More for troubleshooting GPO's

When I see an issue, I can see that there are two ways for analyzing it, from the tech and admin side. Admin deploys new GPO, the next day, tech says, "I'm receiving too many calls because of the not applied GPO", Admin says, "which users or workstation", at this point, there is a problem, a process problem, in fact Change Management. The Admin must have control the issues that are affecting clients. SO, GPMC is a good tool, but not at all,Microsoft has another portable tool named GPInventory for monitoring massively GPO's, and, for this time, we are not gonna use scripts for solving this kind of issues, you could do it, but from my perspective this time is for GUI.

So, download, GPInventory part of the Windows Resource Kit Tool:

http://www.microsoft.com/en-us/download/details.aspx?id=14126

install it and open it:



you only have to select the worksations from a text file(this could be IP's or hostname) or direct fron Active Directory, choose the
context for the GPO Result and that's it.

Group Policy Troubleshooting

We have always the same issue, lots of workstations that not apply an specific GPO(Group Policy Objects), and fomr the server side for someone of us, we ask the technicians to send us the Group Policy results from the affected Computer, Users. In fact, server administrators can always have and see this Policy Results remotely from the GPMC( GP Management Console), but maybe the hostnames are unknown for them, so what do we have to do as tech support?

Elevate a command prompt and run this script:

gpresult /s 10.20.198.12 /u CONTOSO.LOCAL\domainadminaccount /p mypassword /user targetuser /z >c:\userpolicy.txt


where, the IP is any IP client in your domain, the CONTOSO.LOCAL is the name of your windows domain, the domainadminaccount is the account with privileges for administering workstations in the domain, tha targetuser is any user who has reported a problem with any kind of GPO (i.e. screensaver, slow logon, etc).

Considere this scenario, you migrate your Windows DHCP Server, it's all fine, but at the next day, you receive calls from a lot of users indicating that they cannot access the network. What's the issue? Your new DHCP Server is up the old was demoted, but clients cannot contact them, because your worstations have the old IP address. So, you run this easy and simple command, with administrative privileges over the workstations against you whole domain, and that's it.

psexec \\* ipconfig /renew

Don't forget to take in care some VM's or shadow servers that are maybe configured with any dinamic IP so you dont affect any other infrastructure service.

Hi Guys, after a couple of years I'm returning to take care of this blog. Like all of us, we have mostly family issues that have to be solved, before taking a new compromise with posting and writing. So this week we'll go ahead and actualize these site with new entries. Anyway, I hope you find old entries useful, we will see new tools and empower together our skills. So, said that, let's have fun together.