I've dug a bit of a hole involving Group Policy Objects in Windows 2000 Server.
Everything appeared to be going well. I created a couple of Organisation Units, put some users, computers and groups in them and configured GPOs to control access. I was configuring the client machines on the same network segment as the server and access was restricted as required. Excellent (or so I thought) and the boss was pleased with how restricted everything was.
Now at a later date I've needed to remove a couple of restrictions (to allow a user to add a new printer for example). I've altered the GPO setting on the server but no matter what I do the restriction isn't lifted on the client machine. Now the user can't add a printer and the boss isn't so pleased with the restrictions :-)
Where have I gone wrong? The only difference now is that the client PCs (running XP Pro) are on remote network segments linked via VPN and don't obtain IP addresses from the server. I've tried GPUPDATE with no luck and it's really annoying me (and the boss).
I've even tried creating new OUs and GPOs from scratch but the old restrictions still persist. Ouch.
Any help greatly appreciated