Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Windows 2003 Group Policy Is Not Updating

Posted on 2011-03-18
3
404 Views
Last Modified: 2012-05-11
My DC is a  Windows 2003 R2 server.  The previous administrator setup very basic group policies for most users.  2 Days ago I went into a group policy assigned to every computer on the domain and configured SNMP and used the GPUdate /force command from the server to force the update.  I now have 1 Windows 7 user that now can not make any changes to any setting on their local PC when logging into the domain.  The user can not add/remove apps, add hardware, or even view his device manager.  He tried attaching an external USB hard drive and a window popped up saying he was a standard user and needed Admin rights to make the change.  I am stumped.  I have removed the group policies from all OU's in Group Policy Management then forced the update and still he cant make any changes to his local machine.   Where else could such a policy be in place?  I even went as far as to add the user to the  Domain Admins group and the Administrators group on the server and still his local pc is locked down.
0
Comment
Question by:mcrouch1
3 Comments
 
LVL 8

Expert Comment

by:ActiveDirectoryman
ID: 35170071

I would run  resultant set of policy on the computer you are having trouble with in logging mode to see what policies are configured.

click start, run and then type rsop.msc.   This will help you troubleshoot group policy application issues.
0
 
LVL 33

Accepted Solution

by:
Todd Gerbert earned 500 total points
ID: 35170128
>> ...and used the GPUdate /force command from the server to force the update
gpupdate.exe is a client-application, you generally wouldn't run it on the server.

>> The user can not add/remove apps, add hardware, or even view his device manager.  He tried attaching an external USB hard drive and a window popped up saying he was a standard user and needed Admin rights to make the change

That seems to be about what I would expect - you do in fact need administrative rights to add/remove programs, install hardware drivers, etc.  Since Windows Vista introduced UAC, when you logon as a user who is in the Administrators group you still get standard user rights - only by right-clicking an icon and choosing "Run as Administrator" do you get the rights assigned to the Administrators group, and just for that one program (that's a bit of an over-simplification); but normally when you do something that requires administrative access, like uninstall an application, Windows would either ask you to provide the username & password of an administrator, or if you are an administrator will ask you to confirm the action.

So, it kinda sounds like one of the UAC settings might have gotten tweaked - ActiveDirectoryman is right, best place to start is seeing what group policies and settings are being applied to the affected system. I usually use rsop.msc, but you can also use gpresult to easily & quickly save the report to a file, which you can then post here.

On the problem Windows 7 system, run gpupdate /force and gpresult /h gpreport.htm, and then post the generated gpreport.htm file here.
0
 

Author Comment

by:mcrouch1
ID: 35173059
ok will do guys.  It will be Monday before I can get my hands on the PC.  Thanks
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question