Solved

Login banner not working

Posted on 2011-03-03
20
477 Views
Last Modified: 2012-08-13
I cannot get the logon banner to appear when users log into the network (Windws 2003 Server Active Directory).  I've defined the Interactive login message texts and title for the default domain policy in Group Policy Management.  I then ran GPUPDATE.  However, the banner still will not appear on any workstations when the user logs in.  Am I missing something?  Thanks!
0
Comment
Question by:markrkelley123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 9
20 Comments
 
LVL 3

Expert Comment

by:lloydclinton
ID: 35032846
Whats OS?  Did you do gpupdate/force on the client machine?  Default update time for GP is 90 minutes..
0
 

Author Comment

by:markrkelley123
ID: 35032957
I appreciate the quick response.  Yes, I applied the /FORCE switch.  And this was about 5 hours ago.
0
 

Author Comment

by:markrkelley123
ID: 35032969
Regarding what OS, all the client machines are either Windows 7 Professional or XP Professional.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 3

Expert Comment

by:lloydclinton
ID: 35032970
Windows XP?  Have you checked your event viewer to make sure there hasn't been any problems with your active directory updating?
0
 

Author Comment

by:markrkelley123
ID: 35033096
Nothing in the Event Viewer that relates to this.
0
 
LVL 3

Expert Comment

by:lloydclinton
ID: 35033105
You did it like this?:

Open the GPO… expand ‘Windows Settings’, ‘Security Settings’, ‘Local Policies’, ‘Security Options’.

“Interactive Logon: Message title for users attempting to log on”.
(Place your message into this policy.)

“Interactive Logon: Message text for users attempting to log on”
(use something like “System Use Notice” for the title of the message box .)
0
 

Author Comment

by:markrkelley123
ID: 35033133
Exactly like that!
0
 

Author Comment

by:markrkelley123
ID: 35033148
In fact, when it generates the report under Settings for the Default Domain Policy my banner text and title are listed there.
0
 
LVL 3

Expert Comment

by:lloydclinton
ID: 35033163
Are other settings in your default policy working properly?
0
 
LVL 3

Expert Comment

by:lloydclinton
ID: 35033171
Also, do you have a PC that you can remove from the domain, delete the computer account from AD and rejoin it?
0
 

Author Comment

by:markrkelley123
ID: 35033246
As far as I can tell, all the other settings are working properly, although this is pretty much a vanilla setup and nothing too sophisticated exists (i.e. password lengths, etc.)  If this was the case, what would cause the GP to not work?

I was working on a separate problem earlier where I had to remove/add a PC from AD.  The banner never appeared as well.
0
 
LVL 3

Expert Comment

by:lloydclinton
ID: 35033257
How many dcs are in your domain?  are they all 2k3?  Does 1 dc hold all roles?
0
 

Author Comment

by:markrkelley123
ID: 35033323
Only one DC and it's 2k3.  And yes, the PDC holds all the roles except for DHCP.

BTW, when you right-click on a policy (there are three: Administrator GPO, Default Domain Policy, and Non Administrator) what does "Enforced" mean/does?
0
 
LVL 3

Expert Comment

by:lloydclinton
ID: 35033355
When it is enforced it can not be over ruled by other policy.
0
 
LVL 3

Expert Comment

by:lloydclinton
ID: 35033361
Can you set another policy such as the default screensaver and then make it so the users can't change it... force it and see if it takes... if it doesn't there may possibly be a problem with AD... do you have the means to install a 2nd DC?  Also are there *any* errors in the event viewer?
0
 

Author Comment

by:markrkelley123
ID: 35070950
Hi lloydclinton,

Just returned from traveling.  Will try your suggestions today.  Thanks!
0
 

Author Comment

by:markrkelley123
ID: 35071777
The latest:  Any other policy changes that I make to the Default Domain Policy do NOT take affect (i.e. Do not require CTL-ALT-DELETE, screensavers, etc.).

However, they DO take affect at the Domain Controller (fileserver) when I log in as a user or administrator.

There are NO errors reported in the Event Viewer.

Furthermore, I ran regedit and the Interactive Login text and title DO appear in:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\system

I'm pretty stumped at this point....
0
 

Accepted Solution

by:
markrkelley123 earned 0 total points
ID: 35183853
To fix this problem, I ended up deleting all the existing policies (with the exception of the Default Domain Policy) and recreated them from scratch.  That seemed to work.
0
 
LVL 3

Expert Comment

by:lloydclinton
ID: 35184009
I am glad you found a solution to the problem.
0
 

Author Closing Comment

by:markrkelley123
ID: 35221263
Didn't really find answer to question.  Just had to start over.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question