Jump to content

Policy not working


Octopuss

Recommended Posts

I could use some tips. I created GPO which is supposed to 1) copy a file from a server to local disk and 2) do simple change in registry. Unfortunately it doesn't work and I can't figure out why.

I want it to work on whole computer rather on user, so in the editor I changed relevant settings under computer configuration. I also linked the GPO to one computer only - for testing purposes.

gpresult /r shows me that the policy is applied, but in reality nothing happens. I am out of ideas... What should I check?

post-204900-0-25402600-1327399521_thumb.

Link to comment
Share on other sites


Did you checked the rights on the share and the ntfs permission there (the computer account should have the rights there) ?

Also i wouldn't do it this way: I would create a batch file to copy the file and import the reg entry and i would put the needed files (if they are small) in the gpo folder.

Link to comment
Share on other sites

Did you checked the rights on the share and the ntfs permission there (the computer account should have the rights there) ?

Also i wouldn't do it this way: I would create a batch file to copy the file and import the reg entry and i would put the needed files (if they are small) in the gpo folder.

That makes no sense to do since the functionality is right there in the GPO editor....

Rights should be ok as I logged on to the domain with admin account.

Link to comment
Share on other sites

Of course, but you're still stuck with a not working gpo and also those settings are new (i never used them so i can't tell if they are reliable) but i'm sure of something: everything that run under a computer config in a gpo will run with the computer system account so if you copy something from a share it might not work if the shared folder isn't properly configured (unless the gpo tools make a local copy of the file in the gpo folder).

Usually, i use a script only to get logs of the executed work to debug problems.

Link to comment
Share on other sites

Well, I should have that. In the Scope tab, under security filtering, I added that specific computer to the list.

I created other policy in the same way (computer settings etc.) that installs an app and it works just fine.

Link to comment
Share on other sites

I nailed it down to probably permissions problem. I added some app installation to the same policy and it worked.

So:

What kinda permissions do I need (and where?) in order to be able to do a registry change on a machine via GPO, under computer configuration?

Link to comment
Share on other sites

I will finish my monologue with what I finally found out.

I use nLite to ease the installation of XP machines. After even more trial and error I accidentally found out that that KB943729 doesn't install (or just doesn't work - I don't know) if I integrate Intel chipset drivers into the installation image. Doesn't make sense? I know. It does work if I install those drivers after I join domain and install the KB.

What I did was integrade the KB into the image as well like if I was adding updates. I have no idea what the deal was, but it works.

Link to comment
Share on other sites

I will finish my monologue with what I finally found out.

I use nLite to ease the installation of XP machines.

Many of our users will be sad/angry to read this. :o

I see you've been using nLite for quite a while now and no one would jump to a conclusion and think maybe your use to nLite was related to your recent question about pushing out a Flash update via GPO for your customer.... By now you must have encountered the many threads in the nLite forum that talk about its EULA.

:no:

Link to comment
Share on other sites

indeed Trip,

Dont get me wrong, I spent months building a hardened XP image. Many roadblocks were overcome by letting Nlite accomplish the task, then working very much backwards with windiff/regshot to see what was altered. Then applying the effective changes manually to the Master Systems, then researching why it worked, then documenting. Seems if you let Nlite do all the work and push it out the door, more often than not your answer would be:

I have no idea what the deal was, but it works.

Even if I were to ignore the EULA and authors wishes, with such a grand lack of documentation and dedicated support it would still not be a feasible solution for distribution.

Edited by iamtheky
Link to comment
Share on other sites

You are quite right, actually. If I could I'd pay for a licence for nLite, but sadly such option doesn't exist :( I also completely forgot about this because I haven't touched XP for quite some time and then I needed to come up with a solution when I got this job.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...