我正在尝试查找我遇到的组策略部署问题。
问题是与域相关的 GPO 被过滤掉了。我们最近将我们的域从以下名称重命名:康托索至:lan.CONTOSO.com
(Netbios 名称为:CONTOSO
且不变)。
我开始调查,问题的第一个迹象是运行 BGinfo 时 - 我们仍然看到登录域和机器领域:CONTOSO
这不是我想看到的:lan.CONTOSO.com
如果我运行:GPresult,我看到的域是:lan.CONTOSO.com(以及正确的 DC、OU 值)
- 所有计算机(包括 DC)都出现此错误
那么:我应该在 BGinfo 报告中看到什么?如果它是错误的,如何修复它。
编辑:
以下是:gpresult /h 结果
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 24/11/2014 at 11:37:00 AM
RSOP data for CONTOSSO\user.admin on LTLVADMIN1407 : Logging Mode
---------------------------------------------------------------------
OS Configuration: Member Workstation
OS Version: 6.1.7601
Site Name: SiteIL
Roaming Profile: N/A
Local Profile: C:\Users\user.admin
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=LTLVADMIN1407,OU=Laptops,OU=Default,OU=CONTOSSO_Computers,DC=lan,DC=CONTOSSO,DC=com
Last time Group Policy was applied: 24/11/2014 at 10:06:21 AM
Group Policy was applied from: DC3.lan.CONTOSSO.com
Group Policy slow link threshold: 500 kbps
Domain Name: CONTOSSO
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
Default Domain Policy
SpiceWorks Firewall
Firewall - Disabled
Printers
Sophos Tasks Enabler
Logon - Enable Verbose State
WSUS - Default
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The computer is a part of the following security groups
-------------------------------------------------------
BUILTIN\Administrators
Everyone
SQLServerMSSQLServerADHelperUser$LTLVADMIN1407
SophosUser
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
This Organization
LTLVADMIN1407$
System Mandatory Level
USER SETTINGS1
--------------
CN=ADMIN User,OU=IT_Department,OU=CONTOSSO_Users,DC=lan,DC=CONTOSSO,DC=com
Last time Group Policy was applied: 24/11/2014 at 11:05:04 AM
Group Policy was applied from: DC3.lan.CONTOSSO.com
Group Policy slow link threshold: 500 kbps
Domain Name: CONTOSSO
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
Default Domain Policy
Drive Mappings
Printers
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
SpiceWorks Firewall
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
Sophos Tasks Enabler
Filtering: Not Applied (Empty)
Logon - Enable Verbose State
Filtering: Not Applied (Empty)
Firewall - Disabled
Filtering: Not Applied (Empty)
WSUS - Default
Filtering: Not Applied (Empty)
The user is a part of the following security groups
---------------------------------------------------
Everyone
HelpLibraryUpdaters
SophosUser
SophosAdministrator
BUILTIN\Users
BUILTIN\Administrators
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
High Mandatory Level
这是计算机上的 UserDnsDomain
C:\Users\user.admin>echo %UserDnsDomain%+
LAN.CONTOSO.COM+
我所指的 GPO 甚至没有显示在列表中:它是一个登录脚本,是一个用户配置值。
GPO信息
组策略建模
我认为问题就在这里,我的用户名定义为:CONTOSSO\user
用户容器定义为:lan.contoso.com\contoso_users。我需要的 GPO 也没有显示。
问题可能出在 Netbios 名称?缓存值?
答案1
您需要将 GPO 链接到领域也一样。
将您的 GPO 拖到您想要应用的域(将其添加到“位置”)