Pushing Group Policy

I have been testing my GPO setup on test computers successfully for a while now.  Started putting my IT departments computers/profiles on it and everything works fine.  However when I try to add anyone outside of the IT department the GPO does not work.

I have even moved users from the IT department into the new GPO and it works fine, However, not for someone outside the department.

I am thinking it has something to do with the permission settings for other users in the office.  Does anyone have more information?

For example: Log on script runs for Person A in IT department but not for Person B outside the department.  I put Person A in the same GPO as Person B and it runs for Person A but then not for B.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

It sounds like a premissions problem with the user account or the resource. What groups are the accounts associated with?

For instance is the IT department accounts, users belong to Domain Admins, Administrators? What groups to the "users" belong to? Just Domain or Authenticated Users?

To me it sounds like a permissions thing, not a GPO thing.

pyv4xAuthor Commented:
Yeah thats what i was thinking.  The IT deparment is part of the Domain Admins and Administrators group   Everyone else is in the Domain users group.  I added it to the GPO as well as the folder where my scripts are located and yet they still do not run.
Even if you check "no overide" on a group policy, it will not be applied if in the security tab of the group policy object, the user has been specifically denied read access, or apply access to the policy in question, or if the user belongs to a group that has been specifically denied. check the security tab of the GPO in question and see if there are any explicit denies checked for users or groups, by default there should not be.

Also, how is the network setup exactly? Is person B in the same domain as person A? or are there different domains involved? How fast is user B connecting? There is a default domain policy configured called group policy slow link detection. If the user is connecting to the server with low bandwidth, many of the gpo's will simply be ignored.

Is everyone using the same DHCP Server? can you see the computer that user B uses recorded in the DNS console?
Did you also try issuing the GPRESULT command on the client PC? Soemtimes that gives you an idea or where it may be getting hung up as well.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pyv4xAuthor Commented:
Thanks a lot lruptos.  Was a permissions command like we thought.  It was one i overlooked
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.