Solved

Client Machines are not affected by the group policies.

Posted on 2003-11-11
8
250 Views
Last Modified: 2010-07-27
Hi all.
This is my problem. I have configured Active Drectory on a W2000Server. Everything is OK exept for the group policy. Client computers (all w2000pro) are not affected by the policy. I have make a new OU add a new policy for it and edit the group policy but the users on local machines are not affected. Local machines are not affected iven by the DEFAULT DOMAIN POLICY that restrict iven the adminstrator of the DC. Iven if i logon on a client machine as the administrator in the domain i have no restriction at all.
Any advice is very appreciated. Many thanks in advance.

0
Comment
Question by:kotfare123
8 Comments
 
LVL 6

Expert Comment

by:Casca1
ID: 9722048
Move the computers from the default OU into the new container you created, or move them into the appropriate containers.
Let's say you have created OU's for your Sales and marketing Dept.'s The easiest and best way to deal with the computers used by those OU's is to actually move the computer object into the OU where it will be used.
Then, you can apply GPO's based on your OU structure.
As to the Default Domain GPO, where and how did you make the settings? In the Computer node, or user node?
Silly question, I know, but some times, the obvious is easily overlooked.
Also, did you change the security permissions on the GPO? you may have at one time removed the Authenticated users, or everyone groups from it, and that may be what is happening.
Good Luck!
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 9722606
Check with this link that you have done everything correctly:
http://support.microsoft.com/default.aspx?scid=kb;en-us;322143

Also if everything is correct, try refreshing the clients with SECEDIT /Refreshpolicy
SECEDIT /? for help.
0
 

Expert Comment

by:dwissing
ID: 9722634
This may sound silly but have you joined the W2kpro systems to the domain?  Are you logging onto the systems as a local user or domain user? Are the domain user accounts located in the OU where you created the group policy object.  
0
 

Author Comment

by:kotfare123
ID: 9732159
thanks to all of you.
i have moved all the users i want to restrict into 1 OU(let say Sales) and i have created New group policy for the OU. Nothing has happend. I have apply the settings both in the computer and user node. The GPO have the security permisions OK(to APPLY RESTRICTIONS to Sales OU) and there is on other GPO to override it.
Sory for my delay in reply. Thanks again.
0
 
LVL 6

Accepted Solution

by:
Casca1 earned 125 total points
ID: 9732568
Some restrictions won't apply to users. I would recommend moving the computers into the same OU as the user, or creating a sub OU for the computers in the Sales OU specifically for the Computers and moving them there.
For simplicity's sake, you would think that making the GPO you want to apply settings to users and computers in one GPO, and it would seem to be logical to do so. However, doing so can cause strange behaviour.
I would recommend the following. Using your Sales OU as the top level OU, create two child OU's, one for Users and one for Computers. It's not absolutely necessary to create an OU for both, but it does help to group everything together.
Create seperate GPO's, one to apply settings to users and one to apply settings to computers, and then apply them to the respective container.
This might seem counter intuitive, but by keeping the settings seperated, it makes life a little easier in other areas, such as troubleshooting GPO issues.
Of course, the problem here is that you would have to compare settings between two different GPO's when creating, changing, and for some potential conflict troubleshooting. But for ease of administration, by consistently keeping the user and computer GPO's seperate, it truly does become easier to troubleshoot.
Hope this helps, and good luck!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Microsoft Office Picture Manager was included in Office 2003, 2007, and 2010, but not in Office 2013. Users had hopes that it would be in Office 2016/Office 365, but it is not. Fortunately, the same zero-cost technique that works to install it with …
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
Concerto provides fully managed cloud services and the expertise to provide an easy and reliable route to the cloud. Our best-in-class solutions help you address the toughest IT challenges, find new efficiencies and deliver the best application expe…

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now