Troubleshooting Windows Group Policy Objects

  • 3354339
  • 24-May-2007
  • 30-Apr-2012


Novell ZENworks Desktop Management 7 - ZDM7 Management Agent + Client
Novell ZENworks Desktop Management 7 - ZDM7 Desktop Management
Novell ZENworks Desktop Management 6.5 - ZDM6.5 Desktop Management
Novell ZENworks Desktop Management 6.5 - ZDM6.5 Management Agent + Client


Group Policies not being applied, copied, or received by workstations.


1. On the workstation that the policy was created from check the following:
  • Click Start> Run and type "gpedit.msc"
  • Right click on Local Computer Policy and select properties
  • Make sure that the two check boxes are empty, if they are checked they will add a line of code to the gpt.ini file that will prevent the workstations from applying the changes that the group policy is to make. The line that is added is "settings = 1"

2. Enable Group Policy logging, see TID: 3112868 under the group policy registry settings.
3. Open the workstation manager and see if the Group Policy is being read by the workstation/user:
  • If USER associated must be run on EVENT login
  • Click Start > Run> wmsched and see if the policy package is being read
    • If the policy shows up there, click on RUN NOW and see if it applies.
  • Open file explorer and browse to C:\windows\system32\ and look for the directories (must view hidden directories)
    • GroupPolicy - the LIVE directory where the active policy is located.
    • *.wmoriginal - directory where the original/default policy was moved
    • *.usercache - exists if the group policy is to be cached
    • *.user - contains copy of USER package associated settings
    • *.machine - contains copy of WORKSTATION package associated settings
  • In the GroupPolicy directory the Machine directory contains workstation package group policy settings and the User directory contains user package group policy settings.
    • Within each directory: Machine and User, if there are group policy settings to be received a file registry.pol will exist. This can be opened in NOTEPAD, verify that the registry settings desired to be applied by the group policy are listed.
    • In addtion to verifying that the registry.pol contains the proper settings, open gpedit.msc and see if the correct group policy settings have been writted there.
    • Make sure the following registry key is set on the workstations:
      • HKLM\Software\Novell\Workstation Manager\GroupPolicies\Apply Policies Synchronously = 1
4. In Console One, open the User/Workstation object (depending on the policy package) and click the ZENworks tab and Effective Policies. Select the proper Operating System (for Users) and then click the Effective Policies button. Make sure the policy package(s) are listed properly.
After checking to verify that all components are working and files are being copied to their proper places attempt to manually have Windows refresh the policy. In gpedit.msc edit the settings and then refresh the policies:
1. Windows XP - Start > Run > gpupdate
2. Windows 2000 workstation - Start> Run > cmd > secedit /refreshpolicy MACHINE_POLICY
3. Windows 2000 User - Start > Run > cmd > secedit /refreshpolicy USER_POLICY