Hello all.

I created a group policy object to remove the username on the login page and applied it to an OU. There are three computers that this OU should apply to. All three computers are in the same OU that the GPO is in. It works fine on two of the computers. but one computer does not remove the last username. I've created three Group Policy Modelings for each computer with the same username logging in. All three show that the GPO is enabled and should be applied... any ideas?

Operating system versions? What does a gpresult show?

Server: 2003
Clients: All XP

GPResult shows the same thing on all three computers, that the policy is enabled.

Hmm... Are there any events in the event logs?

Hmm... I just noticed I'm getting a lot of these errors which likely has something to do with it... I have no idea what's wrong.

http://img148.imageshack.us/img148/4602/errortw4.th.png (http://img148.imageshack.us/img148/4602/errortw4.png)

Try reattaching the 3rd computer back to the domain, could be that it's lost it's association from the AD and it's not getting the rules rolled out to it correctly.

Is your DNS configured properly? Your DC has to refer back to itself for domain requests, all of your clients should be configured to point at the DC for DNS (accomplished w/ a login script) and external DNS requests should be done via forwards.

I'll try that and post back the results. Thanks for your input guys!

Thrax: I believe all my settings are correct and DNS is configured correctly, however I am not a pro when it comes to DNS. I'd be happy to post any screen shots if it helps.

And all the clients on the domain their DNS is pointing to the Primary DNS server. Not by a login script, however, but manually typed in.

Try reattaching the 3rd computer back to the domain, could be that it's lost it's association from the AD and it's not getting the rules rolled out to it correctly.

That was going to be my suggestion. :)

Nope, no luck. GPO still shows that it applied in gpresult however the last username still shows. I'm still getting that error on the server too.

Anyone have anything else to try?

EDIT:

Here are some screen shots of my DNS. Does anything look wrong? The computer having trouble is called Visual.

http://img264.imageshack.us/img264/9442/dnswm5.th.png (http://img264.imageshack.us/img264/9442/dnswm5.png)

http://img264.imageshack.us/img264/3641/forwarderslt1.th.png (http://img264.imageshack.us/img264/3641/forwarderslt1.png)

http://img530.imageshack.us/img530/5011/roothintsfr8.th.png (http://img530.imageshack.us/img530/5011/roothintsfr8.png)

Does your PDC's network adapter point to itself for the primary DNS IP?

//EDIT: Is that forward to your DSL? Or another DNS agent? IIRC (please, someone let me know if I'm wrong) the forward should go to an external DNS server.

Yes it does. I can also post screen shots of the GPO windows if that helps

Does your PDC's network adapter point to itself for the primary DNS IP?

//EDIT: Is that forward to your DSL? Or another DNS agent? IIRC (please, someone let me know if I'm wrong) the forward should go to an external DNS server.Yes, a forward on a DC should go to an external DNS normally, since it only needs to forward what it can't resolve.

the forward is to my router which forwards it to my isp. It's worked for months so I can't see how that is the problem.

OK guys I've done a little searching and found out why I was getting that error 1054. Turns out it was because of my AMD dual-core processor. I installed the AMD update and that stopped the error messages.

However the GPO still isn't working on the one computer despite it showing enabled.

From that machine, do "gpupdate" at the command prompt then reboot. I've had fussy GPOs at times at that has solved the problem.

Maybe add the /force switch as well.

When Group Policy works, it's a wonderful thing. When it doesn't, it's the most painful thing to troubleshoot.

^^

Thanks everyone for all your help! I think it may be working correctly now... Don't know for sure yet because I can only access it remotely right now. I will post later on when I can sit down at it.

Ugh, unfortunately the GPO STILL doesn't work... Anything else I can try?

...anyone?

Does your PDC's network adapter point to itself for the primary DNS IP?

//EDIT: Is that forward to your DSL? Or another DNS agent? IIRC (please, someone let me know if I'm wrong) the forward should go to an external DNS server.

He's right, keep checking your DNS setup . I've seen this happen many times and it's always DNS. I hate Dumb Naming System sometimes...