FAQ

Archiv

1.
In order to verify that the computer can receive Group Policy updates, the computer must be connected properly to the domain.
All errors from SecCli , Userenv or Netlogon in the event viewer must be checked out thoroughly.
These errors can cause the computer not to receive group policy update or even to prevent proper domain logon.

2.
The command line utility gpresult.exe can be used to verify that the Group Policy was received and applied properly by the client computer (this utility should be run locally on the client computer).
It is imperative to make sure that the GPO is applied to the appropriate OU and Domain.
Gpresult is built in Windows XP

After running this tool in a command window with the /v option this utility will output all the Group Policy objects that were applied to the local system.
The output will be divided to user settings and computer settings.
Verify that all the Group Policy objects configured in the active directory are properly applied to the local system.

If some or all group policies are missing from gpresult's output, the event viewer needs to be checked for errors.

3.
The command line utility gpotool.exe can be used to verify that all the group policy objects stored in the active directory are valid and contain all the information needed to apply the group policy locally. (This utility should be run locally on the client computer)

If you cannot find a certain group policy in the gpresult's output but you can find it in the gpotool, this might occur due to late replication schedule. Two more utilities that can be used to diagnose a misconfiguration in the network or the domain are netdiag.exe and dcdiag.exe:

4.
The Command line Utility netdiag.exe is used to test the network status and indicate problems with the connectivity of your client.
This utility is included in the support tools package which is located on the install CD under supporttools,
it can also be downloaded from: http://www.microsoft.com/downloads/details.aspx?familyid=1EA70814-7E6C-46E5-8C8C-3C439A732E9F&displaylang=en
Use this utitlity by typing netdiag in the command line prompt and inspecting the results to make sure there are no connectivity issues.

5.
The command line utility dcdiag.exe is used to verify that the domain controller is configured properly and fully functional, this tool runs numerous tests on the domain controller and any errors received need to be fixed and verified.
A poorly configured domain, or a malfunctioning domain controller can prevent the computers from receiving a valid Group Policy.
(This utility could be run locally on the client computer or on the domain controller).

This utility is included in the support tools package which is located on the install CD under supporttools.
 

Quelle: Safend FAQ KB00000031 - Resolving and Identifying GPO Errors