things (I know - and I speak for myself - that I do things a very
>> specific way...which is very very very different from all of my
>> colleagues...if I have done something at one of our clients EVERYONE at
>> my company knows who did it!). It is prudent to ask questions (which -
>> as Phillip stated - often pi$$es off people). Remember, it is sometimes
>> rather difficult to help with an issue where we have never seen the
>> environment, can not touch the environment and can simply go on "what I
>> know".
>>
>> Ace also initiated contact with you and suggested that you reconsider
>> what you are doing. Ace is also one of the good guys. Now, from what I
>> can see - there was no mention of a test domain (which, btw, is *EXACTLY*
>> the correct way to do things....so, megekudos there). I do not want to
>> speak for either Paul or Ace, but I can only ass/u/me that the thought
>> process was that this was in a production environment. It is my opinion
>> that anyone who intentionally learns / tests / plays in a production
>> environment ought to be fired. Granted, no one knows everything so that
>> is sometimes necessary (well.......).
>>
>> Anyway, if you would like or need help I will gladly assist you.
>>
>> Cary
>>
>> "Robert Jacobs" <robertjacobsit@gmail.com> wrote in message
>> news:e7d34b91-3b6e-40ee-939c-1c2bd18a5da1@e16g2000yqc.googlegroups.com...
>> On Jan 21, 12:31 pm, "Phillip Windell" <philwind...@hotmail.com>
>> wrote:
>>> "Robert Jacobs" <robertjacob...@gmail.com> wrote in message
>>>
>>> news:e48cb556-2e2e-43f2-a075-b50912e5b455@b2g2000yqi.googlegroups.com...
>>>
>>> > help. Thank goodness you put all of your fancy certifications (Mr.
>>> > Early Achiever) to good use, by not asking any follow up questions, or
>>> > asking the nature of this project before telling me ....
>>>
>>> We make just as many people mad by asking those "follow up questions"
>>> because people have no patients and want an instant answer without
>>> giving
>>> everyone the details they need to make such an answer possible.
>>>
>>> So from our position it is a "no win situation". Someone is going to get
>>> ticked off no matter how we approach it.
>>>
>>> --
>>> Phillip Windell [not an MVP, MCSE or anything else,...the CCNA is
>>> expired]
>>>
>>> The views expressed, are my own and not those of my employer, or
>>> Microsoft,
>>> or anyone else associated with me, including my cats.
>>> -----------------------------------------------------
>>
>> However Paul decided to not ask any questions, as well as not answer
>> any questions - only to tell me I'm doing everything wrong. On top of
>> that, AFTER I informed him that the problem I'm running into is on a
>> test domain, and will (when implemented into our enterprise domain)
>> have completely different user accounts with practically no
>> permissions to company data or other company computers, he still
>> decided to tell me I'm risking my company's assets - and I still have
>> yet to hear one piece of advice on how to resolve my group policy
>> issue.
>>
>> It has nothing to do with a popular or correct answer. The simple
>> fact is that the specialized software that is running on this computer
>> REQUIRES a user to be logged in at all times, REQUIRES access to only
>> specific folders (which WILL BE USED, NOT A DOMAIN ADMIN LIKE IN THE
>> TEEESSSSTTT DOMAIN), and requires other users to use the software
>> directly from the machine without needing the username/password of the
>> specialized NON ADMIN account (therefore screen shouldn't lock).
>> However, the Group Policy changes are not being implemented on the
>> computer... I'm trying to resolve this on my TEST DOMAIN before
>> implementing it with different accounts and permissions on my
>> enterprise domain - but all I hear is I should be fired. Thanks again.
>
>
> Cary,
>
> Very well put.
>
> From Robert's original post, he stated symptoms without configuration
> information and *hinted* that it's on a DC, hence all of our reactions. I
> did request configuration information, however that seemed to be
> overlooked among the barrage of personal attacks against Paul and I
> ass/u/me Phillip and I.
>
> As you stated, we do try to help, and we never know what skill level a
> poster owns, and sometimes we do lend personal comments regarding a
> scenario. When there isn't enough provided in an intial post, we always
> ask for additional information in order to diagnose the issue, which I had
> asked, otherwise it leads to assumptions. I must admit I also fell under
> that category in my response, but that stemmed from the original post's
> context believing this was a DC and using a domain admin account to allow
> users to logon with. It was never stated this was a test environment and
> the eventual production rollout would be on a non-DC using plain-Jane user
> accounts.
>
> My bet is because it's a domain admin account, it may be due to the
> AdminSDHolder, but we will never know, and I will no longer ass/u/me
> anything at this point in this thread.
>
> And quite unfortunate it got this far. <sigh>
>
> Ace
>
Re: Group Policy not being applied [message #374601 is a reply to message #374479] Fri, 22 January 2010 07:57 Go to previous messageGo to next message
Robert Jacobs  is currently offline Robert Jacobs  United States
Messages: 7
Registered: January 2010
Junior Member
On Jan 22, 4:40 am, "Cary Shultz" <cshu...@nospam.outsourceit.com>
wrote:
> Good morning, Ace!
>
> Looks like there is no rest for the wicked!
>
> Agree with everything that you put.  I read all of the posts (starting with
> your reply...did not see the original post from Robert...may be that it is
> from some other forum....).  It is unfortunate that it came this far.  But
> sometimes people get really frustrated and then watch out.  I am fairly calm
> until I reach that point.  Then you do not want to know me anymore! ;-)
>
> I hope that Robert makes things right and that Robert comes back so that we
> can actually help him.  I am sure that we can...
>
> And, no worry about assumption | personal comment.  I am a huge advocate of
> not assuming anything, yet do it myself all the time.  And, for the record,
> I will take your 'assumption' and 'personal comment' over most people's fact
> every day of the week (and twice on Sunday).  And Paul's as well.  It is
> what makes you two so very good.  You have both seen a ton of stuff and have
> done a ton of stuff so you can pretty much hear a couple of things and you
> already have a pretty good idea of what is going on.  Now, that is not
> always going to be the case....this post is probably one of those times.  I
> will tell you, when I read your initial reply (and Robert's original post) I
> had pretty much the same picture that you and - seemingly - Paul had.  So,
> if you had that picture painted in your head and Paul had that picture
> painted in his head and I had that picture painted in my head........99
> times out of 100 guess what?  That picture is probably what is going on..
> Well, looks like maybe this is that 1 time out of 100.  But only after more
> information from the poster.
>
> Look, we are all human.  Well, I am pretty close to perfect.....HA! HA!  I
> hope that Robert understands that it is difficult to diagnose issues when
> maybe the picture was not painted so perfectly and we all (seemingly) made a
> couple of assumptions based on years and years of experience.  Robert did
> not necessarily need to react the way that he did.  A simple "Hold on, guys.
> You are seeing this all wrong.  Maybe I did not paint such a good picture.
> Okay, here are the details:  Windows 2003 production environment,  four
> domain controllers, two physical locations, two AD Sites, 110 Windows
> XP/Vista Clients and one Windows 2003 test environment......" would have
