Group policy not applying to OU 2

[okctek]

I have searched through forums and cannot find the answer. This was my last option, to bother you tipsters with this rather elementary issue.
OK. I have a simple "Test" OU that I've applied a policy to. What could be the cause for the policies to not take? My policies are My Doc-folder redirection and enable "disable changing wallpaper". I have a test group that has 1 member "John Testman" in it. I looked in the Event Viewer yesterday while working on this and it did have an entry that stated "Failed to perform redirection of folder my docs... full source path was C:\blah\blah\blah. The full destination path was \\servername\home\jtestman. At least one of the shares on which these paths lie is currently offline." Offline? They're both accessible and online. AND how come today there are no more entry's as I've tried to log in SEVERAL times with no luck in redirecting my docs?

On another note, the Display security baffles me as well but isn't as much as a priority right now.

As always any help would be monumental in me keeping my job! LOL. Thanks!

 

[nsanto17]

Make sure you have DNS set up properly. Usually all problems with AD go back to DNS. Make sure that DNS is installed and running on your DC. Also make sure that your workstation is using your DC as its DNS server.

I have had this exact problem before and once i changed the client to go through the DC for DNS then all problems went away.

Thanks

Nick

 

[okctek]

The PC I am testing with WAS in fact configured statically so I reconfigured for DHCP just in case for auto configuration purposes. I rejoined it to the domain and still no governing.
DNS should be configured ok as I've double checked settings and name resolution by using nslookup on several machines.
Also, worthy of noting is that aside from the default domain policy that works fine, there is our Admins OU and it's policy that seems to be a-ok as well. I feel confident that I could edit the domain policy to redirect my doc's but I just don't understand why it's not working under my test OU.

 

[SLMHC]

i tried to redirect my My Docs folder to see if i could get it to work. I cant. I get the following in the application log:

Event Type: Error
Event Source: Folder Redirection
Event Category: None
Event ID: 112
Date: 12/04/2005
Time: 11:59:03 AM
User: domain\dhildebrand
Computer: workstation
Description:
Failed to perform redirection of folder My Documents. The files for the redirected folder could not be moved to the new location. The folder is configured to be redirected to <\\server\NetData\users test\%username%>. Files were being moved from <C:\Documents and Settings\dhildebrand\My Documents> to <\\sever\NetData\users test\dhildebrand>. The following error occurred while copying <C:\Documents and Settings\dhildebrand\My Documents\DESKTOP.INI> to <\\server\NetData\users test\dhildebrand\DESKTOP.INI>:
Access is denied.


I was getting the same error for My Music folder before i deleted it. All other OU policies are working in fine order. DNS also shows no errors. So okctek you are not alone in your problems with folder redirectin.


thanks,

Dave

 

[okctek]

Thanks Dave for jumping in!
I'd suggest double checking security permissions in group policy properties. Or in group policy- My documents properties/settings ensuring user has full access. I hope this is of some help.

I am working on my issue diligently so if and when I resolve it, I will update this post.

With my situation, unfortunately, I have walked into a highly unorganized active directory setup associated with my new position AND title I might add. I'm still familiarizing myself with our network and its AD/policies. From the looks of it though it appears we have domain admins EVERYWHERE and that's just the start of things I think. Getting everyone organized and properly governed will be a task. But I don't want to change anything without properly knowing WHY they are that way to begin with.
So first things first.. I need to figure out why my TEST OU will not apply policies then go from there.

Again, if anyone can help your suggestions may shorten my timeframe. Thanks!!

 

[SLMHC]

Ive given full rights to both places, the my docs was already set. normally a GPO only needed to have Read & Apply checked in Security.

Still hunting down this issue, sorry for adding this to your post...

Dave

 

[PScottC]

I just create a policy and set it to redirect to "user's home folder" which is the property on the user account. Works great.

Make sure that the base folder has been created on the destination.

Also... I know this isn't in the Server 2003 forum, but... The default permissions at the share level in 2003 is Everyone/Read. Be sure to check your share permissions AND your NTFS permissions. You should be limiting access at the NTFS level because the permissions are more granular there. At the share level you should assign Everyone/Full.

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers

 

[SLMHC]

I logged in this morning and folder redirection worked. not sure why, and im too busy this morning to look into it further. just off the top of my head, my My Docs folder might have been "locked" with all the work it was doing with it yesterday.

thanks,

Dave

 

[PScottC]

Found this this morning:

If you must create folders for users, make sure that you set the correct permissions. Then, clear the Grant exclusive rights to check box on the Settings tab of the Folder RedirectionProperties page. If you do not clear this check box, Folder Redirection first checks preexisting folders to determine if the user is the owner. If the administrator previously created the folder, the check fails, and redirection is cancelled. Folder Redirection logs an event in the Application event log indicating that redirection failed and that the new directories for the redirected folder cannot be created due to not being able to assign a security ID as the owner of the folder (Event ID 101).

You can find this here: [URL unfurl="true"]http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/2b24872a-05ca-41be-9887-33acc87a2056.mspx[/url]

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers

 

[SLMHC]

The link PScottC provided has loads of good info to setup folder redirection. my problems were solved when i unchecked the give user complete rights to folder option. i know have redirected my folder and been able to setup offline access to it with no errors.

it might be a good idea to start from scratch okctek.

thanks,

Dave

 

[okctek]

All of this is so much help! I am dealing with a rather "hosey" AD setup I believe. We have several OU's with policies and just about every user is a member regardless of his/her dept affiliation of pretty much every OU. EVEN THE ADMINISTRATORS OU. So I think we have conflicting policies but I'm not sure. Still evaluating and testing with my test user account.

I do have a question however in regards to the folder redirection process. It was my understanding that when the redirection takes place the doc's are placed on the users home drive. The admin that set this up before my arrival has the data being placed on the local C: in My Doc's but you can still log onto another PC and they will be there as well. Problem is that A: it won't be backed up daily if it's not on the server share and B: if the user cleans up his My doc's on one PC it's not replicating over to the others. What good does that do? I want my users to save to My Doc's and that being virtually \\server\home\%user%. In this case if it's set up properly, the user should be able to go directly to his/her home drive and find all the doc's there which have been saved previously to My Doc's on any machine. Right now the way it's currently config'd, it is nowhere to be found under ANY NAME OR FOLDER on the server share.

Sorry so long but you can imagine my frustration in trying to organize some of this.

Again thanks for all the pointers, it's been a great help!!

 

[PScottC]

Here's how I would typically set this up... I would define the user's home folder on their user account... Let's say H: \\myfileserver\users\%username%

Then in the GPO, I would redirect My Documents to H: for all users.

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers