GPO - User configuration settings not applying

GPO - User configuration settings not applying

I have a newly installed Windows 2003  server with a few client machines.
One of the client machines is a public access computer that also needs to be used by members of our staff. I am trying to apply GP settings via AD by using the User Configuration setting in the group policy editor. i.e. Log on as a public user - receive different gpo settings than another user.
Settings I am trying to apply are GUI lockdown, restrict access to system settings etc.

Non of the user settings are applying. I am using loopback processing but to no avail.

My AD structure is as follows -
2 user OU's. 1 for public users, 1 for staff
2 computer OU's - 1 public, 1 staff

I have other OU's that are applying settings just fine i.e the staff user and computer gpo's are ok.
I can't work it out.

Any help much appreciated !!
rookery-ITAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnGerhardtCommented:
Are the user settings disabled?
Right click at the top of the policy in question (on its name) and then choose properties..
There are check marks at the bottom... Is there any thing checked...?
0
rookery-ITAuthor Commented:
No settings are not disabled.
0
Brian PiercePhotographerCommented:
The user configuration will be applied on the basis of which OU the users actual account is in As the computer setting get applied first then the user the computer settings will apply if there is any conflict - unless you use LOOPBACK
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

rookery-ITAuthor Commented:
My OU structue is as follows:

Users_Staff_OU: 5 users
Users_Public_OU: 1 user
Computers_Staff: 5 PC's
Computers_Public: 1 PC

Within the Users_Public I have all the GPO settings defined in User Configuration - No Computer Configuration settings are applied except Loopback.


0
Brian PiercePhotographerCommented:
Where are you linking the policy, if you link it to an OU with computers in it, then the user settings will not be appllied (as there are no user accounts in that OU)
0
rookery-ITAuthor Commented:
Policy is linked to Users_Public which only contains one user, no computers. The computer is linked to Computers_Public
0
jjmartineziiiCommented:
maybe you can run a gpresult /R at command and show us the results?
0
Brian PiercePhotographerCommented:
In that case if the user who is in the Users_Public OU logs on then the policy should apply - bit it will not apply to anyone else.

Are you using the GPMC? If not download and install it now http://www.microsoft.com/downloads/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&displaylang=en it will greatly assist troubleshooting
0
IQCompCommented:
Is the policy applied to the OU?  Is the user(s) in the OU?  Is the Windows Firewall enabled?  I have run into problems with applying GPO's when the Windows Firewall is turned on.
0
frasercCommented:
Hi,

Silly but I have to ask is the policy enforced? If not try this as it will ensure conflicting policy settings are overidden. You should obviously check that it is 'enabled' as well.
If that fails try running gpupdate /force on the machines that are playing up, answer no to both questions and then reboot the machine.

Regards,

Fraser.
0
rookery-ITAuthor Commented:
Hi in answer to the posts above:

jjmartineziii - thats a good idea. Im away from that dept for a day or two but I will try that - thanks.

IQComp: - Ill try the firewall - its possible it might be enabled - thanks


fraserc: Yes the policy is enforced. Ive done gpupdate /force but its not picking up the GP settings- thanks


Will post back soon. Thank you all.
0
frasercCommented:
Hi,

Unless I'm mistaken there is no /R switch for gpresult.
I think you must have meant to use verbose...
gpresult /V
Or superverbose
gpresult /Z

F,
0
rookery-ITAuthor Commented:
Ok, Ive tried Gpresult and it gives me 'INFO: The policy object does not exist' -  any more ideas?

I also deleted all my GPO's and created a new one with which to test.
All thats in it is a logon script that pops up a message - still wont work.

I have several other domain controllers in the organisation and they are all fine - I simply cannot work out why it isnt distributing the gp's
0
rookery-ITAuthor Commented:
I have found the solution to problem - DNS

For a client to pick up GP, its DNS server address must be the DNS server on the LAN.
My Domain Controller (which is the DNS server too)  was giving out DNS server addresses outsid eof the LAN to my clients not its own IP address (its a Forward Lookup Zone).

As soon as I manually configured DNS on the client to point towards the Domain Controller/DNS Server, flushed the DNS and GPUPDATE /FORCE 'd it worked straight away.

Thank you all for your comments.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jjmartineziiiCommented:
Nice to know! Good you got it taken care of.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.