When you talk about "moving" logon scripts and GPO's, that makes me think that you didn't let the SYSVOL replicate properly. The file-based portions of Group Policy would have replicated automatically into the new server computer's SYSVOL. You may have made a serious mess of things, depending on what did or did not replicate and what steps you took, exactly.
That having been said, I highly doubt the "Default Domain Policy" is "corrupt" or missing if you're not getting errors on all your client computers. (Errors on clients would occur much less frequently than every 5 minutes. They would be one every 90 minutes.)
It looks to me like you're having a name resolution, DFS, or file and print sharing protocol problem on the server computer itself.
Some questions:
- What does the output of DCDIAG on the server computer look like?
- Is the server using itself (and only itself) as its DNS server?
- Can you browse to the GPO's path (in the error message) from Windows Explorer on the server computer?
Software installation policy is processed before Startup Scripts are executed. Sometimes that's exactly what you want, and other times it's not. You can't change it.
When I want a startup script to run before software installation I end up using group membership to control the execution of the startup script and I end the startup script with a command to add the computer to a second group that controls software installation. The only problem with this is that, to date, I have yet to find any reliable way to restart a Windows XP or newer OS from a startup script. (Yes, yes-- I've tried a variety of methods, too. I can discuss them in detail if you'd like.) As such, this always makes this strategy require two boots to "take effect".
You mention "preferences", so I think you're looking at doing things to the user's environment via a logon script. Logon scripts are executed, obviously, after logon. If you're looking to check to see if a piece of software has been installed during the logon script query the Windows Installer "database" in the registry to see if the program is there and "bail out". You'll find the installed products in the "HKEY_CLASSES_ROOT\Installer\Products" key. Obviously, you'll have to figure out the GUID for the package you're dealing with.
Edit: Group Policy client-side extension (CSE) processing order is performed based on the value of the GUID for the client-side extension, from what I've been able to glean from documentation. It looks like the CSE's with numerically higher GUIDs execute later. I don't have the GUID for the "Preferences" CSE handy so I can't tell you how it should act re: running before / after other CSE's.
On Windows XP, at least, dig into HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\GPExtensions and look for the CSE for "Prefernces". REGEDIT will sort those GUIDs numerically, too, so you could be able to tell, visually, if that "Preferences" CSE is going to execute before/after other CSE's.
Best Answer
The settings you're looking for are enumerated in Group Policy application rules for domain controllers, insofar as how Domain Controller (DC) computers apply Group Policy Object (GPO) settings that are set at the domain level. You don't necessarily need to specify these settings in the "Default Domain Policy" (and, indeed, I would recommend not modifying the "Default Domain Policy"). Rather, the resultant set of these settings, based on the link order of the GPOs at the root of the domain, determines the effective setting the DCs will apply.
The settings include the following for all Active Directory DCs.
Windows Server 2003-based DCs (and, presumably, Windows Server 2008 and 2008 R2-based DCs) will also apply the Security Options settings: