| Author | Messages | |
senthilcc
Posts:3
 | | 03/16/2009 7:51 PM |
| Hi,
We have around 2000 Win XP SP3 computers with Windows 2003 AD domain. All
were working fine.
Recently we changed an existing windows xp firewall policy (to add some port
exceptions).
But this policy is not affecting the client machines.
When I delete %allusersprofile%\ntuser.pol the changes in the policy is
updating properly.
Could someone please let me know, if this is correct method (deleting
ntuser.pol).
and why this problem happens.
Please help.
Regards
Senthil.
| | | |
| Darren
Posts:103
| | 03/16/2009 8:16 PM |
| Senthil-
You should not have to delete the ntuser.pol file for this to work.
Ntuser.pol is the admin templates archive file-it is responsible for
removing previously applied admin template policies when that policy is
re-processed. The fact that removing it fixes your problem indicates to me
that perhaps that file was corrupt or otherwise out-of-date in the first
place.
Darren
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Senthil Chandraprakasam
Sent: Monday, March 16, 2009 4:44 PM
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] registry setting policies are not applying
Hi,
We have around 2000 Win XP SP3 computers with Windows 2003 AD domain. All
were working fine.
Recently we changed an existing windows xp firewall policy (to add some port
exceptions).
But this policy is not affecting the client machines.
When I delete %allusersprofile%\ntuser.pol the changes in the policy is
updating properly.
Could someone please let me know, if this is correct method (deleting
ntuser.pol).
and why this problem happens.
Please help.
Regards
Senthil.
| | | |
| Syspro
Posts:0
| | 03/16/2009 11:14 PM |
| Hi Darrin, Senthil,
I used to find the same issue. The problem was that the Ntuser.pol file was
corrupt and so Group Policy Processing would skip processing the registry
settings. Deleting the file (which was normally empty) meant then it would
start running again, although potentially the non tattooed entries would
stay in place.
I slightly better approach is to replace the ntuser.pol file with a
"standard" one copied from another machine. Of course the definition of
"Standard" is a bit difficult to define
Never could find out what caused the corruption, because you would normally
only find out about it several weeks later. It only ever happened on 1% of
machines and I could never find out a common symptom
Alan Cuthbertson
Policy Management Software (Now with ADMX and Preference support):-
http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml>
&f=pol_summary.shtml
ADM Template Editor(Now with ADMX support):-
http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml>
&f=adm_summary.shtml
Policy Log Reporter - including Preference logging(Free)
http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml>
&f=policyreporter.shtml
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Tuesday, 17 March 2009 11:06 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] registry setting policies are not applying
Senthil-
You should not have to delete the ntuser.pol file for this to work.
Ntuser.pol is the admin templates archive file-it is responsible for
removing previously applied admin template policies when that policy is
re-processed. The fact that removing it fixes your problem indicates to me
that perhaps that file was corrupt or otherwise out-of-date in the first
place.
Darren
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Senthil Chandraprakasam
Sent: Monday, March 16, 2009 4:44 PM
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] registry setting policies are not applying
Hi,
We have around 2000 Win XP SP3 computers with Windows 2003 AD domain. All
were working fine.
Recently we changed an existing windows xp firewall policy (to add some port
exceptions).
But this policy is not affecting the client machines.
When I delete %allusersprofile%\ntuser.pol the changes in the policy is
updating properly.
Could someone please let me know, if this is correct method (deleting
ntuser.pol).
and why this problem happens.
Please help.
Regards
Senthil.
| | | |
| senthilcc
Posts:3
| | 03/17/2009 12:34 PM |
| Hi Alan , Darren
Thanks for your valuable inputs.
My concern is most of the machines in our domain (around 70%) has this
purticular problem.
I am currently planning to run a script to delete ntuser.pol on all the
machines.
Regards
Senthil.
On Tue, Mar 17, 2009 at 8:37 AM, Alan and Margaret Cuthbertson <
xxxxxxxxxxxxxxxx> wrote:
> Hi Darrin, Senthil,
>
>
>
> I used to find the same issue. The problem was that the Ntuser.pol file was
> corrupt and so Group Policy Processing would skip processing the registry
> settings. Deleting the file (which was normally empty) meant then it would
> start running again, although potentially the non tattooed entries would
> stay in place.
>
>
>
> I slightly better approach is to replace the ntuser.pol file with a
> “standard” one copied from another machine. Of course the definition of
> “Standard” is a bit difficult to define
>
>
>
> Never could find out what caused the corruption, because you would normally
> only find out about it several weeks later. It only ever happened on 1% of
> machines and I could never find out a common symptom
>
>
>
> Alan Cuthbertson
>
>
>
>
>
> Policy Management Software (Now with ADMX and Preference support):-
>
> http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml
>
>
>
> ADM Template Editor(Now with ADMX support):-
>
> http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml
>
>
>
> Policy Log Reporter – including Preference logging(Free)
>
> http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml
>
>
>
>
>
>
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Darren Mar-Elia
> *Sent:* Tuesday, 17 March 2009 11:06 AM
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* RE: [gptalk] registry setting policies are not applying
>
>
>
> Senthil-
>
> You should not have to delete the ntuser.pol file for this to work.
