Solved

windows 2003 GPO

Posted on 2010-09-09
12
342 Views
Last Modified: 2012-05-10
i have windows 2003  active directory
i trying to create a new policy for as group of users
created a OU
created a windows group, with the users
created ne gpo for the OU

the new policy is not taking affect
if i go to group policy manager and look at the OU, i see the new policy and the default domain polcy
which one takes precedence.

hou do i get the new one to take affect
0
Comment
Question by:dano992
  • 4
  • 2
  • 2
  • +4
12 Comments
 
LVL 5

Expert Comment

by:Swapnil Prajapati
ID: 33638449
You probably need to issue command gpupdate /force and then if asked need to log off the users or need to restart the system.
0
 
LVL 16

Expert Comment

by:uescomp
ID: 33638502
The policy will eventually update on its own but follow what swap 101982 said and reboot the pc.
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 33638537
I guess you configured the User configuration and not only the Computer configuration in the GPO?

From the GPMC, run a Group Policy Result and see if you spot something.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 33638805
How does the group come into play here?  Did you use security filtering so that the policy only applies to that group?   If you did log the user off and back on....that way their security token will be updated with the new group.
 
Thanks
Mike
0
 
LVL 70

Expert Comment

by:KCTS
ID: 33638815
By default policies are applied SITE->DOMAIN->OU and the one that gets applied last wins - so the OU policy will take presidence.

BTW - if its a password policy then you can only have ONE PER DOMAIN in Windows 2003 - the one at the DOMAIN, if you apply a password policy at the OU it will have NO EFFECT.
0
 

Author Comment

by:dano992
ID: 33639209
its a policy to disable local login to  a couple of users accounts
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 57

Expert Comment

by:Mike Kline
ID: 33639222
you can also run an RSoP report in GPMC to help you troubleshoot.
0
 

Author Comment

by:dano992
ID: 33639309
how do i run rsop report?
0
 
LVL 5

Expert Comment

by:Swapnil Prajapati
ID: 33639334
0
 

Author Comment

by:dano992
ID: 33640266
i ran GPRESULT.EXE
and i can see that my new policy is under:

the following GPOs were not applied because they were filtered out
filtering: not applied (empty)

what now?
0
 

Author Comment

by:dano992
ID: 33642000
maybe i didi this wrong
can someone give the process to create a (GPO) policy for a group of users to not be able to remote desktop remote into a group of computers.

i have a OU with the users
also have a OU with the computers

if anyone has the steps , it would be awsome
0
 
LVL 2

Expert Comment

by:JSunn
ID: 33664548
In the policy object you've configured, you need to change the following under the computer config.

Drill down to this path:
Computer Configuration - Administrative Templates - Windows Components - Remote Desktop Services - Remote Desktop Session Host - Connections

Change this setting:
Set "Allow users to connect remotely using Remote Desktop Services" to DISABLED

Make sure your policy object containing this setting is applied to the OU your computers are in. Then perform a gpupdate on one of the computers. Next, To verify it worked, goto right click "My Computer" choose properties, then click on the "Remote" tab. "Don't allow connections to this computer" should be selected and the interface should be greyed out, so the users cannot change the setting. I highly recommend creating a test OU and policy object first, then putting a single computer in the OU before changing settings for the entire domain.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now