Problems with Group Policy in Active Directory

Posted on 2003-02-20
Medium Priority
Last Modified: 2010-03-18
Hello. I'm a department assistant (student) for the computer science department at California Lutheran University. We are setting up a new Windows XP image to deploy in our labs. We are currently using a Windows 2000 server as our Domain Controller.

I have been trying to work on a group policy for the lab login accounts. These accounts (called D11 and D14 named for the lab room names) have roaming profiles. In the Active Directory Users and Computers section, I have an organizational unit called "Lab Accounts" directly under the domain controller server. This OU has a group policy that I have been working on. In this OU are the D11 and D14 users. These users are part of the "Domain Users" and "CS Labs" (primary) security groups. I have set allow Read and Apply Group Policy permissions for both of these groups on the Group Policy Object.

My problem is that the group policy is not being applied when I log in to the workstation I have been working on as D11. However, the D11 account is prevented from accessing the desktop properties dialog (I did not enable this behavior in my group policy). I have never worked with active directory in this way before, so I do not know if I'm doing something wrong, but as far as I can tell I'm doing everything by the book, and it should work. I did not set up the Domain Controller server myself, that was done by someone else who I have been unable to contact, so I am unsure if there is something on the server that is causing the problem. If anyone could help me out, I would be very grateful.

-Sam Fahmie
Question by:SamFahmie
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 51

Accepted Solution

Netman66 earned 300 total points
ID: 7997522
There are two parts to the GPO - the Computer Configuration and the User Configuration.  It depends on what policy elements you configured whether they are applied correctly to the right object.

Let me explain.

Your GPO is linked to an OU.  This OU contains user objects.  If you configured the User section of GPO and the user objects have the correct permissions to apply the GPO - they will apply.  If you configured the Computer section of the GPO and the computer objects do not exist in the OU, then the settings will not apply.  The computer acounts must also be in the affected OU if those are the settings you're working with.

The ONLY exception to GPO rule processing is related to Account Policies.  The Domain Policy (can be the Default Domain Policy, but doesn't have to be) dictates the account policies and cannot be overruled or blocked at any OU policy.


Expert Comment

ID: 9871447
No comment has been added lately, so it's time to clean up this TA.            
I will leave a recommendation in the Cleanup topic area that this question is:            
Answered by: Netman66            

Please leave any comments here within the next seven days.            


EE Cleanup Volunteer

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Resolve DNS query failed errors for Exchange
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question