> sufficed.  He could have posted the ipconfig /all results that you *always*
> ask to see and we could have gone from there.  I am more than willing to
> give Robert the benefit of the doubt.  I get very frustrated at times (this
> past weekend spent essentially 16 straight hours on a really bad AD issue at
> a new client - Saturday afternoon from 3PM to Sunday morning at 6:30AM,
> slept for three hours and then worked another three+ hours....was not a
> happy camper and would probably not have been too friendly).
>
> No, in my view, the point is what Robert does.  How does Robert handle this?
> Does he come back and say, "FU" or does he make things right with everyone
> and start over.  The ball is in his court.
>
> We all know that you and Paul are going to be here all the time.  It is
> everyone else who comes and goes.  Myself included!
>
> Cary
>
> "Ace Fekay [MVP-DS, MCT]" <ace...@mvps.RemoveThisPart.org> wrote in messagenews:%23QzvklymKHA.3840@TK2MSFTNGP06.phx.gbl...
>
>
>
> > "Cary Shultz" <cshu...@outsourceit.com> wrote in message
> >news:enVWUexmKHA.5520@TK2MSFTNGP06.phx.gbl...
> >> Robert,
>
> >> If I might chime in here....
>
> >> I am a former MVP (a few years ago when I had a lot more time to partake
> >> in the news groups).  I spent a lot of time in here and helped a lot of
> >> people and learned a lot from everyone...MVPs and non-MVPs alike.  There
> >> are lots of ways to skin a cat, as it were.
>
> >> Anyway, right off the bat I would like to make very clear that the MVPs
> >> are doing this in their free time.  There is no compensation at all from
> >> Microsoft (other than access to some really cool things and trips to the
> >> Redmond campus....never made it there because my wife was pregnant both
> >> years).  These MS forums are public and are right up at the top of the
> >> list as far as I am concerned.  I used to spend a lot of time in the AD
> >> and GPO and Exchange Admin news groups.  Top notch places.  There should
> >> be no expectation (and I use that word very specifically) of immediate
> >> help or of useful help.  Do not assume that what you receive in the way
> >> of advise is accurate for your specific environment | issue.  If you have
> >> a really serious issue then please contact MS - PSS.  If you do that then
> >> having those expectations (not saying that YOU have those
> >> expectations....just saying) is completely within reason.
>
> >> Paul is one of the good guys.  He helps a lot of people, does a lot of
> >> great work - in and out of the new groups - and is always willing to
> >> share his knowledge and ideas and insight.  If Paul states that you could
> >> get fired for doing what you are doing then I might respectfully suggest
> >> that you take a step back and evaluate what it is that Paul is saying and
> >> look at why he is saying it.
>
> >> For you to attack Paul the way you did is really uncalled for and not
> >> cool at all.  Paul would not ever say this - so I will:  you really need
> >> to rethink your personal attack on him and make that right.  But, that is
> >> between you and Paul.
>
> >> It is not easy knowing what is happening in an environment.  It is not
> >> easy knowing what the thought process is of the person making a post.  I
> >> can tell you that there is a lot of crappola out there.  I see it every
> >> day.  The clients that we take over from other IT Consultants and
> >> in-house IT staff are seriously messed up.  There is - I can assure you -
> >> a lot of that out there.  I just shake my head (actually, most of the
> >> time) when we take over a new client.  Absolutely incredible what people
> >> do.  There are also different levels of 'competency'.  So, what I am
> >> saying is that no one in this forum knows your skill set level and how
> >> you do things (I know - and I speak for myself - that I do things a very
> >> specific way...which is very very very different from all of my
> >> colleagues...if I have done something at one of our clients EVERYONE at
> >> my company knows who did it!).   It is prudent to ask questions (which -
> >> as Phillip stated - often pi$$es off people). Remember, it is sometimes
> >> rather difficult to help with an issue where we have never seen the
> >> environment, can not touch the environment and can simply go on "what I
> >> know".
>
> >> Ace also initiated contact with you and suggested that you reconsider
> >> what you are doing.  Ace is also one of the good guys.  Now, from what I
> >> can see - there was no mention of a test domain (which, btw, is *EXACTLY*
> >> the correct way to do things....so, megekudos there).  I do not want to
> >> speak for either Paul or Ace, but I can only ass/u/me that the thought
> >> process was that this was in a production environment.  It is my opinion
> >> that anyone who intentionally learns / tests / plays in a production
> >> environment ought to be fired.  Granted, no one knows everything so that
> >> is sometimes necessary (well.......).
>
> >> Anyway, if you would like or need help I will gladly assist you.
>
> >> Cary
>
> >> "Robert Jacobs" <robertjacob...@gmail.com> wrote in message
> >>news:e7d34b91-3b6e-40ee-939c-1c2bd18a5da1@e16g2000yqc.googlegroups.com....
> >> On Jan 21, 12:31 pm, "Phillip Windell" <philwind...@hotmail.com>
> >> wrote:
> >>> "Robert Jacobs" <robertjacob...@gmail.com> wrote in message
>
> >>>news:e48cb556-2e2e-43f2-a075-b50912e5b455@b2g2000yqi.googlegroups.com....
>
> >>> > help. Thank goodness you put all of your fancy certifications (Mr.
> >>> > Early Achiever) to good use, by not asking any follow up questions, or
> >>> > asking the nature of this project before telling me ....
>
> >>> We make just as many people mad by asking those "follow up questions"
> >>> because people have no patients and want an instant answer without
> >>> giving
> >>> everyone the details they need to make such an answer possible.
>
> >>> So from our position it is a "no win situation". Someone is going to get
> >>> ticked off no matter how we approach it.
>
> >>> --
> >>> Phillip Windell [not an MVP, MCSE or anything else,...the CCNA is
> >>> expired]
>
> >>> The views expressed, are my own and not those of my employer, or
> >>> Microsoft,
> >>> or anyone else associated with me, including my cats.
> >>> -----------------------------------------------------
>
> >> However Paul decided to not ask any questions, as well as not answer
> >> any questions - only to tell me I'm doing everything wrong.  On top of
> >> that, AFTER I informed him that the problem I'm running into is on a
> >> test domain, and will (when implemented into our enterprise domain)
> >> have completely different user accounts with practically no
> >> permissions to company data or other company computers, he still
> >> decided to tell me I'm risking my company's assets - and I still have
> >> yet to hear one piece of advice on how to resolve my group policy
> >> issue.
>
> >> It has nothing to do with a popular or correct answer.  The simple
> >> fact is that the specialized software that is running on this computer
> >> REQUIRES a user to be logged in at all times, REQUIRES access to only
> >> specific folders (which WILL BE USED, NOT A DOMAIN ADMIN LIKE IN THE
> >> TEEESSSSTTT DOMAIN), and requires other users to use the software
> >> directly from the machine without needing the username/password of the
> >> specialized NON ADMIN account (therefore screen shouldn't lock).
> >> However, the Group Policy changes are not being implemented on the
> >> computer...  I'm trying to resolve this on my TEST DOMAIN before
> >> implementing it with different accounts and permissions on my
> >> enterprise domain - but all I hear is I should be fired.  Thanks again.
>
> > Cary,
>
> > Very well put.
>
> > From Robert's original post, he stated
>
> ...
>
> read more »- Hide quoted text -
>
> - Show quoted text -

