Link to home
Start Free TrialLog in
Avatar of davidmsolo
davidmsoloFlag for United Kingdom of Great Britain and Northern Ireland

asked on

group policy settings applying when not configured

I've recently taken on a job managing an windows 2003 active directory environment and I've encountered something I think is a bit odd.  When I log on as the domain administrator account it appears to be massively locked down in that the desktop and taskbar is locked and only Programs and Log Off appears in the start menu.  This occurs when I create any new account and I can only disable the restrictions if I create a group policy in an OU and disable these settings.  But I don't understand where these restrictions are coming from because these settings are not configured in the domain policy.  So I can't do much for the administrator account because this is in the Users container which is not an OU.  Am I mssing something obvious here?  Is this normal behaviour?  When I use RSoP and GPMC all these settings are not configured.  I've even created a new OU, blocked inheritance, created a computer account and a user account and still the restrictions apply!
ASKER CERTIFIED SOLUTION
Avatar of CasUK
CasUK
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of davidmsolo
davidmsolo
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

This didn't resolve the problem unfortunately.  I tried creating a new local user on a PC and when I logged in with that account everything was fine (i.e. all the icons on the start menu were there) and presumably any new local user accounts will use the default profile.  I then tried copying this local user profile into the default user, deleted the domain account profile I was using to test then logged in as this account.  It does not have a roaming profile so it should use the default user profile but everything was locked down as before.  I also tried previously setting up a PC from scratch rather than using our images and still it appears locked down.
Avatar of davidmsolo
davidmsolo
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

You were right about the default user account being locked down.  But I've just discovered that you can set up a default user profile in the netlogon folder on the domain controller so every time a new user logs on they use this profile rather than the default user profile on the local machine.  I did not know you could do this!