Troubleshooting Group Policy Tips

Guy's Troubleshooting Advice	When troubleshooting, ask your self what was the last thing I did? Now undo those settings and see if that cures your problem.
Q1) Have you refreshed the Group Policy settings?	Run Gpupdate /force
Q2) Why is my Group Policy not working?	a) Is the user and the computer in the correct OU? Check which OU the user and the computer is located. b) Check Block Inheritance. c) Possibly a No Override policy is preventing your settings. d) Has the user 'Apply Policy' Permission? Or have they 'Deny Policy' Permission?
Q3) Could it be a synchronization problem?	There are two factors in Group Policy synchronization. Active directory replication from the FSMO master to the other DCs. Also FRS (file replication services) replicating the very group policies under the sysvol\sysvol folder. Be ruthless, logon an as an administrator at the Windows 2003 server, which holds the FSMO PDC Emulator master and see if that cures the problem.
Q4) You want to know which Policies are in force	GPMC - Run the results Wizard RSoP - Useful for Microsoft's Windows 2000 Gpresult - Improved Switch /user
Q5) Can I refresh the policy without a reboot?	That depends! Most do. Gpupdate /force refreshes the policy instantly, however some policies require a reboot or a user to logon again. For example, Software policies.
Q6) Why can't I open the policy editor?	Perhaps you only have read only permission. Full control is needed to open the GPO.
Q7) What causes 'Failed to open the Group Policy object'	Most likely a DNS problem. Try NSLookup, Ping, Ipconfig to confirm or deny the diagnosis.
Q8) Why do I get the 'Missing Active Directory Container' message?	Hopefully, its just a DC replication delay. Try and force domain replication in Active Directory Sites and Services, drill down trough Server to NTDS and synchronise.
Q9) How can I stop this error: 'The Feature you are trying to install cannot be found'?	Check the share and NTFS permission on the .MSI package folder.
Q9) My Script Policy does not work	For specific help with logon scripts, Check out this section
Q10) My VBScript Policy does not execute via Group Policy?	The script runs perfectly as a console user, but not as a logon script on a Workstation. Solution make sure that on the Workstation, the primary DNS server = Domain controller. If necessary set the DNS server manually rather than relying on DHCP I thank Bob Phillips for this tip.
Q11) Spaces in Script names?	Beware spaces in logon script names. E.g. Head Quarters.vbs . Try Head_Quarters.vbs. Thanks again to Bob Phillips for this tip. Thanks again to Bob Phillips for this tim
Q12) Where do I start creating a Group Policy?	On Windows Server 2003, navigate to the Active Directory Users and Computers. Right click the Domain object, Properties, Group Policy (Tab) Next 'click' the Edit (button) and you will see the policy settings.
Q13) If all else fails	Check the Event Viewer. Filter the Application Log for Source = SceCli. Really we should have checked here FIRST! If you find a suspicious entry, then check the ID numbers and details in TechNet.
Q14) I have made a terrible foul up. My policies are a disaster	Run DcGpoFix to return the default Group Policies to their original state.