Solved

Client Machines are not affected by the group policies.

Posted on 2003-11-11
8
249 Views
Last Modified: 2010-07-27
Hi all.
This is my problem. I have configured Active Drectory on a W2000Server. Everything is OK exept for the group policy. Client computers (all w2000pro) are not affected by the policy. I have make a new OU add a new policy for it and edit the group policy but the users on local machines are not affected. Local machines are not affected iven by the DEFAULT DOMAIN POLICY that restrict iven the adminstrator of the DC. Iven if i logon on a client machine as the administrator in the domain i have no restriction at all.
Any advice is very appreciated. Many thanks in advance.

0
Comment
Question by:kotfare123
8 Comments
 
LVL 6

Expert Comment

by:Casca1
ID: 9722048
Move the computers from the default OU into the new container you created, or move them into the appropriate containers.
Let's say you have created OU's for your Sales and marketing Dept.'s The easiest and best way to deal with the computers used by those OU's is to actually move the computer object into the OU where it will be used.
Then, you can apply GPO's based on your OU structure.
As to the Default Domain GPO, where and how did you make the settings? In the Computer node, or user node?
Silly question, I know, but some times, the obvious is easily overlooked.
Also, did you change the security permissions on the GPO? you may have at one time removed the Authenticated users, or everyone groups from it, and that may be what is happening.
Good Luck!
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 9722606
Check with this link that you have done everything correctly:
http://support.microsoft.com/default.aspx?scid=kb;en-us;322143

Also if everything is correct, try refreshing the clients with SECEDIT /Refreshpolicy
SECEDIT /? for help.
0
 

Expert Comment

by:dwissing
ID: 9722634
This may sound silly but have you joined the W2kpro systems to the domain?  Are you logging onto the systems as a local user or domain user? Are the domain user accounts located in the OU where you created the group policy object.  
0
 

Author Comment

by:kotfare123
ID: 9732159
thanks to all of you.
i have moved all the users i want to restrict into 1 OU(let say Sales) and i have created New group policy for the OU. Nothing has happend. I have apply the settings both in the computer and user node. The GPO have the security permisions OK(to APPLY RESTRICTIONS to Sales OU) and there is on other GPO to override it.
Sory for my delay in reply. Thanks again.
0
 
LVL 6

Accepted Solution

by:
Casca1 earned 125 total points
ID: 9732568
Some restrictions won't apply to users. I would recommend moving the computers into the same OU as the user, or creating a sub OU for the computers in the Sales OU specifically for the Computers and moving them there.
For simplicity's sake, you would think that making the GPO you want to apply settings to users and computers in one GPO, and it would seem to be logical to do so. However, doing so can cause strange behaviour.
I would recommend the following. Using your Sales OU as the top level OU, create two child OU's, one for Users and one for Computers. It's not absolutely necessary to create an OU for both, but it does help to group everything together.
Create seperate GPO's, one to apply settings to users and one to apply settings to computers, and then apply them to the respective container.
This might seem counter intuitive, but by keeping the settings seperated, it makes life a little easier in other areas, such as troubleshooting GPO issues.
Of course, the problem here is that you would have to compare settings between two different GPO's when creating, changing, and for some potential conflict troubleshooting. But for ease of administration, by consistently keeping the user and computer GPO's seperate, it truly does become easier to troubleshoot.
Hope this helps, and good luck!
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
For cloud, the “train has left the station” and in the Microsoft ERP & CRM world, that means the next generation of enterprise software from Microsoft is here: Dynamics 365 is Microsoft’s new integrated business solution that unifies CRM and ERP fun…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now