Pushing Group Policy
I have been testing my GPO setup on test computers successfully for a while now. Started putting my IT departments computers/profiles on it and everything works fine. However when I try to add anyone outside of the IT department the GPO does not work.
I have even moved users from the IT department into the new GPO and it works fine, However, not for someone outside the department.
I am thinking it has something to do with the permission settings for other users in the office. Does anyone have more information?
For example: Log on script runs for Person A in IT department but not for Person B outside the department. I put Person A in the same GPO as Person B and it runs for Person A but then not for B.
I have even moved users from the IT department into the new GPO and it works fine, However, not for someone outside the department.
I am thinking it has something to do with the permission settings for other users in the office. Does anyone have more information?
For example: Log on script runs for Person A in IT department but not for Person B outside the department. I put Person A in the same GPO as Person B and it runs for Person A but then not for B.
ASKER
Yeah thats what i was thinking. The IT deparment is part of the Domain Admins and Administrators group Everyone else is in the Domain users group. I added it to the GPO as well as the folder where my scripts are located and yet they still do not run.
Even if you check "no overide" on a group policy, it will not be applied if in the security tab of the group policy object, the user has been specifically denied read access, or apply access to the policy in question, or if the user belongs to a group that has been specifically denied. check the security tab of the GPO in question and see if there are any explicit denies checked for users or groups, by default there should not be.
Also, how is the network setup exactly? Is person B in the same domain as person A? or are there different domains involved? How fast is user B connecting? There is a default domain policy configured called group policy slow link detection. If the user is connecting to the server with low bandwidth, many of the gpo's will simply be ignored.
Is everyone using the same DHCP Server? can you see the computer that user B uses recorded in the DNS console?
Also, how is the network setup exactly? Is person B in the same domain as person A? or are there different domains involved? How fast is user B connecting? There is a default domain policy configured called group policy slow link detection. If the user is connecting to the server with low bandwidth, many of the gpo's will simply be ignored.
Is everyone using the same DHCP Server? can you see the computer that user B uses recorded in the DNS console?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks a lot lruptos. Was a permissions command like we thought. It was one i overlooked
For instance is the IT department accounts, users belong to Domain Admins, Administrators? What groups to the "users" belong to? Just Domain or Authenticated Users?
To me it sounds like a permissions thing, not a GPO thing.