Solved

windows 2003 GPO

Posted on 2010-09-09
12
344 Views
Last Modified: 2012-05-10
i have windows 2003  active directory
i trying to create a new policy for as group of users
created a OU
created a windows group, with the users
created ne gpo for the OU

the new policy is not taking affect
if i go to group policy manager and look at the OU, i see the new policy and the default domain polcy
which one takes precedence.

hou do i get the new one to take affect
0
Comment
Question by:dano992
  • 4
  • 2
  • 2
  • +4
12 Comments
 
LVL 5

Expert Comment

by:Swapnil Prajapati
ID: 33638449
You probably need to issue command gpupdate /force and then if asked need to log off the users or need to restart the system.
0
 
LVL 16

Expert Comment

by:uescomp
ID: 33638502
The policy will eventually update on its own but follow what swap 101982 said and reboot the pc.
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 33638537
I guess you configured the User configuration and not only the Computer configuration in the GPO?

From the GPMC, run a Group Policy Result and see if you spot something.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 33638805
How does the group come into play here?  Did you use security filtering so that the policy only applies to that group?   If you did log the user off and back on....that way their security token will be updated with the new group.
 
Thanks
Mike
0
 
LVL 70

Expert Comment

by:KCTS
ID: 33638815
By default policies are applied SITE->DOMAIN->OU and the one that gets applied last wins - so the OU policy will take presidence.

BTW - if its a password policy then you can only have ONE PER DOMAIN in Windows 2003 - the one at the DOMAIN, if you apply a password policy at the OU it will have NO EFFECT.
0
 

Author Comment

by:dano992
ID: 33639209
its a policy to disable local login to  a couple of users accounts
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33639222
you can also run an RSoP report in GPMC to help you troubleshoot.
0
 

Author Comment

by:dano992
ID: 33639309
how do i run rsop report?
0
 
LVL 5

Expert Comment

by:Swapnil Prajapati
ID: 33639334
0
 

Author Comment

by:dano992
ID: 33640266
i ran GPRESULT.EXE
and i can see that my new policy is under:

the following GPOs were not applied because they were filtered out
filtering: not applied (empty)

what now?
0
 

Author Comment

by:dano992
ID: 33642000
maybe i didi this wrong
can someone give the process to create a (GPO) policy for a group of users to not be able to remote desktop remote into a group of computers.

i have a OU with the users
also have a OU with the computers

if anyone has the steps , it would be awsome
0
 
LVL 2

Expert Comment

by:JSunn
ID: 33664548
In the policy object you've configured, you need to change the following under the computer config.

Drill down to this path:
Computer Configuration - Administrative Templates - Windows Components - Remote Desktop Services - Remote Desktop Session Host - Connections

Change this setting:
Set "Allow users to connect remotely using Remote Desktop Services" to DISABLED

Make sure your policy object containing this setting is applied to the OU your computers are in. Then perform a gpupdate on one of the computers. Next, To verify it worked, goto right click "My Computer" choose properties, then click on the "Remote" tab. "Don't allow connections to this computer" should be selected and the interface should be greyed out, so the users cannot change the setting. I highly recommend creating a test OU and policy object first, then putting a single computer in the OU before changing settings for the entire domain.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Having difficulty adding an additional domain controller 11 36
Active Directory UPN Suffix Question 5 39
DC - depromo and repromo - impact 7 21
Domian name change 12 23
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
In-place Upgrading Dirsync to Azure AD Connect
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question