Solved

windows 2003 GPO

Posted on 2010-09-09
12
345 Views
Last Modified: 2012-05-10
i have windows 2003  active directory
i trying to create a new policy for as group of users
created a OU
created a windows group, with the users
created ne gpo for the OU

the new policy is not taking affect
if i go to group policy manager and look at the OU, i see the new policy and the default domain polcy
which one takes precedence.

hou do i get the new one to take affect
0
Comment
Question by:dano992
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +4
12 Comments
 
LVL 5

Expert Comment

by:Swapnil Prajapati
ID: 33638449
You probably need to issue command gpupdate /force and then if asked need to log off the users or need to restart the system.
0
 
LVL 16

Expert Comment

by:uescomp
ID: 33638502
The policy will eventually update on its own but follow what swap 101982 said and reboot the pc.
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 33638537
I guess you configured the User configuration and not only the Computer configuration in the GPO?

From the GPMC, run a Group Policy Result and see if you spot something.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 33638805
How does the group come into play here?  Did you use security filtering so that the policy only applies to that group?   If you did log the user off and back on....that way their security token will be updated with the new group.
 
Thanks
Mike
0
 
LVL 70

Expert Comment

by:KCTS
ID: 33638815
By default policies are applied SITE->DOMAIN->OU and the one that gets applied last wins - so the OU policy will take presidence.

BTW - if its a password policy then you can only have ONE PER DOMAIN in Windows 2003 - the one at the DOMAIN, if you apply a password policy at the OU it will have NO EFFECT.
0
 

Author Comment

by:dano992
ID: 33639209
its a policy to disable local login to  a couple of users accounts
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33639222
you can also run an RSoP report in GPMC to help you troubleshoot.
0
 

Author Comment

by:dano992
ID: 33639309
how do i run rsop report?
0
 
LVL 5

Expert Comment

by:Swapnil Prajapati
ID: 33639334
0
 

Author Comment

by:dano992
ID: 33640266
i ran GPRESULT.EXE
and i can see that my new policy is under:

the following GPOs were not applied because they were filtered out
filtering: not applied (empty)

what now?
0
 

Author Comment

by:dano992
ID: 33642000
maybe i didi this wrong
can someone give the process to create a (GPO) policy for a group of users to not be able to remote desktop remote into a group of computers.

i have a OU with the users
also have a OU with the computers

if anyone has the steps , it would be awsome
0
 
LVL 2

Expert Comment

by:JSunn
ID: 33664548
In the policy object you've configured, you need to change the following under the computer config.

Drill down to this path:
Computer Configuration - Administrative Templates - Windows Components - Remote Desktop Services - Remote Desktop Session Host - Connections

Change this setting:
Set "Allow users to connect remotely using Remote Desktop Services" to DISABLED

Make sure your policy object containing this setting is applied to the OU your computers are in. Then perform a gpupdate on one of the computers. Next, To verify it worked, goto right click "My Computer" choose properties, then click on the "Remote" tab. "Don't allow connections to this computer" should be selected and the interface should be greyed out, so the users cannot change the setting. I highly recommend creating a test OU and policy object first, then putting a single computer in the OU before changing settings for the entire domain.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question