Using GPO filtering in W2000
I have created an OU OU1 and created a users group G1 , I put user1 in G1, and put G1 in OU1, I have created gpo GPO1 with a setting to hide desktop icons and linked GPO1 to OU1. in the properties ogf GPO1/Security I added group G1 and gave it read and apply group policy permission.
I run secedit in the server , run gpupdate in the client , I logged with user1 credentials but the GPO didn't apply.
I run gpresult in the client logged with user1 and can see the gpo GPO1 applied.
any idea?
thanks
I run secedit in the server , run gpupdate in the client , I logged with user1 credentials but the GPO didn't apply.
I run gpresult in the client logged with user1 and can see the gpo GPO1 applied.
any idea?
thanks
Have you tried adding "Authenticated Users" with a read permission only to the security. I had the same issue with my TS servers and found that this entry fixed it.
ASKER
authenticated users is already there by default
ASKER
you said Read only, no apply group policy?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have done this a minute ago , gave the read only to authenticated users, run secedit on the server and gpupdate on the client, but the gpo didn't apply .
Is the client Win2k or XP?
If XP, run gpupdate /force
Also, are there any messages in the event log? They will userenv or scecli
If XP, run gpupdate /force
Also, are there any messages in the event log? They will userenv or scecli
ASKER
it's XP and I used gpupdate /force
gpresult and it does show the policy applied
gpresult and it does show the policy applied
ASKER
to determine if the gpo is working a created a user object User2 and put under the OU1 and the gpo get applied to it. I logged on with User2 credentials and there was no icon on the desktop.
the problem now is why the filtered GPO doesn't work
the problem now is why the filtered GPO doesn't work
ASKER
I mean the filtered GPO for the group G1 doesn't get applied.
but when I put user2 under OU1 it worked.
but when I put user2 under OU1 it worked.
ASKER
I documented this link, and I think I have set it up just the same
http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Security-Filtering.html
http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Security-Filtering.html
That's exactly it. When you logon as user1, do you get any events in the event log?
ASKER
there is nothing in the event log about the gpo
and in the gpresult , it doesn't even mention the name of the GPO.
but if I put a single user inside the OU where the GPO is linked to , it gets applied.
and in the gpresult , it doesn't even mention the name of the GPO.
but if I put a single user inside the OU where the GPO is linked to , it gets applied.
ASKER
have you tried before to apply a gpo to a group of users through filtering?