Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 633
  • Last Modified:

Windows 7 machines are not comply with my GPO

Hello
My all Win 7 clients are not comply with my GPO when joined to my domain,
what is the solution for this
Note: I have Active directory 2008
0
Seni
Asked:
Seni
  • 4
  • 3
  • 2
  • +1
6 Solutions
 
farazhkhanCommented:
Hi,

you do not need to change your update your Active Directoy (if it's at least 2000, when Group Policy came about) to take advantage of sweet new Group Policy features and settings. The exception is if the application that the setting is relevant to requires an AD upgrade, like BitLocker.

You may be redirecting to wrong DNS server would be causing all GPO to fail at Window7. Make sure that Windows 7 clients have correct DNS entries first pointing to your DC.

Regards,
Faraz H. KHan
0
 
senadCommented:
what server are you using ?
0
 
PeteJThomasCommented:
Are you saying that the GPOs are ALL failing to apply completely? Even the Default Domain Policy etc? Or is it just a particular policy that isn't working?

You said you're using 2008 and Windows7, so all new settings etc available for Win7 should be there and available...

If you can add some more detail that would be very helpful!

Pete
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
SeniAuthor Commented:
Hello,

some of the policy are failing, i.e wallpaper, Screen server timeout,

regards,
0
 
PeteJThomasCommented:
Ok, bit at a time - Are all the 'settings' that are failing, within a single GPO (policy object)?

Or are the settings in different actual policies?

To start, If you run "gpresult" from the search within the 'Start' menu on a Windows7 machine that has the problem, can you post the results back here so we can see if any particular policies are not applying for some reason?

Pete
0
 
SeniAuthor Commented:
Hello PeteJThomas
could you please post the full command line for that gpresult, cause i don't seems to get it right

Thanks,
0
 
PeteJThomasCommented:
Of course - I apologise, just looked on a Windows 7 machine and it appears the command has changed slightly.

To display the results, the command is "gpresult /R" - However, it may be best to run the command "gpresult /R >C:\Gpresult.txt"

This will just output the same results to a txt file which you can then just attach to your next post - It's probably a bit easier than copying and pasting the results!

Pete
0
 
SeniAuthor Commented:
Hi Pete please see the results below

Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 1/20/2010 at 8:55:13 AM



RSOP data for ZAIN\fulla.p on TZDAR_SYSTEM_AD : Logging Mode
-------------------------------------------------------------

OS Configuration:            Member Workstation
OS Version:                  6.1.7600
Site Name:                   Dar-HQ
Roaming Profile:             N/A
Local Profile:               C:\Users\fulla.p.ZAIN
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
    CN=TZDAR_SYSTEM_AD,OU=SCCM Computers_HQ,OU=SCCM Computers,DC=zain,DC=co,DC=tz
    Last time Group Policy was applied: 1/19/2010 at 7:12:22 PM
    Group Policy was applied from:      tzdarhq-dc2.zain.co.tz
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        ZAIN
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy
        SCCM Computers GPO
        Zain-Domain Wide Policy
        Local Group Policy

    The computer is a part of the following security groups
    -------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        SophosAdministrator
        SophosUser
        BUILTIN\Users
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        This Organization
        TZDAR_SYSTEM_AD$
        Domain Computers
        System Mandatory Level
       

USER SETTINGS
--------------
    CN=Patrick Fulla,OU=infomation technology,OU=User Groups,DC=zain,DC=co,DC=tz
    Last time Group Policy was applied: 1/20/2010 at 8:44:22 AM
    Group Policy was applied from:      tzdarhq-dc1.zain.co.tz
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        ZAIN
    Domain Type:                        Windows 2000
   
    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy
        User Groups GPO
        Zain-Domain Wide Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
        Domain Users
        Everyone
        SophosUser
        SophosAdministrator
        BUILTIN\Users
        BUILTIN\Administrators
        NT AUTHORITY\INTERACTIVE
        CONSOLE LOGON
        NT AUTHORITY\Authenticated Users
        This Organization
        LOCAL
        Marvalrep_Modify
        Internet Browsing
        CTX_LMS_USER
        IT Support Test
        LAN & WAN Admin
        CTX_WINF_USERS
        SMEX Admin Group
        BoardroomWirelessAcess
        Systems_Modify
        Domain Admins
        IT Staff
        CTX_LMS_ADM
        Asset Users
        Exchange Public Folder Administrators
        Exchange Organization Administrators
        Exchange View-Only Administrators
        Exchange Recipient Administrators
        Domain Masters
        Zain-Wireless Users access in Celtel
        IT Support Test
        CTX_LMS_ADM
        Systems_Modify
        CTX_WINF_USERS
        SMEX Admin Group
        fulla.p
        CTX_LMS_USER
        Internet Browsing
        Asset Users
        BoardroomWirelessAcess
        LAN & WAN Admin
        IT Staff
        CTX_Internet Explorer
        CTX_Remote Desktop
        CTX_Putty
        Zain-Allow-Domain-Admins local logon
        CTX_XSHELL
        CTX_MS Office
        CTX_ERP
        CTX_ERPTEST
        CTX_Billing
        New-AD2008-Zain-Admins
        Denied RODC Password Replication Group
        CTX_CuteFTP
        Celtel-Allow-Local Logon
        CTX_Toad
        CTX_VNC
        CTX_ADMINISTRATORS_FULL
        CTX_XMANAGER
        DHCP Administrators
        CTX_Adagium
        CTX_SSH
        CTX_MinSat
        SophosAdministrator
        CTX_Acrobat Reader
        Zain-Allow-Domain-Admins local logon
        New-AD2008-Zain-Admins
        DHCP Administrators
        High Mandatory Level
0
 
farazhkhanCommented:
Hi,

Well, I have noticed one thing that with gpresult the domain type is shown as Windows 2000, while you are saying that your domain is Windows 2008! so this could be problem now if you don't have any other domain controller with 2000/2003 installed the raise your domain functional level to Windows 2008, but before doing that check your domain functional level whether it is 2000or 2008?

First Check your domain functional level: http://www.petri.co.il/understanding-windows-server-2008-active-directory-domain-and-forest-functional-levels.htm

If it is not Windows 2008 then raise the functional level to Windows 2008: http://www.petri.co.il/raising-windows-server-2008-active-directory-domain-and-forest-functional-levels.htm

Now, once you ahve raised the functioanl level then check if GPO applies or not.

Regarsd,
Faraz H. Khan
0
 
SeniAuthor Commented:
Really help
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now