grahamsoft
asked on
Group policy not being applied to Users.
My (only) server is running Windows 2000 Advance Server and the operating system that users log onto is Windows XP Pro.
I have created an organization unit in active directory users and computers that I have put all my users in. I have also created a Group Policy object that is attached to that organization unit.
If I set a policy, for example, that users can not see icons on the desktop. Then log onto any client PC (win xp pro), the policy is not applied as you can see the icons on the desktop.
But if I log the user onto the domain controller server, the desktop icons disappear as the policy is applied to the user.
If I log the user back onto the win xp computer the user still doesn’t see the icons on the desktop as the users account has been updated by the DC.
At the moment I am logging every user onto the DC once to get their settings applied; this is not best practice so I am hopping that someone can help me with this problem.
I am guessing it is a rights issue.
Thanks to all who reply
David Graham
UK
I have created an organization unit in active directory users and computers that I have put all my users in. I have also created a Group Policy object that is attached to that organization unit.
If I set a policy, for example, that users can not see icons on the desktop. Then log onto any client PC (win xp pro), the policy is not applied as you can see the icons on the desktop.
But if I log the user onto the domain controller server, the desktop icons disappear as the policy is applied to the user.
If I log the user back onto the win xp computer the user still doesn’t see the icons on the desktop as the users account has been updated by the DC.
At the moment I am logging every user onto the DC once to get their settings applied; this is not best practice so I am hopping that someone can help me with this problem.
I am guessing it is a rights issue.
Thanks to all who reply
David Graham
UK
ASKER
i can leave the server on for days and still the policy is not applied. I often restart client PCs to see if this has any effect but it does not.
Waiting has not solved my problem. A step by step way of creating and applying group policys to computers and users may be usfull to me.
David
Waiting has not solved my problem. A step by step way of creating and applying group policys to computers and users may be usfull to me.
David
Just a thought; You log on to the Server and the group policy is applied to client machine, be when you log back on to the XP machine the group policy could still be in place from the 200 Server and not refreshing. Shouldn't you use gpupdate /target:computer to refresh the settings?? Am I making sense here?
David-
I see. According to the article that I sent you, the policy refreshes every 16 hours whether there's a change or not, so being as you have waited at least that amount of time, I don't think the gpupdate will work for. However, it also won't hurt either. I would go through that article and use the gpupdate command specific to your environment, and I'll do some research and check back later.
I see. According to the article that I sent you, the policy refreshes every 16 hours whether there's a change or not, so being as you have waited at least that amount of time, I don't think the gpupdate will work for. However, it also won't hurt either. I would go through that article and use the gpupdate command specific to your environment, and I'll do some research and check back later.
David-
This should point you in the right direction.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/howto/grpolwt.asp
This should point you in the right direction.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/howto/grpolwt.asp
ASKER
i have done a 'Resultant Set of Policy' in Windows XP and i came back with this error:
18 March 2003 19:45:15
Group Policy Infrastructure failed due to the error listed below.
The specified domain either does not exist or could not be contacted.
Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.
Im guessing this message isnt usefull, but to me its odd as i can log in users fine and view files/profiles ect. over the network.
AD has just been freshly installed, so may need configuation.
When i connected the computers to the domain, i used the administrators username and password, was this right to do so?
this problem has been buging me for a long time but i just cant think what it might be.
18 March 2003 19:45:15
Group Policy Infrastructure failed due to the error listed below.
The specified domain either does not exist or could not be contacted.
Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.
Im guessing this message isnt usefull, but to me its odd as i can log in users fine and view files/profiles ect. over the network.
AD has just been freshly installed, so may need configuation.
When i connected the computers to the domain, i used the administrators username and password, was this right to do so?
this problem has been buging me for a long time but i just cant think what it might be.
And this for troubleshooting your client, although I think your issue is server side, not client- but it may come in handy.
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B216358
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B216358
ASKER
i have done a 'Resultant Set of Policy' in Windows XP and i came back with this error:
18 March 2003 19:45:15
Group Policy Infrastructure failed due to the error listed below.
The specified domain either does not exist or could not be contacted.
Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.
Im guessing this message isnt usefull, but to me its odd as i can log in users fine and view files/profiles ect. over the network.
AD has just been freshly installed, so may need configuation.
When i connected the computers to the domain, i used the administrators username and password, was this right to do so?
this problem has been buging me for a long time but i just cant think what it might be.
18 March 2003 19:45:15
Group Policy Infrastructure failed due to the error listed below.
The specified domain either does not exist or could not be contacted.
Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.
Im guessing this message isnt usefull, but to me its odd as i can log in users fine and view files/profiles ect. over the network.
AD has just been freshly installed, so may need configuation.
When i connected the computers to the domain, i used the administrators username and password, was this right to do so?
this problem has been buging me for a long time but i just cant think what it might be.
Are you sure that you have joined the computer to domain ?
It may be a good reason for your problem.
Let me know. I have a feeling I could help you.
thanks.
It may be a good reason for your problem.
Let me know. I have a feeling I could help you.
thanks.
ASKER
well this is how i have joined them to a domain, please tell me if im going wrong:
1. Right click on My Computer, select properties
2. In system properties, click Computer Name
3. Click the Network ID button
4. In Wizard: Next
5. Computer is part of a business Network, Next
6. Uses a network with a domain, Next
7. Next,
8. User Account and Domain Information, I enter the administrator as the user name, and the admins password. In domain i type the domain i want to connect to, Next
9. I get the message ‘Windows cannot find an account for your computer on the %domain name% domain’ It then asks me to enter the computer name and computer domain, I enter this information., Next
10. Then it asks me for a name and password with permissions to join the domain. I enter the admin username/password, OK
11. then asks me to add at user, I choose ‘do not add user at this time’, Next
12. Finish
13. Computer restart
1. Right click on My Computer, select properties
2. In system properties, click Computer Name
3. Click the Network ID button
4. In Wizard: Next
5. Computer is part of a business Network, Next
6. Uses a network with a domain, Next
7. Next,
8. User Account and Domain Information, I enter the administrator as the user name, and the admins password. In domain i type the domain i want to connect to, Next
9. I get the message ‘Windows cannot find an account for your computer on the %domain name% domain’ It then asks me to enter the computer name and computer domain, I enter this information., Next
10. Then it asks me for a name and password with permissions to join the domain. I enter the admin username/password, OK
11. then asks me to add at user, I choose ‘do not add user at this time’, Next
12. Finish
13. Computer restart
Ok. Maybe you are locally loging in. Check if you are really joining the domain!!! I'm insisting on that kind of comments becouse your case is a bit stupid man .... I mean, if you get the policies when loging on the DC then you should get the same policies when loging to the domain from a remote computer....
Any way ...
Let me know. This is a good question for me as I'm taking the 70-215 Exam, next Saturday.
;)
Any way ...
Let me know. This is a good question for me as I'm taking the 70-215 Exam, next Saturday.
;)
I mean loging to the domain. When loging on, you have an option for choosing the domain where you are entering!
ASKER
im logging onto the domain for sure. It looks like i will have to give up on this.
thanks all for your help anyway
thanks all for your help anyway
ASKER
I solved this problem by deleting the "dot" in DNS.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/entserver/SS_apply.asp