XP Group Policy Issue

I have 4 pc's (XPSP2) which do not seem to apply the full policy when they are initially logged in to. Once logged in, i have to run gpupdate from the command line to update them. They then get the policy fine and things work ok.

What caused me to notice the problem was logging into them using my login which is a domain admin. After logging in, i was unable to look at local users and groups (just a red x access denied message) or change power settings. Browsing the network, running programs works fine though. The pcs in question are configured for the correct dns servers. Native 2003 AD environment. Any ideas as to why these systems don't get the "full" policy during login?

It could be any number of things, the event logs should provide a decent starting point. I've seen group policy issues range from kerberos failing (clocks out of sync) to kcc and replication issues. Without more information we'd be grasping at straws.

Look at the event logs on both the failing workstaions and the authenticating DC.

On a side note, if you run the RSoP tool from a working server/workstation and query a policy against one of the affected workstations, what happens?

Best guess at this point it has to do with network issues; a flaky switch and/or patch cables. Seems to be affecting most of the LAN these pcs are on. Noticing some RPC/replication related issues as well with the DC there. I can't find anything wrong with the DNS records, but there are some name resolution failures/retries going on too. :( The name resolution has me bugged though since the record is identical to the others. When i run nslookup things are fine.

I'm going to replace the switch and cabling to rule that out.