Solved

windows 2003 GPO

Posted on 2010-09-09
12
343 Views
Last Modified: 2012-05-10
i have windows 2003  active directory
i trying to create a new policy for as group of users
created a OU
created a windows group, with the users
created ne gpo for the OU

the new policy is not taking affect
if i go to group policy manager and look at the OU, i see the new policy and the default domain polcy
which one takes precedence.

hou do i get the new one to take affect
0
Comment
Question by:dano992
  • 4
  • 2
  • 2
  • +4
12 Comments
 
LVL 5

Expert Comment

by:Swapnil Prajapati
ID: 33638449
You probably need to issue command gpupdate /force and then if asked need to log off the users or need to restart the system.
0
 
LVL 16

Expert Comment

by:uescomp
ID: 33638502
The policy will eventually update on its own but follow what swap 101982 said and reboot the pc.
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 33638537
I guess you configured the User configuration and not only the Computer configuration in the GPO?

From the GPMC, run a Group Policy Result and see if you spot something.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 33638805
How does the group come into play here?  Did you use security filtering so that the policy only applies to that group?   If you did log the user off and back on....that way their security token will be updated with the new group.
 
Thanks
Mike
0
 
LVL 70

Expert Comment

by:KCTS
ID: 33638815
By default policies are applied SITE->DOMAIN->OU and the one that gets applied last wins - so the OU policy will take presidence.

BTW - if its a password policy then you can only have ONE PER DOMAIN in Windows 2003 - the one at the DOMAIN, if you apply a password policy at the OU it will have NO EFFECT.
0
 

Author Comment

by:dano992
ID: 33639209
its a policy to disable local login to  a couple of users accounts
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33639222
you can also run an RSoP report in GPMC to help you troubleshoot.
0
 

Author Comment

by:dano992
ID: 33639309
how do i run rsop report?
0
 
LVL 5

Expert Comment

by:Swapnil Prajapati
ID: 33639334
0
 

Author Comment

by:dano992
ID: 33640266
i ran GPRESULT.EXE
and i can see that my new policy is under:

the following GPOs were not applied because they were filtered out
filtering: not applied (empty)

what now?
0
 

Author Comment

by:dano992
ID: 33642000
maybe i didi this wrong
can someone give the process to create a (GPO) policy for a group of users to not be able to remote desktop remote into a group of computers.

i have a OU with the users
also have a OU with the computers

if anyone has the steps , it would be awsome
0
 
LVL 2

Expert Comment

by:JSunn
ID: 33664548
In the policy object you've configured, you need to change the following under the computer config.

Drill down to this path:
Computer Configuration - Administrative Templates - Windows Components - Remote Desktop Services - Remote Desktop Session Host - Connections

Change this setting:
Set "Allow users to connect remotely using Remote Desktop Services" to DISABLED

Make sure your policy object containing this setting is applied to the OU your computers are in. Then perform a gpupdate on one of the computers. Next, To verify it worked, goto right click "My Computer" choose properties, then click on the "Remote" tab. "Don't allow connections to this computer" should be selected and the interface should be greyed out, so the users cannot change the setting. I highly recommend creating a test OU and policy object first, then putting a single computer in the OU before changing settings for the entire domain.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question