I've resolved the issue. Thanks for your help Ace - as this server
was not a DC, I was able to use loopback and all works like a charm
now.

I would like to apologize to Paul for biting off his head. I do know
that you are providing an unpaid service to people who could really
use your help, and for that I thank you. I, myself, have spent a
large amount of time lending my services wherever possible, so I know
how it feels to do these things for others and still be insulted/not
thanked. So for that, I apologize.

I would like to just mention that, after posting in these threads a
number of times, and receiving incredible help from experts such as
yourself, ace, and cary, I've become more comfortable with the type of
information I leave behind for support. Even though I was performing
all of these steps in a Test environment, I didn't feel the need to
mention that, as it wouldn't have helped you in any way to with a
resolution to my - what appeared to be simple - issue. The reason I
mentioned that I was using a domain admin account was due to the fact
that I wanted anybody providing their incredible wisdom to have the
knowledge that there were no permissions issues, etc. Test domain or
not, the issue was still there - and I've found when asking for help
with your test environment, you receive less than stellar responses,
as nobody seems to care about whether or not your test environment is
functioning properly. I understand your position in trying to provide
the best feedback possible, informing me that what I'm doing is
dangerous. It would have, however, been appreciated if, like Cary
said, you hadn't ass|u|me-d either way. Maybe something like "If
you're trying to do this on a production environment, I'd recommend
you to do this a different way - or with an account with much less
permissions than a domain admin account - as you're practically
handing the keys to your enterprise to anybody with access to this
machine. With that being said - let me try to help with your group
policy not being pushed to this computer."

