DNS problems can plague your network and make it nearly impossible for GPOs to be applied. This problem manifests itself primarily in the requirements for logging on to a domain; without DNS, you still might be able to authenticate to a domain controller, but GPOs will simply break. That's because they require various types of DNS SRV records to know which computer has which service to manage. This is a good place to start looking if GP simply doesn't function.

If you are a seasoned network professional, you'll be familiar with the concept of inheritance. This also can be a stumbling block with GP. Beware of a couple of options. The first is the No Override function, which does nothing more than cease the processing of any GPOs under the object on which the option is set. Conversely, also be wary of the Block Inheritance function, which stops the processing of GPOs that reside higher in the GPO processing hierarchy. This is a case of knowing what you set and properly documenting it, but it still can eat up hours upon hours of troubleshooting time.

Another issue you might see is that of GP distribution and synchronization. Distribution and synchronization ...