Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 175
  • Last Modified:

domain policy continued

I created an OU and moved some users and computers there. I also created a GPO for the OU but there is still one problem. The users when logged onto the client workstations do not seem to inherit the group policy such as desktop settings and other restrcitions i had enabled in the GPO. However when I logged on the same users on the server machine(by adding them to the domain admins security group) the group policy WAS enforced. It seems that the local policy on other computers is taking precedence over the domain policy which i believe is wrong. Where am I going wrong again? Now I maybe missing some minor detail here, basically I am not an administrator or analyst, just a plain old programmer having to do this thing one odd time.

Cheers
Zee
0
zrazzaque
Asked:
zrazzaque
  • 3
  • 2
  • 2
  • +1
1 Solution
 
MSGeekCommented:
What OS are you running on the desktop? If it is Win2k then my guess is there is something wrong with DNS and AD.  Generally when policies are not pushing out at all that is the case.  So, are policies pushing out at all?  Partially?  How about for Admins logging onto the local machines?
0
 
craigtinCommented:
You do need to have the right OS.  Or install the add-on for win9x to enable the group policies.  
Listen to MSGeek and bring forth more information.
0
 
zrazzaqueAuthor Commented:
Well its Win2k professional on the local machines. The group policies are not pushing out at all. However the settings I make to the users in AD users and computers, such as limited logon times are taking effect. Even for Admins logging into local machines the policy is not taking effect. Any clues?
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
craigtinCommented:
It sounds like you are setting user permissions.  
Use GPResult /U from a client after logging on to the domain as one of the restricted users.  
You must be logged in to the domain in order for these policies to be applied.  If you get a result from GPResult indicating that no domain has been found; log in as user@yourdomain.com.  Then try GPResult again.
0
 
cempashaCommented:
This question is still open and getting old. If any of the comment(s) above helped you please accept it as an answer or split the points who ever helped you in this question. Your attention in finalising this question is very much appreciated. Thanks in advance,

****** PLEASE DO NOT ACCEPT THIS AS AN ANSWER ********

- If you would like to close this question and have your points refunded, please post a question in community support area on http://www.experts-exchange.com/Community_Support/ giving the address of this question. Thank you      

Pasha

Cleanup Volunteer


0
 
MSGeekCommented:
zrazzaque.. I bet it was DNS, what happened?  MSGeek
0
 
zrazzaqueAuthor Commented:
Actually I ran gpresult on a client and it showed that it WAS 'downloading' the security policies but from some other windows server machine on the LAN. Only after I re-installed windows 2000 professional on the client did it start behaving properly. Actually I had to enforce the domain policies on a LAN elsewhere and the client systems there never had joined a domain before. When I installed the domain server on a machine there and set the clients to log onto that domain, the security policies WERE being applied. I didnt further investigate the problem since, as I said before, it was a one-off job. However I was called a couple of days back from the location where I had setup the security policies that they had removed two client systems from the LAN and replced those with two other new computers and that when they logged onto the domain from those computers the security policies were not taking effect. I asked them to re-install windows 2k professional and try again but that didnt work either. When i asked them to run gpresult it showed the following output:

C:\Program Files\Resource Kit>gpresult.exe
Microsoft (R) Windows (R) 2000 Operating System Group Policy Result tool
Copyright (C) Microsoft Corp. 1981-1999


Created on Wednesday, May 28, 2003 at 10:43:18 AM


Operating System Information:

Operating System Type:          Professional
Operating System Version:       5.0.2195
Terminal Server Mode:           Not supported

###############################################################

  User Group Policy results for:



  Domain Name:          ACDSERVER
  Domain Type:          Windows 2000
  Site Name:            Default-First-Site-Name

  Roaming profile:      (None)
  Local profile:        C:\Documents and Settings\111

  The user is a member of the following security groups:



###############################################################

Last time Group Policy was applied: Wednesday, May 28, 2003 at 10:38:50 AM



###############################################################

  Computer Group Policy results for:



  Domain Name:          ACDSERVER
  Domain Type:          Windows 2000
  Site Name:            Default-First-Site-Name


  The computer is a member of the following security groups:

        BUILTIN\Administrators
        \Everyone
        NT AUTHORITY\Authenticated Users

###############################################################

Last time Group Policy was applied: Wednesday, May 28, 2003 at 10:35:43 AM


===============================================================


The computer received "Registry" settings from these GPOs:

        Local Group Policy


===============================================================
The computer received "EFS recovery" settings from these GPOs:

        Local Group Policy

So maybe the next time I visit the site I will try to get to the heart of the matter. Thanks are due to 'craigtin' for his comments though I could only accept one comment.

Cheers
-zeeshan
0
 
MSGeekCommented:
You could request the 20 point sget split, or give them all to craigtin, I don't mind.  Either way, thanks for the followup, that is what really makes this site what it is all about.  MSGeek
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now