How to apply group policy across segments????

Define "segments" for me.  Are you speaking of physical locations separated by a router, If so, do you have a Domain Controller or WINS server at each site?

As above not sure what you mean by segments, do you mean differant remote sites within your ad structure ie
London site replication works
New York site replication is tempremental
Los Angeles site it works

If this is the case check your event logs for errors replicating to New York.
I had a site years ago where someone had brutally removed a dc and not demoted it properly and the other dcs throughout the entire org were still trying to replicate to it and causing all sorts of replication issues.

Check out
replmon

what i mean by segments is that we have 3 schools all in the same location that are on different subnets, i.e. 192.168.2.xxx, 3.xxx, 5.xxx

we only have one DC for right now and it is on the 3.xxx subnet and we are having problems getting the group policies to go through on the different subnets, some is going through but not all.

Have you checked for DNS issues between the sites.
Check your event viewer for events similar to the following.

Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date:  1/19/2007
Time:  8:20:43 AM
User:  N/A
Computer: ServerB
Description:
The File Replication Service is having trouble enabling replication from  
ServerA to ServerB for drive:\winnt\sysvol\domain using the DNS name  
%servername%.domainname.suffix FRS will keep retrying.  
 Following are some of the reasons you would see this warning.  
 
 [1] FRS can not correctly resolve the DNS name your domain.com
from this computer.  
 [2] FRS is not running on %servername%.domainname.suffix.  
 [3] The topology information in the Active Directory for this replica has  
not yet replicated to all the Domain Controllers.  
 

i check all the logs are clean no errors or warnings for anything

i did notice that in the OU structure there are sub OU's below the OU's and at the top of the OU there is no group policy assigned but they are assigned on the sub OU's  see below for example

ok we an OU called college and under that OU we have two sub OU's called students and one called faculty.  the OU's for faculty and student have group policies assigned to them but for the main OU college, there is not a policy assigned.  there are only policies assigned to the sub OU's.

is this the right way to do it or is something wrong??

You can do it like that because Im guessing you have policies on college which you dont want replicating down over to students etc.

You can test things are working by creating a test OU above college or alongside it and add a policy to this and test that it works.
I'm assuming you have run
gpupdate /force
and checked via
gpresult /v (this just gives a lot more info, you can use the normal gpresult)

sometimes policies take a while to trickle down and often require the pcs to be rebooted.
But just try with a test OU and one of your problem polices and also a new test policy.

does the default domain policy have to be in every OU??  because it is not

it is in there as an inherited GPO link but if you were to right click on a OU and go to the group policy tab there is nothing showing up.  why??

The default policy does not have to be in every OU,
Block inheritance may be turned on, again though it does not have to be on every out.
Try turning off the built in xp firewall off on the xp/vista clients if its on.

turing the firewall off on the machines is in our group policy.  i have narrowed t down to computer policies.  the computer policies are not getting through to the computers.  the two things that are critical for us are the firewall being turned off and the restricted groups being applied.  these are the two main things in our group policies.

no matter what i do the computer policies are not getting through to everyone.   what am i doing wrong??

also i should have told you this before.  all the computers that are on the domain are still in the default computer container in active directory.  should i move them to a new OU and apply a computer policy that way???

if i do that what will that mess up if anything??

As per my previous comment.
Re a test.
You need to take the belts and braces approach.

Move a couple of pcs into the test OU
Move a test user to the test ou

Create a policy and enforce it on the test OU and see what happens.
You need to test policies on a test ou with no other policies and test users and PCs, this way you can try to identify where the problem lies because if the policies work on one ou they should work on all.

But create a mickey mouse ou that sets a certain wallpaper or disables the c drive basically something blatently obvious, dont use any existing policies until you identify that the test policy actually works on the test ou with a test user and pcs in the test ou.

If that works, then try ONE of your other policies and slowly but meticulously (ive spelt that wrong) take it from there

ok i did that.  i put some computers in the test OU and applied only computer policies to that OU and it worked.  so what i have right now is 2 test OU's one for users and one for computers and they both work.  so should i put all the computers in the test OU for computers now that i know it works??

awesome help

cheers

As Im sure your aware.
You need to get the powers that be at your place,
spend some pennies sooner rather than later in getting you a DC for each location,
when you promote them to DC's also make sure you make them a GC as well.
At the moment if your one dc goes down it will take all the sites down with it, at least with a DC/GC in each site they can at least work to a certain extent independently.

But glad you got it sorted.
Its a good feeling when something thats had you stumped finally works.

Roy