Link to home
Start Free TrialLog in
Avatar of sjb79
sjb79Flag for United Kingdom of Great Britain and Northern Ireland

asked on

Group Policy on Windows 2008 R2 DC not working and report also saying it's a Windows 2000 domain?

I have been adding entries to the Group Policy Manager on our Windows 2008 R2 domain controller.  This is a single Domain Controller setup.  For some reason the Group Policies don't all seem to be working.  I am a little confused at to what has gone wrong.
Also, after reading a couple of entries on this website I ran "gpresult /R" on the domain controller and on Domain type it says Windows 2000 when I'm sure when I ran dcpromo when I first installed it I set it to Windows 2008 R2.

Output is as follows;

C:\Users\Administrator>gpresult /R

Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 19/04/2011 at 09:49:18


RSOP data for MYDOMAIN\Administrator on RS1 : Logging Mode
---------------------------------------------------------

OS Configuration:            Primary Domain Controller
OS Version:                  6.1.7601
Site Name:                   Default-First-Site-Name
Roaming Profile:             N/A
Local Profile:               C:\Users\Administrator
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
    CN=RS1,OU=Domain Controllers,DC=MYDOMAIN,DC=co,DC=uk
    Last time Group Policy was applied: 19/04/2011 at 09:47:22
    Group Policy was applied from:      RS1.MYDOMAIN.co.uk
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        MYDOMAIN
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        Default Domain Controllers Policy
        Password GPO
        Internet Explorer GPO
        Deploy Printers GPO
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The computer is a part of the following security groups
    -------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        BUILTIN\Users
        BUILTIN\Pre-Windows 2000 Compatible Access
        Windows Authorization Access Group
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        This Organization
        RS1$
        Domain Controllers
        NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
        Denied RODC Password Replication Group
        System Mandatory Level


USER SETTINGS
--------------
    CN=Administrator,CN=Users,DC=MYDOMAIN,DC=co,DC=uk
    Last time Group Policy was applied: 19/04/2011 at 08:55:04
    Group Policy was applied from:      RS1.MYDOMAIN.co.uk
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        MYDOMAIN
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        Internet Explorer GPO
        Deploy Printers GPO
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Password GPO
            Filtering:  Not Applied (Empty)

        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Administrators
        BUILTIN\Users
        BUILTIN\Pre-Windows 2000 Compatible Access
        REMOTE INTERACTIVE LOGON
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        This Organization
        LOCAL
        Group Policy Creator Owners
        Domain Admins
        Enterprise Admins
        Schema Admins
        Denied RODC Password Replication Group
        High Mandatory Level


So 2 questions I guess, how do I find out what the actual domain type is and if it isn't Windows 2008 R2 how to set it that high?  And secondly how to get my group policies working?

We have a network with a mix of Windows XP Pro, Windows 7 Pro (32 and 64bit) and 2 Windows Vista Business (both 32bit).
group-policy-manager.JPG
ASKER CERTIFIED SOLUTION
Avatar of Tasmant
Tasmant
Flag of France image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of sjb79

ASKER

Hi Tasmant,
Do I just run the dcpromo wizard again and then go through and change the functional level?
Avatar of sjb79

ASKER

I've also just noticed under "Applied Group Policy Objects" that not all of the GPO's I've made have been applied, is that because that heading only covers the server or are there GPO's I've made that have not been applied to the domain yet?
Avatar of sjb79

ASKER

I take it from this snipped my domain is running in Windows Server 2008 R2 function level.

Oh and there will not be any others servers on our network which will be older than Windows 2008 R2 binary_1001010.
ActiveDirectoryDomainsAndTrusts-.jpg
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of sjb79

ASKER

Ok I've just run that command on my work station and got the following;

C:\>gpresult /R

Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 20/04/2011 at 09:11:40


RSOP data for mydomain\stephen on PC6 : Logging Mode
---------------------------------------------------

OS Configuration:            Member Workstation
OS Version:                  6.1.7600
Site Name:                   N/A
Roaming Profile:             \\mydomain.co.uk\Storage\Profiles\stephen.V2
Local Profile:               C:\Users\stephen
Connected over a slow link?: No


USER SETTINGS
--------------
    CN=Stephen J. Bines,OU=Technical,OU=mydomainLtd,DC=mydomain,DC=co,DC=uk
    Last time Group Policy was applied: 20/04/2011 at 09:05:15
    Group Policy was applied from:      RS1.mydomain.co.uk
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        mydomain
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        My Documents folder redirect GPO
        Y Drive GPO
        Internet Explorer GPO
        Deploy Printers GPO
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Password GPO
            Filtering:  Not Applied (Empty)

        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Administrators
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        CONSOLE LOGON
        NT AUTHORITY\Authenticated Users
        This Organization
        LOCAL
        Clinicians
        Technical
        admin
        High Mandatory Level

C:\>

There are a couple of things that confuse me, 1.  Why it keeps mentioning Windows 2000 when I have checked and found that the DC is running at Windows 2008 R2 level and 2.  why so few of the GPO's are being applied.

I've taken another screen shot from the server with the Group Policy Manager and the Active Directory Users and Computers also open.  I've placed certain GPO's within certain active directory groups as I thought they would only apply to things in that group.

As you can see my PC (PC6) is in the "main office computers" group within the "computers" group and non of those GPOs are apparently being applied.

I expect I've done or am doing something really daft but can you see what it is?
GPM-and-ADUaC.jpg
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of sjb79

ASKER

ahhh..... That's a good point, hang on I will re-arrange the groups into USERS->Types of users and COMPUTERS->LOCATION OF COMPUTERS
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of sjb79

ASKER

Hi Guys,
Ok I've had a fiddle with the layout and the GPO's and my workstation (PC6) isn't having the "User Account Logon Picture" being applied.  I've taken a big screen shot with a RDC to the server and the command prompt from my workstation and I can't see the group policy being applied.  I must be doing something really dumb could you guys double check for me please?
screenshot---rs1.JPG
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
sorry... I meant - can you see it in the screen above the user settings.

Avatar of sjb79

ASKER

Ok guys I think I've got it now, been doing some reading and fiddling and it's all starting to work.  I think one of the problems was I getting my Computer and User settings mixed up.

glad we could help...
good luck!!