shankshank
asked on
microsoft, windows, 2003, active directory not processing
Running windows 2003 server.
I have an OU created, with a GP applied to it. It's computer configuration. I created a new GP and linked it to the same OU, but it has user configurations. Those are not applying, which I check by using rsop.msc. The security filtering is authenticated users on both.
any ideas?
I have an OU created, with a GP applied to it. It's computer configuration. I created a new GP and linked it to the same OU, but it has user configurations. Those are not applying, which I check by using rsop.msc. The security filtering is authenticated users on both.
any ideas?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Are there user objects contained in the OU that you've linked this GP to, or do your user oobjects reside elsewhere? If the latter, you'll need to enable loopback processing to allow User Configuration settings to apply when users from another container log onto machines in this OU: http://support.microsoft.com/kb/231287
is the policy is listed under "Applied Policy Objects" in the gpmc console?
ASKER
Sorry for the confusion.
The OU has the computers. But it is linked to that GP. So you are telling me even though I have a GP linked to an OU, and security filtering says authenticated users, it is NOT going to work? user objects are definitely elsewhere, but I thought because we applied authetnicated users it should apply?
so cleraly computer configuration works because the OU that has the GP applied to it has those computers in it?
The OU has the computers. But it is linked to that GP. So you are telling me even though I have a GP linked to an OU, and security filtering says authenticated users, it is NOT going to work? user objects are definitely elsewhere, but I thought because we applied authetnicated users it should apply?
so cleraly computer configuration works because the OU that has the GP applied to it has those computers in it?
ASKER
and if I do loopback, do i have to specify EACH user on the security filtering too? (that can be inconsistent...)
Loopback filtering and security filtering are unrelated, you can leave the default security filtering as-is.
As stated in the link from my previous comment, lookback processing is required in cases "when a computer object resides in a specific organizational unit, and the user settings of a policy should be applied based on the location of the computer object instead of the user object."
As stated in the link from my previous comment, lookback processing is required in cases "when a computer object resides in a specific organizational unit, and the user settings of a policy should be applied based on the location of the computer object instead of the user object."
ASKER
Okay great.
so one OU has my computers, another OU called users has my users.
GP applied to a certain comptuers group, and it worked. The users did not apply. So I enabled loopback and it applied the GP, great.
then what is security filtering?
so one OU has my computers, another OU called users has my users.
GP applied to a certain comptuers group, and it worked. The users did not apply. So I enabled loopback and it applied the GP, great.
then what is security filtering?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
2. none
3. I ran it and it doesn';t show it as applied...or denied.. under user config
but under comptuer config it shows denied, because of course its empty