?
Solved

Windows 2003 Group Policy Is Not Updating

Posted on 2011-03-18
3
Medium Priority
?
409 Views
Last Modified: 2012-05-11
My DC is a  Windows 2003 R2 server.  The previous administrator setup very basic group policies for most users.  2 Days ago I went into a group policy assigned to every computer on the domain and configured SNMP and used the GPUdate /force command from the server to force the update.  I now have 1 Windows 7 user that now can not make any changes to any setting on their local PC when logging into the domain.  The user can not add/remove apps, add hardware, or even view his device manager.  He tried attaching an external USB hard drive and a window popped up saying he was a standard user and needed Admin rights to make the change.  I am stumped.  I have removed the group policies from all OU's in Group Policy Management then forced the update and still he cant make any changes to his local machine.   Where else could such a policy be in place?  I even went as far as to add the user to the  Domain Admins group and the Administrators group on the server and still his local pc is locked down.
0
Comment
Question by:mcrouch1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 8

Expert Comment

by:ActiveDirectoryman
ID: 35170071

I would run  resultant set of policy on the computer you are having trouble with in logging mode to see what policies are configured.

click start, run and then type rsop.msc.   This will help you troubleshoot group policy application issues.
0
 
LVL 33

Accepted Solution

by:
Todd Gerbert earned 2000 total points
ID: 35170128
>> ...and used the GPUdate /force command from the server to force the update
gpupdate.exe is a client-application, you generally wouldn't run it on the server.

>> The user can not add/remove apps, add hardware, or even view his device manager.  He tried attaching an external USB hard drive and a window popped up saying he was a standard user and needed Admin rights to make the change

That seems to be about what I would expect - you do in fact need administrative rights to add/remove programs, install hardware drivers, etc.  Since Windows Vista introduced UAC, when you logon as a user who is in the Administrators group you still get standard user rights - only by right-clicking an icon and choosing "Run as Administrator" do you get the rights assigned to the Administrators group, and just for that one program (that's a bit of an over-simplification); but normally when you do something that requires administrative access, like uninstall an application, Windows would either ask you to provide the username & password of an administrator, or if you are an administrator will ask you to confirm the action.

So, it kinda sounds like one of the UAC settings might have gotten tweaked - ActiveDirectoryman is right, best place to start is seeing what group policies and settings are being applied to the affected system. I usually use rsop.msc, but you can also use gpresult to easily & quickly save the report to a file, which you can then post here.

On the problem Windows 7 system, run gpupdate /force and gpresult /h gpreport.htm, and then post the generated gpreport.htm file here.
0
 

Author Comment

by:mcrouch1
ID: 35173059
ok will do guys.  It will be Monday before I can get my hands on the PC.  Thanks
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question