Troubleshooting Group Policy Jeremy Moskowitz, Group Policy MVP Chief Propeller-Head: GPanswers.com Founder: PolicyPak Software (policypak.com) Twitter:

Slides:

Advertisements

Similar presentations

Auditing Microsoft Active Directory

Advertisements

Management tools GPOE & GPMC Group Policy Preferences Group Policy Service GP shared service More stable and strengthened Service Group Policy Templates.

ACTIVE DIRECTORY GROUP POLICY MAEDS Spring PD Day 2012 Nicholas A. Hay Jefferson Schools

Microsoft Server 2008 R2 Group Policies & AD. Group Policies-Refresher  Policies are “all or nothing”  You cannot selectively choose within a policy.

Build-Deploy-Test with Visual Studio Lab Management 2010 Pieter Gheysens Visual Studio ALM MVP – Sparkles User Group Lead VISUG (

Understanding Group Policy on Windows Server 2003 Michael J. Murphy TechNet Presenter

Understanding Group Policy on Windows Server 2003.

Module 5: Creating and Configuring Group Policy

Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.

New features in Windows Vista Multiple Local GPOs Network Awareness ADMX Files Improved Logging Coming in Windows Server 2008 Filters Comments Starter.

Managing User Settings with Group Policy

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

HTML5 That’s what you need to know today Ingo Rammer, thinktecture

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

Clyde G. Johnson.  Test Environment  Tools of the trade  Demo  Central Store  Show  Group Policy Spreadsheets  Demo  Planning and Deployment.

& Silverlight, Windows Phone 7, Windows Azure, jQuery, OData and RIA Services. Shaken, not stirred. Kevin

Maintaining and Updating Windows Server 2008

Bonus #1 (For Geeks) … ADM(x) and Group Policy Preferences “Gotchas” Bonus #2: Special Group Policy Announcements !

Best Practices in Virtualizing RDS and VDI: THE Virtual Reality Check Ruben

Group Policy – Tips, Tricks and Best Practices

Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.

Understanding and Troubleshooting Group Policy Function Darren Mar-Elia CTO, Infrastructure Management, Quest Software MS-MVP for Group Policy Quest.

(ITI310) By Eng. BASSEM ALSAID SESSIONS

Introduction to Active Directory December 10th, pm Daniels 407.

9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

Parallel Programming in.NET 4.0 Tasks and Threading Ingo Rammer, thinktecture

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

Section 2: Using Group Policy Management Tools Local vs. Domain Policies Editing Local Policies Managing Domain Policies Understanding Group Policy Refresh.

Total Workstation Lockdown: Your Action Plan Jeremy Moskowitz, Group Policy MVP Chief Propeller-Head: GPanswers.com Founder: PolicyPak Software (policypak.com)

Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.

70-411: Administering Windows Server 2012

Section 12: Creating and Deploying Administrative Templates Introducing Administrative Templates Legacy ADM Templates Using the New ADMX Templates Converting.

Managing User Desktops with Group Policy

Module 7 Configure User and Computer Environments By Using Group Policy.

Implementing Group Policy. Overview What is Group Policy Introduction to Group Policy Group Policy Structure How Group Policy Settings Are Applied in.

Section 5: Troubleshooting and Backing Up GPOs Using Group Policy Troubleshooting Tools Integration of RSoP Functionality Using Logging Options Backing.

Group Policy in Windows Vista Stephen Lamb IT Pro Evangelist, Microsoft Ltd

4. Managing the Desktop Thomas Lee Chief Technologist – QA plc.

Module 11: Troubleshooting Group Policy Issues. Module Overview Introduction to Group Policy Troubleshooting Troubleshooting Group Policy Application.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 11: Group Policy for Corporate Policy.

Module 5: Creating and Configuring Group Policies.

Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.

Migration and Deployment of Office 2010 Steffen Krause Senior Technical Evangelist Microsoft Deutschland GmbH

Windows Azure for IT Pros Kurt CLAEYS (TSP Windows Azure, Microsoft EMEA)

Administering Group Policy Chapter Eleven. Exam Objectives in this Chapter  Plan a Group Policy strategy using Resultant Set of Policy Planning mode.

Company Confidential 1 A Course on Planning A Group Policy Management And Implementation Strategy Prepared for: *Stars* New Horizons Certified Professional.

Implementing Group Policy

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10.

Implementing a Group Policy Infrastructure

Module 6 Creating and Configuring Group Policy. Module Overview Overview of Group Policy Configuring the Scope of Group Policy Objects Evaluating the.

Chapter 7: Managing and Troubleshooting Group Policy.

Service Manager 2010 Real Life Example: The coffee workflow Mike Resseler & Alexandre Verkinderen Infront Consulting Group.

Building Robust, Maintainable Coded UI Tests with Visual Studio 2010 Brian Keller Sr. Technical Evangelist – Visual Studio ALM

Module 11: Troubleshooting Group Policy Issues. Module Overview Introduction to Group Policy Troubleshooting Troubleshooting Group Policy Application.

Windows Server 2003 群組原則設定與管理林寶森

Group Policy in Windows Vista. Group Policy Administration Group Policy with Windows Vista QoS Policies What Will We Cover?

GROUP POLICY. Group Policy is a hierarchical infrastructure which allows systems administrators to configure computer and user settings from a central.

To OData or Not to OData Chris Eargle kodefuguru.com.

Group Policy Preferences. Session Objectives And Agenda Group Policy Preferences High level Overview New Extensions details New Concepts Preferences Reporting.