Regardless of what I feel, I know I was a jerk for calling you out. I
was extremely frustrated with your comments about you believing I
should be terminated, without digging a little deeper. I know digging
a little deeper isn't what you need to do, but please know that,
although you said you didn't mean to be rude, mentioning something
like this is closer to a personal attack than anything else posted on
this thread, and I overreacted the accusation. I took it to heart,
and I shouldn't have.
Re: Group Policy not being applied [message #374623 is a reply to message #374601] Fri, 22 January 2010 08:20 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
> On Jan 22, 4:40 am, "Cary Shultz" <cshu...@nospam.outsourceit.com>
> wrote:
>> Good morning, Ace!
>>
>> Looks like there is no rest for the wicked!
>>
>> Agree with everything that you put.  I read all of the posts (starting with
>> your reply...did not see the original post from Robert...may be that it is
>> from some other forum....).  It is unfortunate that it came this far.  But
>> sometimes people get really frustrated and then watch out.  I am fairly calm
>> until I reach that point.  Then you do not want to know me anymore! ;-)
>>
>> I hope that Robert makes things right and that Robert comes back so that we
>> can actually help him.  I am sure that we can...
>>
>> And, no worry about assumption | personal comment.  I am a huge advocate of
>> not assuming anything, yet do it myself all the time.  And, for the record,
>> I will take your 'assumption' and 'personal comment' over most people's fact
>> every day of the week (and twice on Sunday).  And Paul's as well.  It is
>> what makes you two so very good.  You have both seen a ton of stuff and have
>> done a ton of stuff so you can pretty much hear a couple of things and you
>> already have a pretty good idea of what is going on.  Now, that is not
>> always going to be the case....this post is probably one of those times.  I
>> will tell you, when I read your initial reply (and Robert's original post) I
>> had pretty much the same picture that you and - seemingly - Paul had.  So,
>> if you had that picture painted in your head and Paul had that picture
>> painted in his head and I had that picture painted in my head........99
>> times out of 100 guess what?  That picture is probably what is going on.
>> Well, looks like maybe this is that 1 time out of 100.  But only after more
>> information from the poster.
>>
>> Look, we are all human.  Well, I am pretty close to perfect.....HA! HA!  I
>> hope that Robert understands that it is difficult to diagnose issues when
>> maybe the picture was not painted so perfectly and we all (seemingly) made a
>> couple of assumptions based on years and years of experience.  Robert did
>> not necessarily need to react the way that he did.  A simple "Hold on, guys.
>> You are seeing this all wrong.  Maybe I did not paint such a good picture.
>> Okay, here are the details:  Windows 2003 production environment,  four
>> domain controllers, two physical locations, two AD Sites, 110 Windows
>> XP/Vista Clients and one Windows 2003 test environment......" would have
>> sufficed.  He could have posted the ipconfig /all results that you *always*
>> ask to see and we could have gone from there.  I am more than willing to
>> give Robert the benefit of the doubt.  I get very frustrated at times (this
>> past weekend spent essentially 16 straight hours on a really bad AD issue at
>> a new client - Saturday afternoon from 3PM to Sunday morning at 6:30AM,
>> slept for three hours and then worked another three+ hours....was not a
>> happy camper and would probably not have been too friendly).
>>
>> No, in my view, the point is what Robert does.  How does Robert handle this?
>> Does he come back and say, "FU" or does he make things right with everyone
>> and start over.  The ball is in his court.
>>
>> We all know that you and Paul are going to be here all the time.  It is
>> everyone else who comes and goes.  Myself included!
>>
>> Cary
>>
>> "Ace Fekay [MVP-DS, MCT]" <ace...@mvps.RemoveThisPart.org> wrote in
>> messagenews:%23QzvklymKHA.3840@TK2MSFTNGP06.phx.gbl...
>>
>>
>>
>>> "Cary Shultz" <cshu...@outsourceit.com> wrote in message
>>> news:enVWUexmKHA.5520@TK2MSFTNGP06.phx.gbl...
>>>> Robert,
>>
>>>> If I might chime in here....
>>
>>>> I am a former MVP (a few years ago when I had a lot more time to partake
>>>> in the news groups).  I spent a lot of time in here and helped a lot of
>>>> people and learned a lot from everyone...MVPs and non-MVPs alike.  There
>>>> are lots of ways to skin a cat, as it were.
>>>> Anyway, right off the bat I would like to make very clear that the MVPs
>>>> are doing this in their free time.  There is no compensation at all from
>>>> Microsoft (other than access to some really cool things and trips to the
>>>> Redmond campus....never made it there because my wife was pregnant both
>>>> years).  These MS forums are public and are right up at the top of the
>>>> list as far as I am concerned.  I used to spend a lot of time in the AD
>>>> and GPO and Exchange Admin news groups.  Top notch places.  There should
>>>> be no expectation (and I use that word very specifically) of immediate
>>>> help or of useful help.  Do not assume that what you receive in the way
>>>> of advise is accurate for your specific environment | issue.  If you have
>>>> a really serious issue then please contact MS - PSS.  If you do that then
>>>> having those expectations (not saying that YOU have those
>>>> expectations....just saying) is completely within reason.
>>>> Paul is one of the good guys.  He helps a lot of people, does a lot of
>>>> great work - in and out of the new groups - and is always willing to
>>>> share his knowledge and ideas and insight.  If Paul states that you could
>>>> get fired for doing what you are doing then I might respectfully suggest
>>>> that you take a step back and evaluate what it is that Paul is saying and
>>>> look at why he is saying it.
>>
>>>> For you to attack Paul the way you did is really uncalled for and not
>>>> cool at all.  Paul would not ever say this - so I will:  you really need
>>>> to rethink your personal attack on him and make that right.  But, that is
>>>> between you and Paul.
>>
>>>> It is not easy knowing what is happening in an environment.  It is not
>>>> easy knowing what the thought process is of the person making a post.  I
>>>> can tell you that there is a lot of crappola out there.  I see it every
>>>> day.  The clients that we take over from other IT Consultants and
>>>> in-house IT staff are seriously messed up.  There is - I can assure you -
>>>> a lot of that out there.  I just shake my head (actually, most of the
>>>> time) when we take over a new client.  Absolutely incredible what people
>>>> do.  There are also different levels of 'competency'.  So, what I am
>>>> saying is that no one in this forum knows your skill set level and how
>>>> you do things (I know - and I speak for myself - that I do things a very
>>>> specific way...which is very very very different from all of my
>>>> colleagues...if I have done something at one of our clients EVERYONE at
>>>> my company knows who did it!).   It is prudent to ask questions (which -
>>>> as Phillip stated - often pi$$es off people). Remember, it is sometimes
>>>> rather difficult to help with an issue where we have never seen the
>>>> environment, can not touch the environment and can simply go on "what I
>>>> know".
>>
>>>> Ace also initiated contact with you and suggested that you reconsider
>>>> what you are doing.  Ace is also one of the good guys.  Now, from what I
>>>> can see - there was no mention of a test domain (which, btw, is *EXACTLY*
>>>> the correct way to do things....so, megekudos there).  I do not want to
>>>> speak for either Paul or Ace, but I can only ass/u/me that the thought
>>>> process was that this was in a production environment.  It is my opinion
>>>> that anyone who intentionally learns / tests / plays in a production
>>>> environment ought to be fired.  Granted, no one knows everything so that
>>>> is sometimes necessary (well.......).
>>>> Anyway, if you would like or need help I will gladly assist you.
>>>> Cary
>>
>>>> "Robert Jacobs" <robertjacob...@gmail.com> wrote in message
>>>> news:e7d34b91-3b6e-40ee-939c-1c2bd18a5da1@e16g2000yqc.googlegroups.com...
>>>> On Jan 21, 12:31 pm, "Phillip Windell" <philwind...@hotmail.com>
>>>> wrote:
>>>>> "Robert Jacobs" <robertjacob...@gmail.com> wrote in message
>>>>> news:e48cb556-2e2e-43f2-a075-b50912e5b455@b2g2000yqi.googlegroups.com...
>>>>>> help. Thank goodness you put all of your fancy certifications (Mr.
>>>>>> Early Achiever) to good use, by not asking any follow up questions, or
>>>>>> asking the nature of this project before telling me ....
>>>>> We make just as many people mad by asking those "follow up questions"
>>>>> because people have no patients and want an instant answer without
>>>>> giving
>>>>> everyone the details they need to make such an answer possible.
>>>>> So from our position it is a "no win situation". Someone is going to get
>>>>> ticked off no matter how we approach it.
>>>>> --
>>>>> Phillip Windell [not an MVP, MCSE or anything else,...the CCNA is
>>>>> expired]
>>
>>>>> The views expressed, are my own and not those of my employer, or
>>>>> Microsoft,
>>>>> or anyone else associated with me, including my cats.
>>>>> -----------------------------------------------------
>>>> However Paul decided to not ask any questions, as well as not answer
>>>> any questions - only to tell me I'm doing everything wrong.  On top of
>>>> that, AFTER I informed him that the problem I'm running into is on a
>>>> test domain, and will (when implemented into our enterprise domain)
>>>> have completely different user accounts with practically no
>>>> permissions to company data or other company computers, he still
>>>> decided to tell me I'm risking my company's assets - and I still have
>>>> yet to hear one piece of advice on how to resolve my group policy
>>>> issue.
>>
>>>> It has nothing to do with a popular or correct answer.  The simple
>>>> fact is that the specialized software that is running on this computer
>>>> REQUIRES a user to be logged in at all times, REQUIRES access to only
>>>> specific folders (which WILL BE USED, NOT A DOMAIN ADMIN LIKE IN THE
>>>> TEEESSSSTTT DOMAIN), and requires other users to use the software
>>>> directly from the machine without needing the username/password of the
>>>> specialized NON ADMIN account (therefore screen shouldn't lock).
>>>> However, the Group Policy changes are not being implemented on the
>>>> computer...  I'm trying to resolve this on my TEST DOMAIN before
>>>> implementing it with different accounts and permissions on my
>>>> enterprise domain - but all I hear is I should be fired.  Thanks again.
>>> Cary,
>>
>>> Very well put.
>>
>>> From Robert's original post, he stated
>>
>> ...
>>
>> read more »- Hide quoted text -
>>
>> - Show quoted text -
>
> I've resolved the issue. Thanks for your help Ace - as this server
> was not a DC, I was able to use loopback and all works like a charm
> now.
>
> I would like to apologize to Paul for biting off his head. I do know
> that you are providing an unpaid service to people who could really
> use your help, and for that I thank you. I, myself, have spent a
> large amount of time lending my services wherever possible, so I know
> how it feels to do these things for others and still be insulted/not
> thanked. So for that, I apologize.
>
> I would like to just mention that, after posting in these threads a
> number of times, and receiving incredible help from experts such as
> yourself, ace, and cary, I've become more comfortable with the type of
> information I leave behind for support. Even though I was performing
> all of these steps in a Test environment, I didn't feel the need to
> mention that, as it wouldn't have helped you in any way to with a
> resolution to my - what appeared to be simple - issue. The reason I
> mentioned that I was using a domain admin account was due to the fact
> that I wanted anybody providing their incredible wisdom to have the
> knowledge that there were no permissions issues, etc. Test domain or
> not, the issue was still there - and I've found when asking for help
> with your test environment, you receive less than stellar responses,
> as nobody seems to care about whether or not your test environment is
> functioning properly. I understand your position in trying to provide
> the best feedback possible, informing me that what I'm doing is
> dangerous. It would have, however, been appreciated if, like Cary
> said, you hadn't ass|u|me-d either way. Maybe something like "If
> you're trying to do this on a production environment, I'd recommend
> you to do this a different way - or with an account with much less
> permissions than a domain admin account - as you're practically
> handing the keys to your enterprise to anybody with access to this
> machine. With that being said - let me try to help with your group
> policy not being pushed to this computer."
>
> Regardless of what I feel, I know I was a jerk for calling you out. I
> was extremely frustrated with your comments about you believing I
> should be terminated, without digging a little deeper. I know digging
> a little deeper isn't what you need to do, but please know that,
> although you said you didn't mean to be rude, mentioning something
> like this is closer to a personal attack than anything else posted on
> this thread, and I overreacted the accusation. I took it to heart,
> and I shouldn't have.