> Ntuser.pol is the admin templates archive file—it is responsible for
> removing previously applied admin template policies when that policy is
> re-processed. The fact that removing it fixes your problem indicates to me
> that perhaps that file was corrupt or otherwise out-of-date in the first
> place.
>
>
> Darren
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Senthil Chandraprakasam
> *Sent:* Monday, March 16, 2009 4:44 PM
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* [gptalk] registry setting policies are not applying
>
>
>
> Hi,
>
>
>
> We have around 2000 Win XP SP3 computers with Windows 2003 AD domain. All
> were working fine.
>
>
>
> Recently we changed an existing windows xp firewall policy (to add some
> port exceptions).
>
>
>
> But this policy is not affecting the client machines.
>
>
>
> When I delete %allusersprofile%\ntuser.pol the changes in the policy is
> updating properly.
>
>
>
> Could someone please let me know, if this is correct method (deleting
> ntuser.pol).
>
>
>
> and why this problem happens.
>
>
>
> Please help.
>
>
>
> Regards
>
> Senthil.
>
| | | |
| Syspro
Posts:0
| | 03/17/2009 4:51 PM |
| Hi Senthil,
I would agree that you need to fix it if you have that many machines.
However, it would be better (not perfect) to replace it with the nutser.pol
that you have in the default profile. It should at least contain most of the
Non tattooed policies.
If you do delete the files, do they get broken again later?
I would also make sure that the script deletes it only once. Deleting it
every time would be a bad idea. Basically Non tattooed polices would behave
like tattooed policies. Better still, replace it only if it is broken.
Working out whether it is broken could be difficult. If it is empty, it is
broken. If the first 4 characters are not "PReg" then it is broken. However
there are probably many other types of "broken".
Alan Cuthbertson
Policy Management Software (Now with ADMX and Preference support):-
http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml>
&f=pol_summary.shtml
ADM Template Editor(Now with ADMX support):-
http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml>
&f=adm_summary.shtml
Policy Log Reporter - including Preference logging(Free)
http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml>
&f=policyreporter.shtml
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Senthil Chandraprakasam
Sent: Wednesday, 18 March 2009 3:29 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] registry setting policies are not applying
Hi Alan , Darren
Thanks for your valuable inputs.
My concern is most of the machines in our domain (around 70%) has this
purticular problem.
I am currently planning to run a script to delete ntuser.pol on all the
machines.
Regards
Senthil.
On Tue, Mar 17, 2009 at 8:37 AM, Alan and Margaret Cuthbertson
<xxxxxxxxxxxxxxxx> wrote:
Hi Darrin, Senthil,
I used to find the same issue. The problem was that the Ntuser.pol file was
corrupt and so Group Policy Processing would skip processing the registry
settings. Deleting the file (which was normally empty) meant then it would
start running again, although potentially the non tattooed entries would
stay in place.
I slightly better approach is to replace the ntuser.pol file with a
"standard" one copied from another machine. Of course the definition of
"Standard" is a bit difficult to define
Never could find out what caused the corruption, because you would normally
only find out about it several weeks later. It only ever happened on 1% of
machines and I could never find out a common symptom
Alan Cuthbertson
Policy Management Software (Now with ADMX and Preference support):-
http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml>
&f=pol_summary.shtml
ADM Template Editor(Now with ADMX support):-
http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml>
&f=adm_summary.shtml
Policy Log Reporter - including Preference logging(Free)
http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml>
&f=policyreporter.shtml
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Tuesday, 17 March 2009 11:06 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] registry setting policies are not applying
Senthil-
You should not have to delete the ntuser.pol file for this to work.
Ntuser.pol is the admin templates archive file-it is responsible for
removing previously applied admin template policies when that policy is
re-processed. The fact that removing it fixes your problem indicates to me
that perhaps that file was corrupt or otherwise out-of-date in the first
place.
Darren
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Senthil Chandraprakasam
Sent: Monday, March 16, 2009 4:44 PM
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] registry setting policies are not applying
Hi,
We have around 2000 Win XP SP3 computers with Windows 2003 AD domain. All
were working fine.
Recently we changed an existing windows xp firewall policy (to add some port
exceptions).
But this policy is not affecting the client machines.
When I delete %allusersprofile%\ntuser.pol the changes in the policy is
updating properly.
Could someone please let me know, if this is correct method (deleting
ntuser.pol).
and why this problem happens.
Please help.
Regards
Senthil.
| | | |
|
|