Home / Articles / Windows / GROUP POLICY TROUBLESHOOTING GENERIC CHECKLIST

GROUP POLICY TROUBLESHOOTING GENERIC CHECKLIST

Please find below Linear and Logical Group Policy Troubleshooting Steps as we discussed in L&L held previously :

 

GROUP POLICY TROUBLESHOOTING GENERIC CHECKLIST

 

  1. AD Replication is working. PDC is contactable
  2. FRS is healthy
  3. Check event logs
  4. Examine the DNS settings and network properties on the servers and client computers.
  5. network connectivity and packet fragmentation
  6. rsop
  7. gpresult /v
  8. binding order of nic cards on multi-homed computers
  9. GPO Must Be Linked. The GPO is linked to right container
  10. The container to which GPO is linked should contain the correct object types – users/computers
  11. A GPO may have its user settings disabled, its computer settings disabled, or all settings disabled
  12. Check for LSDOU Rule. There might be conflicting policy. In GPMC, in Group Policy Inheritance tab check for precedence order of GPOs. In conflict the GPO with higher precedence wins.
  13. A conflicting GPO can have ENFORCED setting enabled. In GPMC, in Group Policy Inheritance tab check for precedence order of GPOs. In conflict the GPO with higher precedence wins.
  14. The container can have BLOCK INHERITANCE applied.
  15. group policy inheritance rules
  16. loopback processsing
  17. Check slow link. The following types of policy settings are not applied over a slow link:

* Software Installation

* Scripts

* Folder Redirection settings disable fast logon optimization

  1. wmi filtering
  2. Check GPO permissions and security filtering
  3. check ad attributes
  4. A GPO may have its user settings disabled, its computer settings disabled, or all settings disabledSome settings need reboot
  5. Run the dfsutil /purgemupcache command.
  6. Examine the Server Message Block signing settings on the client computers.
  7. Make sure that the TCP/IP NetBIOS Helper service, the Net Logon service, and the Remote Procedure Call (RPC) service are started on all computers.
  8. Make sure that Distributed File System (DFS) is enabled on all computers.
  9. Check if Policy setting is supported
  10. Machine required resources are not available. The following Event Numbers trigger this error: (1002, 1035, 1063, 1075, 1078, 1081, 1082, 1094, 1107)
  11. Critical files on domain controllers or client computers are missing or corrupted. check for the presence and integrity of the following files in the SYSVOL share and its subfolders on the domain controller.
    • Files in the Group Policy template.
    • Registry.pol (Search %windir%\debug\usermode\UserEnv.log for references to this file). This file is used for processing administrative templates through the registry CSE.

On the client, check for the presence and integrity of the following files in the %windir%\system32 folder. Replace suspect or files missing from the CD for the client’s operating system. The System File Checker (Sfc.exe) can be used to scan all protected files to verify their versions.

    • UserEnv.dll. Used for core Group Policy processing including registry CSE and profiles.
    • Dskquota.dll. Used for Disk Quota CSE processing.
    • Fdeploy.dll. Used for Folder Redirection CSE processing.
    • Gptext.dll. Used for Scripts, IP Security, QoS Packet Scheduler, and Wireless settings processing.
    • Appmgmts.dll. Used for Software Installation CSE processing.
    • Scecli.dll. Used for Security Settings CSE processing.

 

Share


Comment on GROUP POLICY TROUBLESHOOTING GENERIC CHECKLIST

Leave a Reply






Contact Us