I am glad the loopback worked. You are welcome.

Sometimes it can be difficult helping others when not enough info was
posted leading to assumptions, that literally the word ass/u/me broken
down affected all of us. That's why we always want more specific info
to not lead to assuming.

That said, I am happy to hear you came out to apologize, as well. I
accept it, but more importantly it comes down to Paul, who was the
target.

Keep posting, Robert. We are here to help. But don't forget to provide
a full picture of the environment, whether test or not, to avoid
assumptions!

:-)

Ace

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit
among responding engineers, and to help others benefit from your
resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE
& MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance,
please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
Re: Group Policy not being applied [message #374624 is a reply to message #374479] Fri, 22 January 2010 08:26 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
> Good morning, Ace!
>
> Looks like there is no rest for the wicked!
>
> Agree with everything that you put. I read all of the posts (starting with
> your reply...did not see the original post from Robert...may be that it is
> from some other forum....). It is unfortunate that it came this far. But
> sometimes people get really frustrated and then watch out. I am fairly calm
> until I reach that point. Then you do not want to know me anymore! ;-)
>
> I hope that Robert makes things right and that Robert comes back so that we
> can actually help him. I am sure that we can...
>
> And, no worry about assumption | personal comment. I am a huge advocate of
> not assuming anything, yet do it myself all the time. And, for the record, I
> will take your 'assumption' and 'personal comment' over most people's fact
> every day of the week (and twice on Sunday). And Paul's as well. It is what
> makes you two so very good. You have both seen a ton of stuff and have done
> a ton of stuff so you can pretty much hear a couple of things and you already
> have a pretty good idea of what is going on. Now, that is not always going
> to be the case....this post is probably one of those times. I will tell you,
> when I read your initial reply (and Robert's original post) I had pretty much
> the same picture that you and - seemingly - Paul had. So, if you had that
> picture painted in your head and Paul had that picture painted in his head
> and I had that picture painted in my head........99 times out of 100 guess
> what? That picture is probably what is going on. Well, looks like maybe this
> is that 1 time out of 100. But only after more information from the poster.
>
> Look, we are all human. Well, I am pretty close to perfect.....HA! HA! I
> hope that Robert understands that it is difficult to diagnose issues when
> maybe the picture was not painted so perfectly and we all (seemingly) made a
> couple of assumptions based on years and years of experience. Robert did not
> necessarily need to react the way that he did. A simple "Hold on, guys. You
> are seeing this all wrong. Maybe I did not paint such a good picture. Okay,
> here are the details: Windows 2003 production environment, four domain
> controllers, two physical locations, two AD Sites, 110 Windows XP/Vista
> Clients and one Windows 2003 test environment......" would have sufficed. He
> could have posted the ipconfig /all results that you *always* ask to see and
> we could have gone from there. I am more than willing to give Robert the
> benefit of the doubt. I get very frustrated at times (this past weekend
> spent essentially 16 straight hours on a really bad AD issue at a new client
> - Saturday afternoon from 3PM to Sunday morning at 6:30AM, slept for three
> hours and then worked another three+ hours....was not a happy camper and
> would probably not have been too friendly).
>
> No, in my view, the point is what Robert does. How does Robert handle this?
> Does he come back and say, "FU" or does he make things right with everyone
> and start over. The ball is in his court.
>
> We all know that you and Paul are going to be here all the time. It is
> everyone else who comes and goes. Myself included!
>
> Cary

You are so right, Cary. I did try to be diplomatic and professional
about it asking for confi info, possible solutions, as well as offering
professional personal advise, but as seen, it all led from the original
posts abiquity.

