Solved

Windows 2003 Group Policy Is Not Updating

Posted on 2011-03-18
3
402 Views
Last Modified: 2012-05-11
My DC is a  Windows 2003 R2 server.  The previous administrator setup very basic group policies for most users.  2 Days ago I went into a group policy assigned to every computer on the domain and configured SNMP and used the GPUdate /force command from the server to force the update.  I now have 1 Windows 7 user that now can not make any changes to any setting on their local PC when logging into the domain.  The user can not add/remove apps, add hardware, or even view his device manager.  He tried attaching an external USB hard drive and a window popped up saying he was a standard user and needed Admin rights to make the change.  I am stumped.  I have removed the group policies from all OU's in Group Policy Management then forced the update and still he cant make any changes to his local machine.   Where else could such a policy be in place?  I even went as far as to add the user to the  Domain Admins group and the Administrators group on the server and still his local pc is locked down.
0
Comment
Question by:mcrouch1
3 Comments
 
LVL 8

Expert Comment

by:ActiveDirectoryman
ID: 35170071

I would run  resultant set of policy on the computer you are having trouble with in logging mode to see what policies are configured.

click start, run and then type rsop.msc.   This will help you troubleshoot group policy application issues.
0
 
LVL 33

Accepted Solution

by:
Todd Gerbert earned 500 total points
ID: 35170128
>> ...and used the GPUdate /force command from the server to force the update
gpupdate.exe is a client-application, you generally wouldn't run it on the server.

>> The user can not add/remove apps, add hardware, or even view his device manager.  He tried attaching an external USB hard drive and a window popped up saying he was a standard user and needed Admin rights to make the change

That seems to be about what I would expect - you do in fact need administrative rights to add/remove programs, install hardware drivers, etc.  Since Windows Vista introduced UAC, when you logon as a user who is in the Administrators group you still get standard user rights - only by right-clicking an icon and choosing "Run as Administrator" do you get the rights assigned to the Administrators group, and just for that one program (that's a bit of an over-simplification); but normally when you do something that requires administrative access, like uninstall an application, Windows would either ask you to provide the username & password of an administrator, or if you are an administrator will ask you to confirm the action.

So, it kinda sounds like one of the UAC settings might have gotten tweaked - ActiveDirectoryman is right, best place to start is seeing what group policies and settings are being applied to the affected system. I usually use rsop.msc, but you can also use gpresult to easily & quickly save the report to a file, which you can then post here.

On the problem Windows 7 system, run gpupdate /force and gpresult /h gpreport.htm, and then post the generated gpreport.htm file here.
0
 

Author Comment

by:mcrouch1
ID: 35173059
ok will do guys.  It will be Monday before I can get my hands on the PC.  Thanks
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Instant VM Recovery 4 83
SolarWind and DNS Server 12 67
how can I practice with windows server os 2 57
Windows 2003 domain controller crashed BDC is 2008 server 4 61
The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A short film showing how OnPage and Connectwise integration works.
I designed this idea while studying technology in the classroom.  This is a semester long project.  Students are asked to take photographs on a specific topic which they find meaningful, it can be a place or situation such as travel or homelessness.…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now