zrazzaque
asked on
domain policy continued
I created an OU and moved some users and computers there. I also created a GPO for the OU but there is still one problem. The users when logged onto the client workstations do not seem to inherit the group policy such as desktop settings and other restrcitions i had enabled in the GPO. However when I logged on the same users on the server machine(by adding them to the domain admins security group) the group policy WAS enforced. It seems that the local policy on other computers is taking precedence over the domain policy which i believe is wrong. Where am I going wrong again? Now I maybe missing some minor detail here, basically I am not an administrator or analyst, just a plain old programmer having to do this thing one odd time.
Cheers
Zee
Cheers
Zee
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well its Win2k professional on the local machines. The group policies are not pushing out at all. However the settings I make to the users in AD users and computers, such as limited logon times are taking effect. Even for Admins logging into local machines the policy is not taking effect. Any clues?
It sounds like you are setting user permissions.
Use GPResult /U from a client after logging on to the domain as one of the restricted users.
You must be logged in to the domain in order for these policies to be applied. If you get a result from GPResult indicating that no domain has been found; log in as user@yourdomain.com. Then try GPResult again.
Use GPResult /U from a client after logging on to the domain as one of the restricted users.
You must be logged in to the domain in order for these policies to be applied. If you get a result from GPResult indicating that no domain has been found; log in as user@yourdomain.com. Then try GPResult again.
This question is still open and getting old. If any of the comment(s) above helped you please accept it as an answer or split the points who ever helped you in this question. Your attention in finalising this question is very much appreciated. Thanks in advance,
****** PLEASE DO NOT ACCEPT THIS AS AN ANSWER ********
- If you would like to close this question and have your points refunded, please post a question in community support area on https://www.experts-exchange.com/Community_Support/ giving the address of this question. Thank you
Pasha
Cleanup Volunteer
****** PLEASE DO NOT ACCEPT THIS AS AN ANSWER ********
- If you would like to close this question and have your points refunded, please post a question in community support area on https://www.experts-exchange.com/Community_Support/ giving the address of this question. Thank you
Pasha
Cleanup Volunteer
zrazzaque.. I bet it was DNS, what happened? MSGeek
ASKER
Actually I ran gpresult on a client and it showed that it WAS 'downloading' the security policies but from some other windows server machine on the LAN. Only after I re-installed windows 2000 professional on the client did it start behaving properly. Actually I had to enforce the domain policies on a LAN elsewhere and the client systems there never had joined a domain before. When I installed the domain server on a machine there and set the clients to log onto that domain, the security policies WERE being applied. I didnt further investigate the problem since, as I said before, it was a one-off job. However I was called a couple of days back from the location where I had setup the security policies that they had removed two client systems from the LAN and replced those with two other new computers and that when they logged onto the domain from those computers the security policies were not taking effect. I asked them to re-install windows 2k professional and try again but that didnt work either. When i asked them to run gpresult it showed the following output:
C:\Program Files\Resource Kit>gpresult.exe
Microsoft (R) Windows (R) 2000 Operating System Group Policy Result tool
Copyright (C) Microsoft Corp. 1981-1999
Created on Wednesday, May 28, 2003 at 10:43:18 AM
Operating System Information:
Operating System Type: Professional
Operating System Version: 5.0.2195
Terminal Server Mode: Not supported
##########################
User Group Policy results for:
Domain Name: ACDSERVER
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
Roaming profile: (None)
Local profile: C:\Documents and Settings\111
The user is a member of the following security groups:
##########################
Last time Group Policy was applied: Wednesday, May 28, 2003 at 10:38:50 AM
##########################
Computer Group Policy results for:
Domain Name: ACDSERVER
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
The computer is a member of the following security groups:
BUILTIN\Administrators
\Everyone
NT AUTHORITY\Authenticated Users
##########################
Last time Group Policy was applied: Wednesday, May 28, 2003 at 10:35:43 AM
==========================
The computer received "Registry" settings from these GPOs:
Local Group Policy
==========================
The computer received "EFS recovery" settings from these GPOs:
Local Group Policy
So maybe the next time I visit the site I will try to get to the heart of the matter. Thanks are due to 'craigtin' for his comments though I could only accept one comment.
Cheers
-zeeshan
C:\Program Files\Resource Kit>gpresult.exe
Microsoft (R) Windows (R) 2000 Operating System Group Policy Result tool
Copyright (C) Microsoft Corp. 1981-1999
Created on Wednesday, May 28, 2003 at 10:43:18 AM
Operating System Information:
Operating System Type: Professional
Operating System Version: 5.0.2195
Terminal Server Mode: Not supported
##########################
User Group Policy results for:
Domain Name: ACDSERVER
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
Roaming profile: (None)
Local profile: C:\Documents and Settings\111
The user is a member of the following security groups:
##########################
Last time Group Policy was applied: Wednesday, May 28, 2003 at 10:38:50 AM
##########################
Computer Group Policy results for:
Domain Name: ACDSERVER
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
The computer is a member of the following security groups:
BUILTIN\Administrators
\Everyone
NT AUTHORITY\Authenticated Users
##########################
Last time Group Policy was applied: Wednesday, May 28, 2003 at 10:35:43 AM
==========================
The computer received "Registry" settings from these GPOs:
Local Group Policy
==========================
The computer received "EFS recovery" settings from these GPOs:
Local Group Policy
So maybe the next time I visit the site I will try to get to the heart of the matter. Thanks are due to 'craigtin' for his comments though I could only accept one comment.
Cheers
-zeeshan
You could request the 20 point sget split, or give them all to craigtin, I don't mind. Either way, thanks for the followup, that is what really makes this site what it is all about. MSGeek
Listen to MSGeek and bring forth more information.