Solved

Client Machines are not affected by the group policies.

Posted on 2003-11-11
8
253 Views
Last Modified: 2010-07-27
Hi all.
This is my problem. I have configured Active Drectory on a W2000Server. Everything is OK exept for the group policy. Client computers (all w2000pro) are not affected by the policy. I have make a new OU add a new policy for it and edit the group policy but the users on local machines are not affected. Local machines are not affected iven by the DEFAULT DOMAIN POLICY that restrict iven the adminstrator of the DC. Iven if i logon on a client machine as the administrator in the domain i have no restriction at all.
Any advice is very appreciated. Many thanks in advance.

0
Comment
Question by:kotfare123
8 Comments
 
LVL 6

Expert Comment

by:Casca1
ID: 9722048
Move the computers from the default OU into the new container you created, or move them into the appropriate containers.
Let's say you have created OU's for your Sales and marketing Dept.'s The easiest and best way to deal with the computers used by those OU's is to actually move the computer object into the OU where it will be used.
Then, you can apply GPO's based on your OU structure.
As to the Default Domain GPO, where and how did you make the settings? In the Computer node, or user node?
Silly question, I know, but some times, the obvious is easily overlooked.
Also, did you change the security permissions on the GPO? you may have at one time removed the Authenticated users, or everyone groups from it, and that may be what is happening.
Good Luck!
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 9722606
Check with this link that you have done everything correctly:
http://support.microsoft.com/default.aspx?scid=kb;en-us;322143

Also if everything is correct, try refreshing the clients with SECEDIT /Refreshpolicy
SECEDIT /? for help.
0
 

Expert Comment

by:dwissing
ID: 9722634
This may sound silly but have you joined the W2kpro systems to the domain?  Are you logging onto the systems as a local user or domain user? Are the domain user accounts located in the OU where you created the group policy object.  
0
 

Author Comment

by:kotfare123
ID: 9732159
thanks to all of you.
i have moved all the users i want to restrict into 1 OU(let say Sales) and i have created New group policy for the OU. Nothing has happend. I have apply the settings both in the computer and user node. The GPO have the security permisions OK(to APPLY RESTRICTIONS to Sales OU) and there is on other GPO to override it.
Sory for my delay in reply. Thanks again.
0
 
LVL 6

Accepted Solution

by:
Casca1 earned 125 total points
ID: 9732568
Some restrictions won't apply to users. I would recommend moving the computers into the same OU as the user, or creating a sub OU for the computers in the Sales OU specifically for the Computers and moving them there.
For simplicity's sake, you would think that making the GPO you want to apply settings to users and computers in one GPO, and it would seem to be logical to do so. However, doing so can cause strange behaviour.
I would recommend the following. Using your Sales OU as the top level OU, create two child OU's, one for Users and one for Computers. It's not absolutely necessary to create an OU for both, but it does help to group everything together.
Create seperate GPO's, one to apply settings to users and one to apply settings to computers, and then apply them to the respective container.
This might seem counter intuitive, but by keeping the settings seperated, it makes life a little easier in other areas, such as troubleshooting GPO issues.
Of course, the problem here is that you would have to compare settings between two different GPO's when creating, changing, and for some potential conflict troubleshooting. But for ease of administration, by consistently keeping the user and computer GPO's seperate, it truly does become easier to troubleshoot.
Hope this helps, and good luck!
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
unable to search  data in SQL 2000 server 10 312
windows explorer 21 181
Server 2012R2 Foundation and Server 2000 3 135
Server 2012 R2 added to a Windows 2000 domain 3 83
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Read our guide on how to survive being on-call.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question