Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 457
  • Last Modified:

GPO -- I created one but doesn't work?

I created a GPO called "HighRiskUser", it disables access to add/remove, cmd prompt, etc....

TempUser (fictitious) is a member of GrpHighRisk AND IS ALSO IN OU OuHighRisk.  But when TEMPUSER loggs in XP client, NOTHING HAPPENS?

GPO SCOPE...

LINKS
The following sites, domains, and OUs are linked to this GPO:
GrpRiskUsers   Enforced=Y,Link=Y
mpa.local        Enforced=Y,Link=Y


SECURITY FILTERING

The settings in this GPO can only apply to the following groups:
GrpHighRisk (mpa\grpHighRisk)

WMI Filtering:
<none>
0
epicazo
Asked:
epicazo
1 Solution
 
epicazoAuthor Commented:
CORRECTION...

LINKS
The following sites, domains, and OUs are linked to this GPO:
OuHighRisk   Enforced=Y,Link=Y
mpa.local        Enforced=Y,Link=Y
0
 
epicazoAuthor Commented:
I am using: SBS Small Business Server 2003
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Well, all users MUST be in the Default OU:  MyBusiness > Users  > SBSUsers (which you can see from the GPMC).

Instead of creating a new OU under SBSUsers, the SBS method would be to create a new OU under Security Groups, and then create a Security Group in that OU.  Add any user you want to that, and then have your new GPO linked to that Security Group.

You also need to make sure that you use the Add-User wizard when creating any new users.  If you want to create a new user that is automatically put into this higher security group, create a new User Template for that purpose.

Jeff
TechSoEasy
0
 
mickinoz2005Commented:
Also you could run a gpresult from a command prompt on the machine just to see if that policy is being applied to the user,

I assume all your settings are in the user section of the policy so you should see that policy being applied under user settings in the gpresult.

Michael
0
 
myfootsmellsCommented:
Are the GPO settings under Computer or User?  If it's under computer you have to apply the GPO to computers and not users and vice versa for users.

Also, you don't need to have enforced enabled.  Enforced just means if there are conflicting GPO entries it'll force the enforced one.

Oh yeah, make sure that the GPO policy is enforced to Domain Users or whatever security group these users are in.
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now