Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account


Photo

Policy not working


  • Please log in to reply
13 replies to this topic

#1
Octopuss

Octopuss

    I am the walrus

  • Member
  • PipPipPipPipPipPip
  • 1,127 posts
  • OS:Windows 7 x64
  • Country: Country Flag

Donator

I could use some tips. I created GPO which is supposed to 1) copy a file from a server to local disk and 2) do simple change in registry. Unfortunately it doesn't work and I can't figure out why.

I want it to work on whole computer rather on user, so in the editor I changed relevant settings under computer configuration. I also linked the GPO to one computer only - for testing purposes.

gpresult /r shows me that the policy is applied, but in reality nothing happens. I am out of ideas... What should I check?

Attached Files

  • Attached File  gpo.png   45.95KB   12 downloads



How to remove advertisement from MSFN

#2
allen2

allen2

    Not really Newbie

  • Member
  • PipPipPipPipPipPipPip
  • 1,812 posts
Did you checked the rights on the share and the ntfs permission there (the computer account should have the rights there) ?
Also i wouldn't do it this way: I would create a batch file to copy the file and import the reg entry and i would put the needed files (if they are small) in the gpo folder.

#3
Octopuss

Octopuss

    I am the walrus

  • Member
  • PipPipPipPipPipPip
  • 1,127 posts
  • OS:Windows 7 x64
  • Country: Country Flag

Donator

Did you checked the rights on the share and the ntfs permission there (the computer account should have the rights there) ?
Also i wouldn't do it this way: I would create a batch file to copy the file and import the reg entry and i would put the needed files (if they are small) in the gpo folder.

That makes no sense to do since the functionality is right there in the GPO editor....




Rights should be ok as I logged on to the domain with admin account.




#4
allen2

allen2

    Not really Newbie

  • Member
  • PipPipPipPipPipPipPip
  • 1,812 posts
Of course, but you're still stuck with a not working gpo and also those settings are new (i never used them so i can't tell if they are reliable) but i'm sure of something: everything that run under a computer config in a gpo will run with the computer system account so if you copy something from a share it might not work if the shared folder isn't properly configured (unless the gpo tools make a local copy of the file in the gpo folder).
Usually, i use a script only to get logs of the executed work to debug problems.

#5
Octopuss

Octopuss

    I am the walrus

  • Member
  • PipPipPipPipPipPip
  • 1,127 posts
  • OS:Windows 7 x64
  • Country: Country Flag

Donator

So which permissions should I specifically check for?

#6
allen2

allen2

    Not really Newbie

  • Member
  • PipPipPipPipPipPipPip
  • 1,812 posts
You need to add the accounts of your target computers (or a group containing them like "authenticated users" but this one contains almost all AD objects).

#7
Octopuss

Octopuss

    I am the walrus

  • Member
  • PipPipPipPipPipPip
  • 1,127 posts
  • OS:Windows 7 x64
  • Country: Country Flag

Donator

Well, I should have that. In the Scope tab, under security filtering, I added that specific computer to the list.

I created other policy in the same way (computer settings etc.) that installs an app and it works just fine.



#8
Octopuss

Octopuss

    I am the walrus

  • Member
  • PipPipPipPipPipPip
  • 1,127 posts
  • OS:Windows 7 x64
  • Country: Country Flag

Donator

I nailed it down to probably permissions problem. I added some app installation to the same policy and it worked.




So:

What kinda permissions do I need (and where?) in order to be able to do a registry change on a machine via GPO, under computer configuration?



#9
Octopuss

Octopuss

    I am the walrus

  • Member
  • PipPipPipPipPipPip
  • 1,127 posts
  • OS:Windows 7 x64
  • Country: Country Flag

Donator

Really need some help here... I googled like mad and found nothing.

#10
Octopuss

Octopuss

    I am the walrus

  • Member
  • PipPipPipPipPipPip
  • 1,127 posts
  • OS:Windows 7 x64
  • Country: Country Flag

Donator

After hopelessly trying this and that I managed to nail it down to some sort of incompatibility with Windows XP. In theory, this http://support.microsoft.com/kb/943729 should let me use the new stuff on XP, but it is still not working at all.

#11
Octopuss

Octopuss

    I am the walrus

  • Member
  • PipPipPipPipPipPip
  • 1,127 posts
  • OS:Windows 7 x64
  • Country: Country Flag

Donator

I will finish my monologue with what I finally found out.

I use nLite to ease the installation of XP machines. After even more trial and error I accidentally found out that that KB943729 doesn't install (or just doesn't work - I don't know) if I integrate Intel chipset drivers into the installation image. Doesn't make sense? I know. It does work if I install those drivers after I join domain and install the KB.

What I did was integrade the KB into the image as well like if I was adding updates. I have no idea what the deal was, but it works.



#12
Tripredacus

Tripredacus

    K-Mart-ian Legend

  • Super Moderator
  • 9,710 posts
  • OS:Server 2012
  • Country: Country Flag

Donator

I will finish my monologue with what I finally found out.

I use nLite to ease the installation of XP machines.


Many of our users will be sad/angry to read this. :o

I see you've been using nLite for quite a while now and no one would jump to a conclusion and think maybe your use to nLite was related to your recent question about pushing out a Flash update via GPO for your customer.... By now you must have encountered the many threads in the nLite forum that talk about its EULA.
:no:
MSFN RULES | GimageX HTA for PE 3.x | lol probloms
msfn2_zpsc37c7153.jpg

#13
iamtheky

iamtheky

    Friend of MSFN

  • Member
  • PipPipPipPipPip
  • 866 posts
indeed Trip,

Dont get me wrong, I spent months building a hardened XP image. Many roadblocks were overcome by letting Nlite accomplish the task, then working very much backwards with windiff/regshot to see what was altered. Then applying the effective changes manually to the Master Systems, then researching why it worked, then documenting. Seems if you let Nlite do all the work and push it out the door, more often than not your answer would be:

I have no idea what the deal was, but it works.


Even if I were to ignore the EULA and authors wishes, with such a grand lack of documentation and dedicated support it would still not be a feasible solution for distribution.

Edited by iamtheky, 01 February 2012 - 11:35 AM.

iamtheKy

#14
Octopuss

Octopuss

    I am the walrus

  • Member
  • PipPipPipPipPipPip
  • 1,127 posts
  • OS:Windows 7 x64
  • Country: Country Flag

Donator

You are quite right, actually. If I could I'd pay for a licence for nLite, but sadly such option doesn't exist :( I also completely forgot about this because I haven't touched XP for quite some time and then I needed to come up with a solution when I got this job.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users



How to remove advertisement from MSFN