Solved

GPO problem

Posted on 2007-11-27
8
299 Views
Last Modified: 2010-03-17
In my active directory, I have setup an OU called Information Systems
Under Information System, I have an OU called Terminal Servers

I put one of my terminal servers in teh Terminal Servers OU and setup a group policy for that OU to "Hide these specified drives in My Computer"  
 -   User Configuration, Administrative Templates, Windows Explorer

When I log on to the terminal server in the Terminal Servers OU, the drives are not hidden.
If I move the Terminal Servers OU directly under the domain and login, the drives are hidden.

Any ideas why I can't leave the OU as shown below
OurDomain.com
          Information System
                      Terminal Servers

To make the GPO work, I currently have the OUs set like this..

OurDomain.com
          Terminal Servers


0
Comment
Question by:Die-Tech
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 500 total points
ID: 20361067
It sounds like it's probably some kind of inheritance issue with other group policies connected to the Information System OU.  The easiest way to figure out what's going on would be to put the Terminal Servers OU back in the Information Systems OU, then open the GPMC and look at the settings for the TS OU - i.e., from the Settings tab in GPMC rather than by opening the group policy console as though you were going to edit the policy.  This will tell you what setting is being applied and where it's coming from.
0
 
LVL 12

Expert Comment

by:bhnmi
ID: 20361140
Did you link the GPO to that OU? You can also create another GPO and place it in side the OU.
0
 
LVL 12

Expert Comment

by:bhnmi
ID: 20361143
Also might have to use loopback processing.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 12

Expert Comment

by:bhnmi
ID: 20361164
Sorry about the multiple posts, ideas keep comming in. I have spent alot of time with issues like this. We have a kind of complex TS enviorment here. The GPO management tools are a god send. Use the report tool to see what Policys are applied and which one are not. It will also tell you why.
0
 
LVL 1

Expert Comment

by:dblangfo
ID: 20361653
Keep in mind that Group Policy objects are processed according to the following order:

The local Group Policy object (LPGO) is applied.
GPOs linked to sites.
GPOs linked to domains
GPOs linked to organizational units. In the case of nested organizational units, GPOs associated with parent organizational units are processed prior to GPOs associated with child organizational units.

GPO links to a specific site, domain, or organizational unit are applied in reverse sequence based on link order. For example, a GPO with Link Order 1 has highest precedence over other GPOs linked to that container.

In general, the last policy to be applied wins if different GPOs attempt to apply conflicting values.

Using the Group Policy Management console, review the list of GPOs that are applied to each OU, paying close attention to any differences in the "Information System" and "Terminal Servers" OUs.  I would look for any GPOs linked to the "Information System" OU that are set as "enforced", meaning they cannot be overrode by a later GPO.

0
 
LVL 4

Author Comment

by:Die-Tech
ID: 20368416
Thanks everyone who posted...
I have to give the points to hypercat... he answered first.

After I moved the Terminal Servers OU back under the Information Systems OU, the policy started working... I'm guessing it was the inheritance issue hypercat mentioned... Moving the OU out and back fixed it.

BTW... I love the GPMC... thanks again hypercat for that suggestion.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 20368470
Thanks for the points, and you're welcome - I love it too.  They should've had it back when they first designed GPOs as an upgrade from the old NT group policy way...bit I guess better late than never. And, just a friendly reminder - there are those of us out here (me) who are she's, not he's, regardless of the gender-free online naming.
0
 
LVL 4

Author Comment

by:Die-Tech
ID: 20368501
Sorry for showing my inner caveman.... :)
It's nice to see she's who know what they're talking about !!
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question