Policy not applying to XP clients

Posted on 2006-05-03
Last Modified: 2010-04-19
I am trying to deploy a restrictive policy to users in an OU. Using the GPMC (SBS2003), I see that the results wizard shows the correct application of policy elements I have defined. But the policy is of no effect on the PC (XP Pro SP2) the designated user logs into - and we've tried multiple PCs. To test, I have only enabled the 'Disable and Hide desktop icons' setting - there are no computer settings involved. I have forced a gpupdate on the client that shows successful policy refresh, and confirmed correct primary DNS configuration. I have utilised GPO's successfully in the past, but I don't know where to go to from here. Help!
Question by:qtg
    1 Comment
    LVL 74

    Accepted Solution

    Have you moved the users from the default OU of domain.local\MyBusiness\Users\SBSUsers ??

    If so, that's your problem, you have to use the default OU's.  If you want to create a more restrictive policy, you need to use Security Groups.  You can create another OU within Security Groups for your restrictive group, add the users to the Security Group, and then delegate your GPO to that OU.

    To ensure that any new users you want placed in the restrictive group are provided with the right permissions, you should create a new USER TEMPLATE.

    Also, have if you did not add the workstation with the SBS method of http://<servername>/connectcomputer, then you will need to remove the computers from the network, change their names and rejoin properly in order for GP replication.  Follow this to fix:

    The following needs to be done with the client machine:
    1.  Log in with THAT machine's LOCAL administrator account.
    2.  Unjoin the domain into a WORKGROUP
    3.  Change the name of the computer
    4.  Delete or rename the following directory C:\Program Files\Microsoft Windows Small Business Server\Clients
    5.  Ensure that DHCP is enabled and there are  no manually configured network settings
    6.  Reboot

    Then on the server, from the Server Management Console:
    1.  Remove the client computers if it still shows in the Client Computer screen on the Server Management Console
    2.  Add the client with it's NEW name using the Add Computer wizard

    Then, go back to the client machine and join the domain by opening Internet Explorer and navigating to http://servername/connectcomputer


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
    You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now