Policy not applying to XP clients

Posted on 2006-05-03
Medium Priority
Last Modified: 2010-04-19
I am trying to deploy a restrictive policy to users in an OU. Using the GPMC (SBS2003), I see that the results wizard shows the correct application of policy elements I have defined. But the policy is of no effect on the PC (XP Pro SP2) the designated user logs into - and we've tried multiple PCs. To test, I have only enabled the 'Disable and Hide desktop icons' setting - there are no computer settings involved. I have forced a gpupdate on the client that shows successful policy refresh, and confirmed correct primary DNS configuration. I have utilised GPO's successfully in the past, but I don't know where to go to from here. Help!
Question by:qtg
1 Comment
LVL 74

Accepted Solution

Jeffrey Kane - TechSoEasy earned 375 total points
ID: 16611075
Have you moved the users from the default OU of domain.local\MyBusiness\Users\SBSUsers ??

If so, that's your problem, you have to use the default OU's.  If you want to create a more restrictive policy, you need to use Security Groups.  You can create another OU within Security Groups for your restrictive group, add the users to the Security Group, and then delegate your GPO to that OU.

To ensure that any new users you want placed in the restrictive group are provided with the right permissions, you should create a new USER TEMPLATE.

Also, have if you did not add the workstation with the SBS method of http://<servername>/connectcomputer, then you will need to remove the computers from the network, change their names and rejoin properly in order for GP replication.  Follow this to fix:

The following needs to be done with the client machine:
1.  Log in with THAT machine's LOCAL administrator account.
2.  Unjoin the domain into a WORKGROUP
3.  Change the name of the computer
4.  Delete or rename the following directory C:\Program Files\Microsoft Windows Small Business Server\Clients
5.  Ensure that DHCP is enabled and there are  no manually configured network settings
6.  Reboot

Then on the server, from the Server Management Console:
1.  Remove the client computers if it still shows in the Client Computer screen on the Server Management Console
2.  Add the client with it's NEW name using the Add Computer wizard

Then, go back to the client machine and join the domain by opening Internet Explorer and navigating to http://servername/connectcomputer


Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question