?
Solved

Group policy not being applied to Users.

Posted on 2003-03-17
16
Medium Priority
?
344 Views
Last Modified: 2010-03-19
My (only) server is running Windows 2000 Advance Server and the operating system that users log onto is Windows XP Pro.

I have created an organization unit in active directory users and computers that I have put all my users in. I have also created a Group Policy object that is attached to that organization unit.

If I set a policy, for example, that users can not see icons on the desktop. Then log onto any client PC (win xp pro), the policy is not applied as you can see the icons on the desktop.

But if I log the user onto the domain controller server, the desktop icons disappear as the policy is applied to the user.

If I log the user back onto the win xp computer the user still doesn’t see the icons on the desktop as the users account has been updated by the DC.

At the moment I am logging every user onto the DC once to get their settings applied; this is not best practice so I am hopping that someone can help me with this problem.

I am guessing it is a rights issue.

Thanks to all who reply

David Graham
UK
0
Comment
Question by:grahamsoft
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 3
  • +2
16 Comments
 

Author Comment

by:grahamsoft
ID: 8158484
i can leave the server on for days and still the policy is not applied. I often restart client PCs to see if this has any effect but it does not.

Waiting has not solved my problem. A step by step way of creating and applying group policys to computers and users may be usfull to me.

David
0
 

Expert Comment

by:groundwar
ID: 8160237
Just a thought; You log on to the Server and the group policy is applied to client machine, be when you log back on to the XP machine the group policy could still be in place from the 200 Server and not refreshing. Shouldn't you use gpupdate /target:computer to refresh the settings?? Am I making sense here?
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 1

Expert Comment

by:Mcscotsman
ID: 8160806
David-

I see. According to the article that I sent you, the policy refreshes every 16 hours whether there's a change or not, so being as you have waited at least that amount of time, I don't think the gpupdate will work for. However, it also won't hurt either. I would go through that article and use the gpupdate command specific to your environment, and I'll do some research and check back later.
0
 
LVL 1

Expert Comment

by:Mcscotsman
ID: 8161260
0
 

Author Comment

by:grahamsoft
ID: 8161599
i have done a 'Resultant Set of Policy' in Windows XP and i came back with this error:

18 March 2003 19:45:15

Group Policy Infrastructure failed due to the error listed below.
The specified domain either does not exist or could not be contacted.

Note:  Due to the GP Core failure, none of the other Group Policy components processed their policy.  Consequently, status information for the other components is not available.

Im guessing this message isnt usefull, but to me its odd as i can log in users fine and view files/profiles ect. over the network.

AD has just been freshly installed, so may need configuation.

When i connected the computers to the domain, i used the administrators username and password, was this right to do so?

this problem has been buging me for a long time but i just cant think what it might be.
0
 
LVL 1

Expert Comment

by:Mcscotsman
ID: 8161628
And this for troubleshooting your client, although I think your issue is server side, not client- but it may come in handy.

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B216358
0
 

Author Comment

by:grahamsoft
ID: 8161737
i have done a 'Resultant Set of Policy' in Windows XP and i came back with this error:

18 March 2003 19:45:15

Group Policy Infrastructure failed due to the error listed below.
The specified domain either does not exist or could not be contacted.

Note:  Due to the GP Core failure, none of the other Group Policy components processed their policy.  Consequently, status information for the other components is not available.

Im guessing this message isnt usefull, but to me its odd as i can log in users fine and view files/profiles ect. over the network.

AD has just been freshly installed, so may need configuation.

When i connected the computers to the domain, i used the administrators username and password, was this right to do so?

this problem has been buging me for a long time but i just cant think what it might be.
0
 
LVL 11

Expert Comment

by:rafael_acc
ID: 8166442
Are you sure that you have joined the computer to domain ?
It may be a good reason for your problem.

Let me know. I have a feeling I could help you.

thanks.
0
 

Author Comment

by:grahamsoft
ID: 8190095
well this is how i have joined them to a domain, please tell me if im going wrong:

1. Right click on My Computer, select properties
2. In system properties, click Computer Name
3. Click the Network ID button
4. In Wizard: Next
5. Computer is part of a business Network, Next
6. Uses a network with a domain, Next
7. Next,
8. User Account and Domain Information, I enter the administrator as the user name, and the admins password. In domain i type the domain i want to connect to, Next
9. I get the message ‘Windows cannot find an account for your computer on the %domain name% domain’ It then asks me to enter the computer name and computer domain, I enter this information., Next
10. Then it asks me for a name and password with permissions to join the domain. I enter  the admin username/password, OK
11. then asks me to add at user, I choose ‘do not add user at this time’, Next
12. Finish
13. Computer restart
0
 
LVL 11

Expert Comment

by:rafael_acc
ID: 8202711
Ok. Maybe you are locally loging in. Check if you are really joining the domain!!! I'm insisting on that kind of comments becouse your case is a bit stupid man .... I mean, if you get the policies when loging on the DC then you should get the same policies when loging to the domain from a remote computer....

Any way ...

Let me know. This is a good question for me as I'm taking the 70-215 Exam, next Saturday.

;)
0
 
LVL 11

Expert Comment

by:rafael_acc
ID: 8202729
I mean loging to the domain. When loging on, you have an option for choosing the domain where you are entering!
0
 

Author Comment

by:grahamsoft
ID: 8205188
im logging onto the domain for sure. It looks like i will have to give up on this.

thanks all for your help anyway
0
 

Author Comment

by:grahamsoft
ID: 9513969
I solved this problem by deleting the "dot" in DNS.
0
 

Accepted Solution

by:
CetusMOD earned 0 total points
ID: 10854869
PAQed, with points refunded (50)

CetusMOD
Community Support Moderator
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question