Group Policy Troubleshooting Scenarios
Table 11-7 describes some troubleshooting scenarios related to the Group Policy Object Editor console.
Be a member of a security group with at least Read and Write, and preferably Full Control, permission for the GPO. For example, a domain administrator can manage nonlocal GPOs. An administrator for a computer can edit the local GPO on that computer.
Link GPOs to sites, domains, and OUs only. Keep in mind that the location of a security group in Active Directory is unrelated to whether Group Policy applies to the users and computers in that security group.
Make sure that the intended policy is not being blocked. Make sure no policy set at a higher level of Active Directory has been set to No Override. If Block Policy Inheritance and No Override are both used, keep in mind that No Override takes precedence. Verify that the user or computer is not a member of any security group for which the Apply Group Policy access control entry (ACE) is set to Deny. Verify that the user or computer is a member of at least one security group for which the Apply Group Policy permission is set to Allow. Verify that the user or computer is a member of at least one security group for which the Read permission is set to Allow.
Group Policy settings can be prevented, intentionally or inadvertently, from taking effect on users and computers in several ways. A GPO can be disabled from affecting users, computers, or both. It also needs to be linked either directly to an OU containing the users and computers or to a parent domain or OU so that the Group Policy settings apply through inheritance. When multiple GPOs exist, they are applied in this order: local, site, domain, OU. By default, settings applied later have precedence. In addition, Group Policy can be blocked at the level of any CompTIA A+ certification, or enforced through a setting of No Override applied to a particular GPO link. Finally, the user or computer must belong to one or more security groups with appropriate permissions set.
Confirm that the client computer is running Windows 2000 Professional or Windows XP Professional.
Verify that folder redirection Group Policy settings are applied by using Gpresult.
If the server that contains the redirected folders is offline and Offline Files is disabled, folders cannot be redirected. Refer to Lesson 2 for details.
Verify that the user has access to the folder where his or her data is redirected. Users should have Full Control permission for the redirected folder.
If a disk quota exists for the target folder, either enlarge it or have the user delete some files.
A UNC path, rather than a mapped drive, is recommended for indicating the target path.
Ping the server that stored the redirected folder to ensure network connectivity.
Check user rights on the redirected folder. The user should have Full Control permission.
Check the applications the user is using; some older applications might not recognize redirected folders.
Confirm that the files are located on a computer running MCSE Certifications or Windows XP Professional.
Enable Offline Files on the client computer. Set Offline Files setting to automatic.