?
Solved

windows 2003 GPO

Posted on 2010-09-09
12
Medium Priority
?
348 Views
Last Modified: 2012-05-10
i have windows 2003  active directory
i trying to create a new policy for as group of users
created a OU
created a windows group, with the users
created ne gpo for the OU

the new policy is not taking affect
if i go to group policy manager and look at the OU, i see the new policy and the default domain polcy
which one takes precedence.

hou do i get the new one to take affect
0
Comment
Question by:dano992
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +4
12 Comments
 
LVL 5

Expert Comment

by:Swapnil Prajapati
ID: 33638449
You probably need to issue command gpupdate /force and then if asked need to log off the users or need to restart the system.
0
 
LVL 16

Expert Comment

by:uescomp
ID: 33638502
The policy will eventually update on its own but follow what swap 101982 said and reboot the pc.
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 33638537
I guess you configured the User configuration and not only the Computer configuration in the GPO?

From the GPMC, run a Group Policy Result and see if you spot something.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 33638805
How does the group come into play here?  Did you use security filtering so that the policy only applies to that group?   If you did log the user off and back on....that way their security token will be updated with the new group.
 
Thanks
Mike
0
 
LVL 70

Expert Comment

by:KCTS
ID: 33638815
By default policies are applied SITE->DOMAIN->OU and the one that gets applied last wins - so the OU policy will take presidence.

BTW - if its a password policy then you can only have ONE PER DOMAIN in Windows 2003 - the one at the DOMAIN, if you apply a password policy at the OU it will have NO EFFECT.
0
 

Author Comment

by:dano992
ID: 33639209
its a policy to disable local login to  a couple of users accounts
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33639222
you can also run an RSoP report in GPMC to help you troubleshoot.
0
 

Author Comment

by:dano992
ID: 33639309
how do i run rsop report?
0
 
LVL 5

Expert Comment

by:Swapnil Prajapati
ID: 33639334
0
 

Author Comment

by:dano992
ID: 33640266
i ran GPRESULT.EXE
and i can see that my new policy is under:

the following GPOs were not applied because they were filtered out
filtering: not applied (empty)

what now?
0
 

Author Comment

by:dano992
ID: 33642000
maybe i didi this wrong
can someone give the process to create a (GPO) policy for a group of users to not be able to remote desktop remote into a group of computers.

i have a OU with the users
also have a OU with the computers

if anyone has the steps , it would be awsome
0
 
LVL 2

Expert Comment

by:JSunn
ID: 33664548
In the policy object you've configured, you need to change the following under the computer config.

Drill down to this path:
Computer Configuration - Administrative Templates - Windows Components - Remote Desktop Services - Remote Desktop Session Host - Connections

Change this setting:
Set "Allow users to connect remotely using Remote Desktop Services" to DISABLED

Make sure your policy object containing this setting is applied to the OU your computers are in. Then perform a gpupdate on one of the computers. Next, To verify it worked, goto right click "My Computer" choose properties, then click on the "Remote" tab. "Don't allow connections to this computer" should be selected and the interface should be greyed out, so the users cannot change the setting. I highly recommend creating a test OU and policy object first, then putting a single computer in the OU before changing settings for the entire domain.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question