Problems with policies and GPMC in Win2K3 server
Posted on 2006-03-28
I had a tenuous grip on the ways and means of GPOs on Win2K. We have a very limited number of policies in effect and it seemed to do what I wanted it to do. Several months ago I had the bright idea to install the new GPMC on our new win2K3 server (DC) and it's actually quite impressive looking. Gradually I began to run into some problems with some users being unable to update their PCs through the Windows Update site so I downloaded the updates and put them into a directory on a NAS and logged into their machines as administrator to run the updates. I get the same message that they do when they try to update, "you do not have permission to update windows". So, I meticuously went through the Domain policy looking for that control and found reference to "windows Update" but it was not configured. I did the same with the other GPOs as well and found the same thing that I did on the Domain policy..."not configured". I then blocked inheritance of GP for the groups of which the user was a member. Still no appreciable change in the ability, or lack of, to update windows, logged in as the user or as the admin. I guess I'm not very comfortable with the new GPO interface, GPMC, and wish that I had not installed it. I've looked on the MS website for any mention of removing it without having found any mention of removing it and returning to the simple screen that it used to be like on Win2K server. I want to know if anyone has ever removed it and returned to the simple interface and which approach to use to do that. Is it possible to just delete all of the GPOs and start over? I tested the update problem with the user's login. I logged into my PC with his credentials and got the same message that I had gotten on his PC. My PC, when I am logged in, can access and download just about anything so therefore the issue must be with his login credentials. He is a member of 3 groups, Domain Users -a mail distribution List group - and a security group that has access permissions to a secure NAS. I have moved him into the same group that I'm a member of and his login still cannot update windows. Does anyone have any ideas?