Solved

Windows 2003 Group Policy Is Not Updating

Posted on 2011-03-18
3
405 Views
Last Modified: 2012-05-11
My DC is a  Windows 2003 R2 server.  The previous administrator setup very basic group policies for most users.  2 Days ago I went into a group policy assigned to every computer on the domain and configured SNMP and used the GPUdate /force command from the server to force the update.  I now have 1 Windows 7 user that now can not make any changes to any setting on their local PC when logging into the domain.  The user can not add/remove apps, add hardware, or even view his device manager.  He tried attaching an external USB hard drive and a window popped up saying he was a standard user and needed Admin rights to make the change.  I am stumped.  I have removed the group policies from all OU's in Group Policy Management then forced the update and still he cant make any changes to his local machine.   Where else could such a policy be in place?  I even went as far as to add the user to the  Domain Admins group and the Administrators group on the server and still his local pc is locked down.
0
Comment
Question by:mcrouch1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 8

Expert Comment

by:ActiveDirectoryman
ID: 35170071

I would run  resultant set of policy on the computer you are having trouble with in logging mode to see what policies are configured.

click start, run and then type rsop.msc.   This will help you troubleshoot group policy application issues.
0
 
LVL 33

Accepted Solution

by:
Todd Gerbert earned 500 total points
ID: 35170128
>> ...and used the GPUdate /force command from the server to force the update
gpupdate.exe is a client-application, you generally wouldn't run it on the server.

>> The user can not add/remove apps, add hardware, or even view his device manager.  He tried attaching an external USB hard drive and a window popped up saying he was a standard user and needed Admin rights to make the change

That seems to be about what I would expect - you do in fact need administrative rights to add/remove programs, install hardware drivers, etc.  Since Windows Vista introduced UAC, when you logon as a user who is in the Administrators group you still get standard user rights - only by right-clicking an icon and choosing "Run as Administrator" do you get the rights assigned to the Administrators group, and just for that one program (that's a bit of an over-simplification); but normally when you do something that requires administrative access, like uninstall an application, Windows would either ask you to provide the username & password of an administrator, or if you are an administrator will ask you to confirm the action.

So, it kinda sounds like one of the UAC settings might have gotten tweaked - ActiveDirectoryman is right, best place to start is seeing what group policies and settings are being applied to the affected system. I usually use rsop.msc, but you can also use gpresult to easily & quickly save the report to a file, which you can then post here.

On the problem Windows 7 system, run gpupdate /force and gpresult /h gpreport.htm, and then post the generated gpreport.htm file here.
0
 

Author Comment

by:mcrouch1
ID: 35173059
ok will do guys.  It will be Monday before I can get my hands on the PC.  Thanks
0

Featured Post

Backup Solution for AWS

Read about how CloudBerry Backup fully integrates your backups with Amazon S3 and Amazon Glacier to provide military-grade encryption and dramatically cut storage costs on any platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Moving SQl Server SBS 2003 to SQL Server 2014 27 146
idle mapped drive 10 69
What is this Task? 4 152
Determine what users accessed a directory or file in that directory? 4 85
by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question