However at this point, I think we can put this past us for now and move
on, and look at it as a learning experience.

And I'm not sure what happened to the original post. I think it's
because Robert is using Google Groups. Google has a way of skewing
posts. If you've ever noticed with using Windows Mail or Outlook
Express as a reader, it can't handle Google's settings. Google does
things differently with posts, such as truncating responses and links
in the responses, as well as not able to properly reply with Outlook Ex
or Windows Mail where the right arrow carots (">") don't show up, even
if you set your settings to HTML, which usually is not "proper"
etiquette with newsgroups. What I do when it comes to replying to
Google Groups postings is use MesNews, which handles and alters Google
formats very well back to a true newsgroup encoding that Google seems
to try and override all the time.

Cheers!!!

Ace
Re: Group Policy not being applied [message #374709 is a reply to message #374624] Fri, 22 January 2010 10:00 Go to previous messageGo to next message
Cary Shultz  is currently offline Cary Shultz  United States
Messages: 127
Registered: August 2009
Senior Member
Yeppers.....all is well that ends well.

Already forgotten! ;-)

"Ace Fekay [MVP-DS"; "MCT]" <aceman@mvps.RemoveThisPart.org> wrote in
message news:mn.b2727da1a9eea830.105663@mvps.RemoveThisPart.org...
>> Good morning, Ace!
>>
>> Looks like there is no rest for the wicked!
>>
>> Agree with everything that you put. I read all of the posts (starting
>> with your reply...did not see the original post from Robert...may be that
>> it is from some other forum....). It is unfortunate that it came this
>> far. But sometimes people get really frustrated and then watch out. I
>> am fairly calm until I reach that point. Then you do not want to know me
>> anymore! ;-)
>>
>> I hope that Robert makes things right and that Robert comes back so that
>> we can actually help him. I am sure that we can...
>>
>> And, no worry about assumption | personal comment. I am a huge advocate
>> of not assuming anything, yet do it myself all the time. And, for the
>> record, I will take your 'assumption' and 'personal comment' over most
>> people's fact every day of the week (and twice on Sunday). And Paul's as
>> well. It is what makes you two so very good. You have both seen a ton
>> of stuff and have done a ton of stuff so you can pretty much hear a
>> couple of things and you already have a pretty good idea of what is going
>> on. Now, that is not always going to be the case....this post is
>> probably one of those times. I will tell you, when I read your initial
>> reply (and Robert's original post) I had pretty much the same picture
>> that you and - seemingly - Paul had. So, if you had that picture painted
>> in your head and Paul had that picture painted in his head and I had that
>> picture painted in my head........99 times out of 100 guess what? That
>> picture is probably what is going on. Well, looks like maybe this is that
>> 1 time out of 100. But only after more information from the poster.
>>
>> Look, we are all human. Well, I am pretty close to perfect.....HA! HA!
>> I hope that Robert understands that it is difficult to diagnose issues
>> when maybe the picture was not painted so perfectly and we all
>> (seemingly) made a couple of assumptions based on years and years of
>> experience. Robert did not necessarily need to react the way that he
>> did. A simple "Hold on, guys. You are seeing this all wrong. Maybe I
>> did not paint such a good picture. Okay, here are the details: Windows
>> 2003 production environment, four domain controllers, two physical
>> locations, two AD Sites, 110 Windows XP/Vista Clients and one Windows
>> 2003 test environment......" would have sufficed. He could have posted
>> the ipconfig /all results that you *always* ask to see and we could have
>> gone from there. I am more than willing to give Robert the benefit of
>> the doubt. I get very frustrated at times (this past weekend spent
>> essentially 16 straight hours on a really bad AD issue at a new client -
>> Saturday afternoon from 3PM to Sunday morning at 6:30AM, slept for three
>> hours and then worked another three+ hours....was not a happy camper and
>> would probably not have been too friendly).
>>
>> No, in my view, the point is what Robert does. How does Robert handle
>> this? Does he come back and say, "FU" or does he make things right with
>> everyone and start over. The ball is in his court.
>>
>> We all know that you and Paul are going to be here all the time. It is
>> everyone else who comes and goes. Myself included!
>>
>> Cary
>
> You are so right, Cary. I did try to be diplomatic and professional about
> it asking for confi info, possible solutions, as well as offering
> professional personal advise, but as seen, it all led from the original
> posts abiquity.
>
> However at this point, I think we can put this past us for now and move
> on, and look at it as a learning experience.
>
> And I'm not sure what happened to the original post. I think it's because
> Robert is using Google Groups. Google has a way of skewing posts. If
> you've ever noticed with using Windows Mail or Outlook Express as a
> reader, it can't handle Google's settings. Google does things differently
> with posts, such as truncating responses and links in the responses, as
> well as not able to properly reply with Outlook Ex or Windows Mail where
> the right arrow carots (">") don't show up, even if you set your settings
> to HTML, which usually is not "proper" etiquette with newsgroups. What I
> do when it comes to replying to Google Groups postings is use MesNews,
> which handles and alters Google formats very well back to a true newsgroup
> encoding that Google seems to try and override all the time.
>
> Cheers!!!
>
> Ace
>
>
Re: Group Policy not being applied [message #374731 is a reply to message #374601] Fri, 22 January 2010 10:11 Go to previous message
Cary Shultz  is currently offline Cary Shultz  United States
Messages: 127
Registered: August 2009
Senior Member
Robert,

It takes a big person to do what you did ...so megakudos to you for standing
up and doing that.

I have been where you were. It is frustrating when you have a 'simple'
issue and you - from your perspective - get a lot of flack and whatnot. You
just want a dang answer! Been there, done that!

By all means post as much info as you think is important. As you see, if
you do not provide enough information someone will ask you for it. We are
not a shy group! ;-) So, to me this issue is done. Paul ultimately has
the final say (as Ace mentioned). I have no worries there. Paul really is
one of the good guys.

