Comp GPO file copy running as system using DA

Hello,

I’m trying to fix an issue of copying files (fonts and themes) from a network share to clients using the computer GPO policy Preference > Windows Settings > Files.

Forcing an update has no errors and claims all policies applied.

The event log errors saying that the account being used is disabled, so thinking all computer policies run on the SYSTEM account started looking into this.

From a post I found then started looking at service accounts that may have been disabled and determined that the policy is running as the original default domain administrator. (recently disabled as inherited the network and am working through improving security).

Proved it by temporarily enabling the account and the event log changed to say incorrect password.

Few points of note

• Removing PC from domain, deleting object and rejoining doesn’t help.
• Policy is applied to OU containing computer object.
• Domain computers, authenticated users have access to the share. (also tried everyone).
• GPO scoped and delegated to Auth Users (also tried domain computers).
• Other settings in GPO work such as creating shortcuts.
• Newly domain joined computers it works for.
• Have tried deleting any cached GP folders on client and registry.
• Force cleared Kerboros.
• Rather not script the file copy as user, as the destination folders are system.
• Scheduled tasks running a script have the same error.
• Rebuilding clients is not ideal as there are many and it would be great to know why this is happening or how to fix.

I’m running out of ideas, so any help appreciated.

Thanks in advance.

Chris