Group Policy Not Applying

I administer a Window Server 2003 as a domain running active directory.  Everything works well for about 3 years now because we have been running all the local computers as workgroups even though the server was setup as a domain.  We also run terminal services to access our company MRP.

I am going to switch all the computers to the domain which has the name of "company.local" .  I've setup a OU called CUSTSERV right under the domain in the ADUC mmc.  I've moved one person from "Users" to "CUSTSERV" OU, created and linked a group policy on the CUSTSERV OU named "CUSTSERV Policy".  Gpresults show this user has the CUSTSERV policy applied along with the default domain policy.

Unfortunately, the CUSTSERV Policy does not apply when she logs into the domain from her computer.  I've only set a couple of policies on the CUSTSERV Policy and none of them apply.  Her computer is running XP SP2.  I know she's authenticating through the domain because she doesn't have a local account on the machine.

What am I doing wrong here?  
psychopenguinAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
PlaceboC6Connect With a Mentor Commented:
Make sure all the clients are pointed to the DC for DNS only.

Try disabling firewall on client if it isn't already.
0
 
PlaceboC6Commented:
Also keep in mind that the GPO has two sections:

User and Computer

if you set up User settings,  the GPO must be linked to where the user account is in AD
If you set up Computer settings, the GPO must be linked to where the computer account is in AD

So you could create an OU,  and then a users and computers child OU under that.  Then link the GPO at the top level OU you created.
0
 
ametzlerCommented:
It could also depend on what you're trying to do. For instance if you're trying to set up a password policy at an OU Level but already have one at the domain level that won't work. You can only have one password policy per domain.
0
 
psychopenguinAuthor Commented:
Wow.  Days and weeks were wasted over such a simple solution.  It makes complete sense.  However, when all DNS queries are resolved for everything else, I wouldn't have thought it would be the answer to this.  Thank you.
0
 
PlaceboC6Commented:
You're welcome.

The DNS server on your DC has the ability to resolve internet address as long as you don't have a firewall blocking port 53.  

Your clients depend on the SRV records located in AD/DNS to locate a DC to then apply group policy.
So I recommend you never use a third party DNS in your server/client configuration.  

You can pull up properties on the DNS server in the DNS console on the DC and then configure the forwarders tab to point to ISP with no issue.
0
All Courses

From novice to tech pro — start learning today.