Now, what I might like to continue with you is the "test environment gets no
help" comment. Really? And I am just asking because when I started doing
this back in 2000 (yes, not a typo) that is all I did - post questions about
my test environment. I got lots of awesome help back then (in fact, some of
those guys are still here!). It is in the test environment that I
progressed and learned and learned and progressed.

Anyway, it kinda saddens me that you have had that experience. I had - as
stated above - a completely different experience.

So, keep on posting. Please. If you have a question I assure you that
1,000 others have that same question.

And, if you have group policy questions - or what you think could be group
policy related issues - feel free to post here and in the Group Policy
forum. Meinolf and Florian gobble those questions up (they are in Germany).

Glad that your issue was resolved and glad that the other stuff was resolved
as well.

Cary

"Robert Jacobs" <robertjacobsit@gmail.com> wrote in message
news:a1cf3bba-97c6-430b-858a-c8ac99e92469@b9g2000yqd.googlegroups.com...
On Jan 22, 4:40 am, "Cary Shultz" <cshu...@nospam.outsourceit.com>
wrote:
> Good morning, Ace!
>
> Looks like there is no rest for the wicked!
>
> Agree with everything that you put. I read all of the posts (starting with
> your reply...did not see the original post from Robert...may be that it is
> from some other forum....). It is unfortunate that it came this far. But
> sometimes people get really frustrated and then watch out. I am fairly
> calm
> until I reach that point. Then you do not want to know me anymore! ;-)
>
> I hope that Robert makes things right and that Robert comes back so that
> we
> can actually help him. I am sure that we can...
>
> And, no worry about assumption | personal comment. I am a huge advocate of
> not assuming anything, yet do it myself all the time. And, for the record,
> I will take your 'assumption' and 'personal comment' over most people's
> fact
> every day of the week (and twice on Sunday). And Paul's as well. It is
> what makes you two so very good. You have both seen a ton of stuff and
> have
> done a ton of stuff so you can pretty much hear a couple of things and you
> already have a pretty good idea of what is going on. Now, that is not
> always going to be the case....this post is probably one of those times. I
> will tell you, when I read your initial reply (and Robert's original post)
> I
> had pretty much the same picture that you and - seemingly - Paul had. So,
> if you had that picture painted in your head and Paul had that picture
> painted in his head and I had that picture painted in my head........99
> times out of 100 guess what? That picture is probably what is going on.
> Well, looks like maybe this is that 1 time out of 100. But only after more
> information from the poster.
>
> Look, we are all human. Well, I am pretty close to perfect.....HA! HA! I
> hope that Robert understands that it is difficult to diagnose issues when
> maybe the picture was not painted so perfectly and we all (seemingly) made
> a
> couple of assumptions based on years and years of experience. Robert did
> not necessarily need to react the way that he did. A simple "Hold on,
> guys.
> You are seeing this all wrong. Maybe I did not paint such a good picture.
> Okay, here are the details: Windows 2003 production environment, four
> domain controllers, two physical locations, two AD Sites, 110 Windows
> XP/Vista Clients and one Windows 2003 test environment......" would have
> sufficed. He could have posted the ipconfig /all results that you *always*
> ask to see and we could have gone from there. I am more than willing to
> give Robert the benefit of the doubt. I get very frustrated at times (this
> past weekend spent essentially 16 straight hours on a really bad AD issue
> at
> a new client - Saturday afternoon from 3PM to Sunday morning at 6:30AM,
> slept for three hours and then worked another three+ hours....was not a
> happy camper and would probably not have been too friendly).
>
> No, in my view, the point is what Robert does. How does Robert handle
> this?
> Does he come back and say, "FU" or does he make things right with everyone
> and start over. The ball is in his court.
>
> We all know that you and Paul are going to be here all the time. It is
> everyone else who comes and goes. Myself included!
>
> Cary
>
> "Ace Fekay [MVP-DS, MCT]" <ace...@mvps.RemoveThisPart.org> wrote in
> messagenews:%23QzvklymKHA.3840@TK2MSFTNGP06.phx.gbl...
>
>
>
> > "Cary Shultz" <cshu...@outsourceit.com> wrote in message
> >news:enVWUexmKHA.5520@TK2MSFTNGP06.phx.gbl...
> >> Robert,
>
> >> If I might chime in here....
>
> >> I am a former MVP (a few years ago when I had a lot more time to
> >> partake
> >> in the news groups). I spent a lot of time in here and helped a lot of
> >> people and learned a lot from everyone...MVPs and non-MVPs alike. There
> >> are lots of ways to skin a cat, as it were.
>
> >> Anyway, right off the bat I would like to make very clear that the MVPs
> >> are doing this in their free time. There is no compensation at all from
> >> Microsoft (other than access to some really cool things and trips to
> >> the
> >> Redmond campus....never made it there because my wife was pregnant both
> >> years). These MS forums are public and are right up at the top of the
> >> list as far as I am concerned. I used to spend a lot of time in the AD
> >> and GPO and Exchange Admin news groups. Top notch places. There should
> >> be no expectation (and I use that word very specifically) of immediate
> >> help or of useful help. Do not assume that what you receive in the way
> >> of advise is accurate for your specific environment | issue. If you
> >> have
> >> a really serious issue then please contact MS - PSS. If you do that
> >> then
> >> having those expectations (not saying that YOU have those
> >> expectations....just saying) is completely within reason.
>
> >> Paul is one of the good guys. He helps a lot of people, does a lot of
> >> great work - in and out of the new groups - and is always willing to
> >> share his knowledge and ideas and insight. If Paul states that you
> >> could
> >> get fired for doing what you are doing then I might respectfully
> >> suggest
> >> that you take a step back and evaluate what it is that Paul is saying
> >> and
> >> look at why he is saying it.
>
> >> For you to attack Paul the way you did is really uncalled for and not
> >> cool at all. Paul would not ever say this - so I will: you really need
> >> to rethink your personal attack on him and make that right. But, that
> >> is
> >> between you and Paul.
>
> >> It is not easy knowing what is happening in an environment. It is not
> >> easy knowing what the thought process is of the person making a post. I
> >> can tell you that there is a lot of crappola out there. I see it every
> >> day. The clients that we take over from other IT Consultants and
> >> in-house IT staff are seriously messed up. There is - I can assure
> >> you -
> >> a lot of that out there. I just shake my head (actually, most of the
> >> time) when we take over a new client. Absolutely incredible what people
> >> do. There are also different levels of 'competency'. So, what I am
> >> saying is that no one in this forum knows your skill set level and how
> >> you do things (I know - and I speak for myself - that I do things a
> >> very
> >> specific way...which is very very very different from all of my
> >> colleagues...if I have done something at one of our clients EVERYONE at
> >> my company knows who did it!). It is prudent to ask questions (which -
> >> as Phillip stated - often pi$$es off people). Remember, it is sometimes
> >> rather difficult to help with an issue where we have never seen the
> >> environment, can not touch the environment and can simply go on "what I
> >> know".
>
> >> Ace also initiated contact with you and suggested that you reconsider
> >> what you are doing. Ace is also one of the good guys. Now, from what I
> >> can see - there was no mention of a test domain (which, btw, is
> >> *EXACTLY*
> >> the correct way to do things....so, megekudos there). I do not want to
> >> speak for either Paul or Ace, but I can only ass/u/me that the thought
> >> process was that this was in a production environment. It is my opinion
> >> that anyone who intentionally learns / tests / plays in a production
> >> environment ought to be fired. Granted, no one knows everything so that
> >> is sometimes necessary (well.......).
>
> >> Anyway, if you would like or need help I will gladly assist you.
>
> >> Cary
>
> >> "Robert Jacobs" <robertjacob...@gmail.com> wrote in message
> >>news:e7d34b91-3b6e-40ee-939c-1c2bd18a5da1@e16g2000yqc.googlegroups.com...
> >> On Jan 21, 12:31 pm, "Phillip Windell" <philwind...@hotmail.com>
> >> wrote:
> >>> "Robert Jacobs" <robertjacob...@gmail.com> wrote in message
>
> >>>news:e48cb556-2e2e-43f2-a075-b50912e5b455@b2g2000yqi.googlegroups.com...
>
> >>> > help. Thank goodness you put all of your fancy certifications (Mr.
> >>> > Early Achiever) to good use, by not asking any follow up questions,
> >>> > or
> >>> > asking the nature of this project before telling me ....
>
> >>> We make just as many people mad by asking those "follow up questions"
> >>> because people have no patients and want an instant answer without
> >>> giving
> >>> everyone the details they need to make such an answer possible.
>
> >>> So from our position it is a "no win situation". Someone is going to
> >>> get
> >>> ticked off no matter how we approach it.
>
> >>> --
> >>> Phillip Windell [not an MVP, MCSE or anything else,...the CCNA is
> >>> expired]
>
> >>> The views expressed, are my own and not those of my employer, or
> >>> Microsoft,
> >>> or anyone else associated with me, including my cats.
> >>> -----------------------------------------------------
>
> >> However Paul decided to not ask any questions, as well as not answer
> >> any questions - only to tell me I'm doing everything wrong. On top of
> >> that, AFTER I informed him that the problem I'm running into is on a
> >> test domain, and will (when implemented into our enterprise domain)
> >> have completely different user accounts with practically no
> >> permissions to company data or other company computers, he still
> >> decided to tell me I'm risking my company's assets - and I still have
> >> yet to hear one piece of advice on how to resolve my group policy
> >> issue.
>
> >> It has nothing to do with a popular or correct answer. The simple
> >> fact is that the specialized software that is running on this computer
> >> REQUIRES a user to be logged in at all times, REQUIRES access to only
> >> specific folders (which WILL BE USED, NOT A DOMAIN ADMIN LIKE IN THE
> >> TEEESSSSTTT DOMAIN), and requires other users to use the software
> >> directly from the machine without needing the username/password of the
> >> specialized NON ADMIN account (therefore screen shouldn't lock).
> >> However, the Group Policy changes are not being implemented on the
> >> computer... I'm trying to resolve this on my TEST DOMAIN before
> >> implementing it with different accounts and permissions on my
> >> enterprise domain - but all I hear is I should be fired. Thanks again.
>
> > Cary,
>
> > Very well put.
>
> > From Robert's original post, he stated
>
> ...
>
> read more »- Hide quoted text -
>
> - Show quoted text -

