I am usually pretty good at hunting through logs and system errors to find out what is going wrong with a GPO but i've had a couple of weird issues lately I cannot track.
First, i set some GPOs at work to enable RDP on everything, set a consistent local admin account and password, enable network discovery and disable UAC [i know, i know. my boss is very oddly paranoid about network and sever security while leaving desktops fairly open and relying on A/V software]
i turn these on in a test container, it all works, expand to the local site, and boom....the oracle ODBC driver that was working for people freaks out, and we have to upgrade immediately. I wasnt told about this.
3 months later, i turn on the GPOs in another site and boom...oracle breaks again. Someone mentions that this happened at the home office wit the gpos enabled. No idea why, no errors jumping out at me, not sure why those GPOs would cause a problem with that one ODBC driver.
Second, i have a my docs/desktop/favorites redirection enabled on about 6 users with laptops who travel often [i want to expand this to all laptop users]soon[. One policy determines based on user group which local server to redirect the folders to.
Now, all sites have VPN links and MPLS circuits, but they can be a little slow, so I had to tweak a GPO for sync./latency settings to make things work smoothly for traveling users.
I tweaked that GPO some the other day trying to get syncs to work over a VPN, but without any luck. I set the GPO back to what it had been running at for weeks, and boom...ALL users with redirected folders [on different servers] are getting "Access denied" errors when writing to those folders.
after lots of testing of enabling/disabling the GPO i only had access again when i fired up a new profile on a test pc, and only on the test pc, which means the local profiles (that had been using this redirection policy without issue for a good 2 months or more) have some kind of problem, since the existing profile cant write to redirected folders, but a new or rebuilt profile can.
Again, no errors leading me to what could have caused this. I'm lost on why this happened. I really would like this GPO to be usable long-term [and i have used it many times in the past] but this is nuts.
Anyone run into anything similar? Is there some extra auditing i can enable in windows 7/8 that might help me track down what the hell is going on?
First, i set some GPOs at work to enable RDP on everything, set a consistent local admin account and password, enable network discovery and disable UAC [i know, i know. my boss is very oddly paranoid about network and sever security while leaving desktops fairly open and relying on A/V software]
i turn these on in a test container, it all works, expand to the local site, and boom....the oracle ODBC driver that was working for people freaks out, and we have to upgrade immediately. I wasnt told about this.
3 months later, i turn on the GPOs in another site and boom...oracle breaks again. Someone mentions that this happened at the home office wit the gpos enabled. No idea why, no errors jumping out at me, not sure why those GPOs would cause a problem with that one ODBC driver.
Second, i have a my docs/desktop/favorites redirection enabled on about 6 users with laptops who travel often [i want to expand this to all laptop users]soon[. One policy determines based on user group which local server to redirect the folders to.
Now, all sites have VPN links and MPLS circuits, but they can be a little slow, so I had to tweak a GPO for sync./latency settings to make things work smoothly for traveling users.
I tweaked that GPO some the other day trying to get syncs to work over a VPN, but without any luck. I set the GPO back to what it had been running at for weeks, and boom...ALL users with redirected folders [on different servers] are getting "Access denied" errors when writing to those folders.
after lots of testing of enabling/disabling the GPO i only had access again when i fired up a new profile on a test pc, and only on the test pc, which means the local profiles (that had been using this redirection policy without issue for a good 2 months or more) have some kind of problem, since the existing profile cant write to redirected folders, but a new or rebuilt profile can.
Again, no errors leading me to what could have caused this. I'm lost on why this happened. I really would like this GPO to be usable long-term [and i have used it many times in the past] but this is nuts.
Anyone run into anything similar? Is there some extra auditing i can enable in windows 7/8 that might help me track down what the hell is going on?
