Troubleshooting Group Policy
The process of diagnosing what is going on with GP and why it’s not doing what you want it to do can be infuriating at times. Use the steps recommended in the following sections to assist you in tracking down where your problem lies.
Resolving DNS Problems
DNS problems can plague your network and make it nearly impossible for GPOs to be applied. This problem manifests itself primarily in the requirements for logging on to a domain: without DNS, you still might be able to authenticate to a domain controller, but GPOs simply will break. That’s because they require various types of DNS SRV records to know which computer has which service to manage. This is a good place to start looking if GP simply doesn’t function.
Analyzing Inheritance
If you are a seasoned network professional, you’ll be familiar with the concept of inheritance. This also can be a stumbling block with GP. Beware of a couple of options. The first is the No Override function, which does nothing more than cease the processing of any GPOs under the object on which the option is set. Conversely, also be wary of the Block Inheritance function, which stops the processing of GPOs that reside higher in the GPO processing hierarchy. This is a case of knowing what you set and properly documenting it, but it still can eat up hours upon hours of troubleshooting time.
GPO Distribution and Synchronization
Another issue you might see is that of GP distribution and synchronization. Distribution ...
Get Learning Windows Server 2003 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.