I've resolved the issue. Thanks for your help Ace - as this server
was not a DC, I was able to use loopback and all works like a charm
now.

I would like to apologize to Paul for biting off his head. I do know
that you are providing an unpaid service to people who could really
use your help, and for that I thank you. I, myself, have spent a
large amount of time lending my services wherever possible, so I know
how it feels to do these things for others and still be insulted/not
thanked. So for that, I apologize.

I would like to just mention that, after posting in these threads a
number of times, and receiving incredible help from experts such as
yourself, ace, and cary, I've become more comfortable with the type of
information I leave behind for support. Even though I was performing
all of these steps in a Test environment, I didn't feel the need to
mention that, as it wouldn't have helped you in any way to with a
resolution to my - what appeared to be simple - issue. The reason I
mentioned that I was using a domain admin account was due to the fact
that I wanted anybody providing their incredible wisdom to have the
knowledge that there were no permissions issues, etc. Test domain or
not, the issue was still there - and I've found when asking for help
with your test environment, you receive less than stellar responses,
as nobody seems to care about whether or not your test environment is
functioning properly. I understand your position in trying to provide
the best feedback possible, informing me that what I'm doing is
dangerous. It would have, however, been appreciated if, like Cary
said, you hadn't ass|u|me-d either way. Maybe something like "If
you're trying to do this on a production environment, I'd recommend
you to do this a different way - or with an account with much less
permissions than a domain admin account - as you're practically
handing the keys to your enterprise to anybody with access to this
machine. With that being said - let me try to help with your group
policy not being pushed to this computer."

Regardless of what I feel, I know I was a jerk for calling you out. I
was extremely frustrated with your comments about you believing I
should be terminated, without digging a little deeper. I know digging
a little deeper isn't what you need to do, but please know that,
although you said you didn't mean to be rude, mentioning something
like this is closer to a personal attack than anything else posted on
this thread, and I overreacted the accusation. I took it to heart,
and I shouldn't have.
Previous Topic:Desktop Lockdown Policy
Next Topic:2 DC's need to shut one down
Goto Forum:
  


Current Time: Wed Jan 17 04:14:24 MST 2018

Total time taken to generate the page: 0.03366 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software