OK, I've been working on this for a week, and cannot figure it out. I'll preface the problem with what I'm trying to accomplish, then go deeper into the problem.
What I'm trying to do: I'm setting up a new office network consisting of a 2003 Server and about 25 XP workstations. The Server hosts several pieces of software and databases used by the workstations. The main program that is run is a customer database. It works (poorly in my opinion) by running an exe file from the server, almost like a batch file. This requires that the users on the workstations have at least "power user" access, as it writes local system files and accesses the clock.
What I've done so far: Initially, I set up a workgroup, and mapped drives so everything worked. Really, there were no real problems. I just gave all local users "power user" access. I then decided that I would like to set up a Domain, so I would have a much easier time deploying group policies (plus, I wanted to learn how to do it). I set up the server as a domain controller (with AD) and added a few workstations so I could start testing. Because the users must have local “power user” rights, I set everyone up as domain users (on the DC), then I added “authenticated users” to the local “power user” group (on the workstations). So far so good, and everything continues to work.
The Problem: Now that I’ve gotten that working, I started trying to set up Group Policies. I set up OUs for several different departments and added a GPO to one to see how it would work. For starters, I disabled the control panel. But, I cannot get the policies to push down to the workstations. I have added the correct users to the OU, I’ve performed several gpupdates, I have turned off the login optimization on the workstations, I have removed the local power user rights, I have added groups and even users directly to the GPO, and I even added the computer to the OU. I made sure the domain users had “read” and “apply group policy” permissions on the GPO. There are no active filters and no WMI filters. I’ve even bounced the server a few times.
I am totally confused.
I’ve been using the Active Directory Users and Computers GUI to perform all the changes. I’ve not yet used the GPMC, but I’ve DL’d it and I will try it today. I think that covers everything I have done/tried. Please help…