Client Machines are not affected by the group policies.

Hi all.
This is my problem. I have configured Active Drectory on a W2000Server. Everything is OK exept for the group policy. Client computers (all w2000pro) are not affected by the policy. I have make a new OU add a new policy for it and edit the group policy but the users on local machines are not affected. Local machines are not affected iven by the DEFAULT DOMAIN POLICY that restrict iven the adminstrator of the DC. Iven if i logon on a client machine as the administrator in the domain i have no restriction at all.
Any advice is very appreciated. Many thanks in advance.

kotfare123Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Casca1Commented:
Move the computers from the default OU into the new container you created, or move them into the appropriate containers.
Let's say you have created OU's for your Sales and marketing Dept.'s The easiest and best way to deal with the computers used by those OU's is to actually move the computer object into the OU where it will be used.
Then, you can apply GPO's based on your OU structure.
As to the Default Domain GPO, where and how did you make the settings? In the Computer node, or user node?
Silly question, I know, but some times, the obvious is easily overlooked.
Also, did you change the security permissions on the GPO? you may have at one time removed the Authenticated users, or everyone groups from it, and that may be what is happening.
Good Luck!
0
Rob StoneCommented:
Check with this link that you have done everything correctly:
http://support.microsoft.com/default.aspx?scid=kb;en-us;322143

Also if everything is correct, try refreshing the clients with SECEDIT /Refreshpolicy
SECEDIT /? for help.
0
dwissingCommented:
This may sound silly but have you joined the W2kpro systems to the domain?  Are you logging onto the systems as a local user or domain user? Are the domain user accounts located in the OU where you created the group policy object.  
0
kotfare123Author Commented:
thanks to all of you.
i have moved all the users i want to restrict into 1 OU(let say Sales) and i have created New group policy for the OU. Nothing has happend. I have apply the settings both in the computer and user node. The GPO have the security permisions OK(to APPLY RESTRICTIONS to Sales OU) and there is on other GPO to override it.
Sory for my delay in reply. Thanks again.
0
Casca1Commented:
Some restrictions won't apply to users. I would recommend moving the computers into the same OU as the user, or creating a sub OU for the computers in the Sales OU specifically for the Computers and moving them there.
For simplicity's sake, you would think that making the GPO you want to apply settings to users and computers in one GPO, and it would seem to be logical to do so. However, doing so can cause strange behaviour.
I would recommend the following. Using your Sales OU as the top level OU, create two child OU's, one for Users and one for Computers. It's not absolutely necessary to create an OU for both, but it does help to group everything together.
Create seperate GPO's, one to apply settings to users and one to apply settings to computers, and then apply them to the respective container.
This might seem counter intuitive, but by keeping the settings seperated, it makes life a little easier in other areas, such as troubleshooting GPO issues.
Of course, the problem here is that you would have to compare settings between two different GPO's when creating, changing, and for some potential conflict troubleshooting. But for ease of administration, by consistently keeping the user and computer GPO's seperate, it truly does become easier to troubleshoot.
Hope this helps, and good luck!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.