Solved

Windows 2003 Group Policy Is Not Updating

Posted on 2011-03-18
3
406 Views
Last Modified: 2012-05-11
My DC is a  Windows 2003 R2 server.  The previous administrator setup very basic group policies for most users.  2 Days ago I went into a group policy assigned to every computer on the domain and configured SNMP and used the GPUdate /force command from the server to force the update.  I now have 1 Windows 7 user that now can not make any changes to any setting on their local PC when logging into the domain.  The user can not add/remove apps, add hardware, or even view his device manager.  He tried attaching an external USB hard drive and a window popped up saying he was a standard user and needed Admin rights to make the change.  I am stumped.  I have removed the group policies from all OU's in Group Policy Management then forced the update and still he cant make any changes to his local machine.   Where else could such a policy be in place?  I even went as far as to add the user to the  Domain Admins group and the Administrators group on the server and still his local pc is locked down.
0
Comment
Question by:mcrouch1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 8

Expert Comment

by:ActiveDirectoryman
ID: 35170071

I would run  resultant set of policy on the computer you are having trouble with in logging mode to see what policies are configured.

click start, run and then type rsop.msc.   This will help you troubleshoot group policy application issues.
0
 
LVL 33

Accepted Solution

by:
Todd Gerbert earned 500 total points
ID: 35170128
>> ...and used the GPUdate /force command from the server to force the update
gpupdate.exe is a client-application, you generally wouldn't run it on the server.

>> The user can not add/remove apps, add hardware, or even view his device manager.  He tried attaching an external USB hard drive and a window popped up saying he was a standard user and needed Admin rights to make the change

That seems to be about what I would expect - you do in fact need administrative rights to add/remove programs, install hardware drivers, etc.  Since Windows Vista introduced UAC, when you logon as a user who is in the Administrators group you still get standard user rights - only by right-clicking an icon and choosing "Run as Administrator" do you get the rights assigned to the Administrators group, and just for that one program (that's a bit of an over-simplification); but normally when you do something that requires administrative access, like uninstall an application, Windows would either ask you to provide the username & password of an administrator, or if you are an administrator will ask you to confirm the action.

So, it kinda sounds like one of the UAC settings might have gotten tweaked - ActiveDirectoryman is right, best place to start is seeing what group policies and settings are being applied to the affected system. I usually use rsop.msc, but you can also use gpresult to easily & quickly save the report to a file, which you can then post here.

On the problem Windows 7 system, run gpupdate /force and gpresult /h gpreport.htm, and then post the generated gpreport.htm file here.
0
 

Author Comment

by:mcrouch1
ID: 35173059
ok will do guys.  It will be Monday before I can get my hands on the PC.  Thanks
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question