virtualbox.org

I've got an Active Directory domain (Windows Server 2003) and Group Policy Objects
I'd like to do some testing with a Windows XP SP2 Guest.
I've created the VM, installed windows XP SP2, and joined the domain OK.
But I've noticed GPOs are not applied. My login scripts, for instance, are not run, although I can authenticate with my username/password define on the active directory server.
Does anyone has a clue about this?
Note that I've also installed Windows Vista in a VM, and it does apply GPOs. I can see my login scripts run, and also, other settings defined in GPO are indeed applied.
My setup:
Intel Core2 vPro with 2Gb of RAM
Fedora 9 host with VirtualBox 1.6.4

Are the settings of both Guests the same? Especially the network settings. See the Forum Posting Guide for help with a good Opening Post. Give some more information.

Here are my Virtual Machines settings (Sorry for the long post)

VM-SAMUEL-02(The one with Windows XP SP2)

General
Name: VM-SAMUEL-02
OS Type: Windows XP
Base Memory: 512 MB
Video Memory: 8 MB
Boot Order: Floppy, CD/DVD-ROM, Hard Disk
ACPI: Enabled
IO APIC: Disabled
VT-x/AMD-V: Enabled
PAE/NX: Disabled
Hard Disks
IDE Primary Master: VM-SAMUEL-02.vdi [Normal, 20.00 GB]
CD/DVD-ROM
Host Drive: HL-DT-ST DVD-RAM GSA-H60L (/dev/sr0)
Floppy
Host Drive: SMSC USB FDC (/dev/sdc)
Audio
Host Driver: PulseAudio
Controller: ICH AC97
Network
Adapter 0: PCnet-FAST III (NAT)
Serial Ports: Disabled
USB
Device Filters: 0 (0 active)
Shared Folders
Shared Folders: 1
Remote Display: Disabled

VM-SAMUEL-03(The one with Windows Vista)

General
Name: VM-SAMUEL-03
OS Type: Windows Vista
Base Memory: 512 MB
Video Memory: 8 MB
Boot Order: Floppy, CD/DVD-ROM, Hard Disk
ACPI: Enabled
IO APIC: Disabled
VT-x/AMD-V: Enabled
PAE/NX: Disabled
Hard Disks
IDE Primary Master: VM-SAMUEL-03.vdi [Normal, 20.00 GB]
CD/DVD-ROM
Image: VBoxGuestAdditions.iso
Floppy: Not mounted
Audio
Host Driver: PulseAudio
Controller: ICH AC97
Network
Adapter 0: Intel PRO/1000 MT Desktop (NAT)
Serial Ports: Disabled
USB
Device Filters: 0 (0 active)
Shared Folders
Shared Folders: 1
Remote Display
Disabled

As you can see, the settings are pretty much the same.
On VM-SAMUEL-03, I had to change the network card from PCnet-FAST III to Intel PRO/1000 MT Desktop since Vista doesn't come with the driver for the former.
On VM-SAMUEL-02, I've tried to change the network connection from NAT to Host interface, but was not able to get it to work. However, Since VM-SAMUEL-03 (Vista) is in NAT mode and does apply Group Policy Settings, I don't think Host interface is necessary to have them applied.
I've installed Guest Additions on both VMs, but the problem showed up before I did the install.

Try the Intel/Pro1000MT adapter for XP too. It might be a long shot, but I've seen several issues with the PCNet adapters that were mysteriously gone when switched to the Intel adapter.

OK. In the VM settings, I've added a second network adapter, Intel/Pro1000MT.
I've booted the VM and allowed Windows to search for and install the driver.
I then took windows down, disabled the first network adapter (PCNet), and booted again.
But the issue is still there. I've rebooted twice to make sure. The problem is still the same.
Does anyone has another idea?

Just thought, but whereas most communication with the AD is through the API, in fact the GPOs are downloaded from a hidden share that is offered up by the AD server infrastructure. Is this not a manifestation of a fileshare issue? Can you map this share manually?

In Windows XP, there doesn't seem to to be a problem accessing network shares. Although pinging the server doesn't work, I can browse it and map the shares manually.
On the other hand, the Vista VM can't map network shares, either automatically or manually.
I should tell you the VMs where created several weeks ago with VirtualBox 1.6.2. That's when the problem exhibited. I Upgraded this week to VirtualBox 1.6.4 in the hope the problem would be solved. Unfortunately, it was not the case. The problem with Vista might have appeared at this time, as I can see the network drives with a red cross in My computer, as if they had been mounted at least once, and are no longer accessible. In windows XP, the drives do not appear. Apart from the Active Directory username/password I use to login, the Virtual Machine behaves as if it was not even part of a domain.
I'll try do get back to virtualBox 1.6.2 and see if My Vista VM has access to the network again.

I've downgraded back to VirtualBox 1.6.2 but the situation is the same.
To sum up:
VM-SAMUEL-02 (Windows XP Service Pack 2)
Pinging the servers doesn't work. However, I have full acceess to them and their shares. Internet access also does work. But the GPOs are not applied.
VM-SAMUEL-03 (Windows Vista)
Can't ping the servers, and can't access network shares, except those on the Active directory server. Internet access does work, though.
I think the network drives are there because they are mounted by the login scripts. These are not run. Maybe they ran once (why? and when?) and tried to mount the network shares, but they are no longer run.
I removed some registry keys that are added by the GPOs (login scripts, LegalNoticeText, LegalNoticeCaption) to check whether they were re-added, and they were. But the login scripts were not run
To further investigate, I wanted to leave the domain and then join back in. Unfortunately, there was no local administrator in the vista guest. I'm still trying to get back admin access so that I can join back in the domain.
I'll post the result when I'm done.

Sorry I can't help any more. It sounds like you are in the wars Out of interest have you tried a Vista VM in MSVPC? This might be an interest point of comparison if you can be bothered with the setup hassle.

I Finally had to reinstall from scratch. I joined the domain and the logon scripts are run. I've rebooted, logged in with another global username, installed guestAdditions. My login scripts are still run, and I have no problem accessing network shares.
So the problem seems to lie with windows XP support.
MSVPC? this might be interesting if I were running a windows OS. Maybe I can install Windows XP/Vista in a VM, and then install MSVPC inside that VM. results might be worth a look.
If someone else has another idea, I'm open to suggestion about making my Windows XP VM really act as an Active Directory Domain Member.

I fixed my group policy problem! Group policies are now applied from the domain to a virtual machine using NAT with no ports forwarded and not running as root.
It just required a couple registry edits that took me a while to find.

One key is a system-wide one and the other is a per-user key. Both are required for group policies to work so every user account on the computer will need the per-user key added. Here are the keys and another for adding it to the default user profile. This text can be copied into a .reg file and run to add them quickly.
These keys should apply the proper registry edit to both the system, the user you are logged in as, and the default profile. If there are other currently existing profiles on your computer those accounts will have to be logged into and the key added again.

You will also have to restart your computer after applying the fix. A simple logout and re-login will not do the trick.

The article I found the fix in:
http://support.microsoft.com/kb/910206

Note that I only tested this on a VM running Windows XP SP3 and the Microsoft article doesn't say it applies to Vista, so I don't know if it will fix GPO issues for Vista virtual machines.

As far as I know, the problem does not affect Windows Vista.
I've tried the registry edit on Windows XP SP2 and it does work.
Thanks for the Fix.