Dive into Application Lifecycle Management with Visual Studio 2010

Automating AD Administration with Windows PowerShell

MDOP: Advanced Group Policy Management 4.0

Utilize Group Policy Terminal Server Settings

SharePoint & jQuery: Better Together

Tech·Ed North America /7/2018 9:06 AM

Chris Eargle kodefuguru.com

Opalis System Center Integration Packs Deep Dive

Presentation transcript:

Troubleshooting Group Policy Jeremy Moskowitz, Group Policy MVP Chief Propeller-Head: GPanswers.com Founder: PolicyPak Software (policypak.com)

Our Trouble Spot Road Map New Areas – New potential problems Updated “under the hood” changes The Central Store. The “Why” and “Problems” Updated logging model RSoP differences for Windows XP vs. Windows Vista+ clients Troubleshooting Group Policy Preference Extensions 2

Under the hood changes “No Brain energy required” Group Policy runs as a “hardened” service 3rd party CSEs are isolated Changes in behavior when clients are offline for a while… (next slide) 3

Network Location Awareness: NLA 2.0 Offline for a while? Get Group Policy next time you connect. No more “ping”/ ICMP requirement Key takeaway: Group Policy refreshes only if you missed your last refresh cycle 4

NLA / Reporting Look for NLA events with slow ? fast link transitions 5

Group Policy Internals Group Policy has two “halves” GPC: Group Policy Container Record in Active Directory GPT: Group Policy Template “Downloadable” bits from SYSVOL 6

Group Policy Troubleshooting (for the GPO iteself) GPOtool Determines general GPO health Litmus Tests: Creating new user in Active Directory Users & Computers Creating new.txt file in SYSVOL Deeper SYSVOL / DFS problems Sonar Ultrasound “Troublehsooting FRS” 7

Why did Microsoft move away from ADM files? ADM files Conf.adm Inetres.adm System.adm Wmplayer.adm Wuau.adm Simple But … problems (next page) 8

Problems to Solve 1: How do we prevent burning 4MB within each Group Policy Object? 2A: How do we deal with multiple languages and 2B: …preventing “write overlaps”? 3: How do we distribute new definitions updates to all admins? 9

Central Store Success / Problems 10 Central Store not created properly ADML language files not in precise place SYSVOL replication is damaged Older clients are used to manage/edit GPOs

Why you need a Windows 7 management machine

Our Trouble Spot Road Map New Areas – New potential problems Updated “under the hood” changes The Central Store. The “Why” and “Problems” Updated logging model RSoP differences for Windows XP vs. Windows Vista+ clients Troubleshooting Group Policy Preference Extensions 12

Quick Review of XP Troubleshooting Major events in the Event log Step-by-step events in the \windows\debug\usermode\Userenv.log Tip: Use SysProSoft PolicyReporter to make more “meaningful”

Breakdown of Stuff in Userenv.log Same Process Different Thread ID Timestamp Clues Red Herrings

Windows 7 Group Policy Troubleshooting Userenv.log—going away… (Next slide) “Basic news”—in System log

Windows 7 Group Policy Troubleshooting “Micro-news” in the GroupPolicy Operational Log Replaces UserEnv log

Making Lemonade from Logs Focus in on ONE “Group Policy Event Cycle” Use the Operational logs  Get ActivityID  and…

Make an Event Filter {INSERT ACTIVITY ID HERE}']

GPlogview Tool Download: Log one cycle Gplogview -a -o output.txt Gplogview -a 9A FF-4625-B7D1-6DEB763E2DCA -o output.txt Monitor incoming cycle (two windows) Gplogview –m Caveats Must be run in “admin” command shell

DEMO Eventing and GPlogview

Our Trouble Spot Road Map New Areas – New potential problems Updated “under the hood” changes The Central Store. The “Why” and “Problems” Updated logging model RSoP differences for Windows XP vs. Windows Vista+ clients Troubleshooting Group Policy Preference Extensions 21

GPresult on Windows 7

Gpresult Wackiness Why can’t I see computer-side RSOP? Totally frustrating (as the error is about the user, not the computer)

Permissions Delegation for Seeing Own Computer RSOP Domain Level or OU level

Our Trouble Spot Road Map New Areas – New potential problems Updated “under the hood” changes The Central Store. The “Why” and “Problems” Updated logging model RSoP differences for Windows XP vs. Windows Vista+ clients Troubleshooting Group Policy Preference Extensions 25

Troubleshooting Group Policy Prefs Reporting… Eventing… Tracing…

Reporting GPRESULT: /H shows GPPrefs output GPMC: Multiple items at a level can be tricky Rename your pref items for clarity

Events App Log on all platforms shows the bad news Windows 7 has own “source” So you can filter “bad news” based on just the problem area Windows 7 Operational log: Not for GPPEs Rather, just for GPOs overall

Tracing Used for final troubleshooting Planning (RSoP.msc) logging is not used Logs go to %COMMONAPPDATA%\GroupPolicy\Preference\Trace\Com puter.log and User.log (usually c:\ProgramData\...)

Group Policy Prefs Tracing Example

31 Tracing Gotchas Win7 RSAT doesn’t contain the ADMX settings. Option 1: Copy the WS08 or R2 “GroupPolicyPreferences.admx/adml” to central store Option 2: Install the ADMX/ADML from MSI Installs to C:\Program Files\Microsoft Group Policy\Preferences\ Move up to Central Store

Stay up to date with TechNet Belux Register for our newsletters and stay up to date: Technical updates Event announcements and registration Top downloads Join us on Facebook LinkedIn: Download MSDN/TechNet Desktop Gadget

TechDays 2011 On-Demand Watch this session on-demand via TechNet Edge Download to your favorite MP3 or video player Get access to slides and recommended resources by the speakers

Do MORE with Group Policy

THANK YOU