We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Group Policy on Windows 2008 R2 DC not working and report also saying it's a Windows 2000 domain?

Medium Priority
3,643 Views
Last Modified: 2012-05-11
I have been adding entries to the Group Policy Manager on our Windows 2008 R2 domain controller.  This is a single Domain Controller setup.  For some reason the Group Policies don't all seem to be working.  I am a little confused at to what has gone wrong.
Also, after reading a couple of entries on this website I ran "gpresult /R" on the domain controller and on Domain type it says Windows 2000 when I'm sure when I ran dcpromo when I first installed it I set it to Windows 2008 R2.

Output is as follows;

C:\Users\Administrator>gpresult /R

Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 19/04/2011 at 09:49:18


RSOP data for MYDOMAIN\Administrator on RS1 : Logging Mode
---------------------------------------------------------

OS Configuration:            Primary Domain Controller
OS Version:                  6.1.7601
Site Name:                   Default-First-Site-Name
Roaming Profile:             N/A
Local Profile:               C:\Users\Administrator
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
    CN=RS1,OU=Domain Controllers,DC=MYDOMAIN,DC=co,DC=uk
    Last time Group Policy was applied: 19/04/2011 at 09:47:22
    Group Policy was applied from:      RS1.MYDOMAIN.co.uk
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        MYDOMAIN
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        Default Domain Controllers Policy
        Password GPO
        Internet Explorer GPO
        Deploy Printers GPO
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The computer is a part of the following security groups
    -------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        BUILTIN\Users
        BUILTIN\Pre-Windows 2000 Compatible Access
        Windows Authorization Access Group
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        This Organization
        RS1$
        Domain Controllers
        NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
        Denied RODC Password Replication Group
        System Mandatory Level


USER SETTINGS
--------------
    CN=Administrator,CN=Users,DC=MYDOMAIN,DC=co,DC=uk
    Last time Group Policy was applied: 19/04/2011 at 08:55:04
    Group Policy was applied from:      RS1.MYDOMAIN.co.uk
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        MYDOMAIN
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        Internet Explorer GPO
        Deploy Printers GPO
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Password GPO
            Filtering:  Not Applied (Empty)

        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Administrators
        BUILTIN\Users
        BUILTIN\Pre-Windows 2000 Compatible Access
        REMOTE INTERACTIVE LOGON
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        This Organization
        LOCAL
        Group Policy Creator Owners
        Domain Admins
        Enterprise Admins
        Schema Admins
        Denied RODC Password Replication Group
        High Mandatory Level


So 2 questions I guess, how do I find out what the actual domain type is and if it isn't Windows 2008 R2 how to set it that high?  And secondly how to get my group policies working?

We have a network with a mix of Windows XP Pro, Windows 7 Pro (32 and 64bit) and 2 Windows Vista Business (both 32bit).
group-policy-manager.JPG
Comment
Watch Question

Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Hi Tasmant,
Do I just run the dcpromo wizard again and then go through and change the functional level?

Author

Commented:
I've also just noticed under "Applied Group Policy Objects" that not all of the GPO's I've made have been applied, is that because that heading only covers the server or are there GPO's I've made that have not been applied to the domain yet?

Author

Commented:
I take it from this snipped my domain is running in Windows Server 2008 R2 function level.

Oh and there will not be any others servers on our network which will be older than Windows 2008 R2 binary_1001010.
ActiveDirectoryDomainsAndTrusts-.jpg
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Ok I've just run that command on my work station and got the following;

C:\>gpresult /R

Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 20/04/2011 at 09:11:40


RSOP data for mydomain\stephen on PC6 : Logging Mode
---------------------------------------------------

OS Configuration:            Member Workstation
OS Version:                  6.1.7600
Site Name:                   N/A
Roaming Profile:             \\mydomain.co.uk\Storage\Profiles\stephen.V2
Local Profile:               C:\Users\stephen
Connected over a slow link?: No


USER SETTINGS
--------------
    CN=Stephen J. Bines,OU=Technical,OU=mydomainLtd,DC=mydomain,DC=co,DC=uk
    Last time Group Policy was applied: 20/04/2011 at 09:05:15
    Group Policy was applied from:      RS1.mydomain.co.uk
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        mydomain
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        My Documents folder redirect GPO
        Y Drive GPO
        Internet Explorer GPO
        Deploy Printers GPO
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Password GPO
            Filtering:  Not Applied (Empty)

        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Administrators
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        CONSOLE LOGON
        NT AUTHORITY\Authenticated Users
        This Organization
        LOCAL
        Clinicians
        Technical
        admin
        High Mandatory Level

C:\>

There are a couple of things that confuse me, 1.  Why it keeps mentioning Windows 2000 when I have checked and found that the DC is running at Windows 2008 R2 level and 2.  why so few of the GPO's are being applied.

I've taken another screen shot from the server with the Group Policy Manager and the Active Directory Users and Computers also open.  I've placed certain GPO's within certain active directory groups as I thought they would only apply to things in that group.

As you can see my PC (PC6) is in the "main office computers" group within the "computers" group and non of those GPOs are apparently being applied.

I expect I've done or am doing something really daft but can you see what it is?
GPM-and-ADUaC.jpg
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
ahhh..... That's a good point, hang on I will re-arrange the groups into USERS->Types of users and COMPUTERS->LOCATION OF COMPUTERS
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Hi Guys,
Ok I've had a fiddle with the layout and the GPO's and my workstation (PC6) isn't having the "User Account Logon Picture" being applied.  I've taken a big screen shot with a RDC to the server and the command prompt from my workstation and I can't see the group policy being applied.  I must be doing something really dumb could you guys double check for me please?
screenshot---rs1.JPG
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Commented:
sorry... I meant - can you see it in the screen above the user settings.

Author

Commented:
Ok guys I think I've got it now, been doing some reading and fiddling and it's all starting to work.  I think one of the problems was I getting my Computer and User settings mixed up.

Commented:

glad we could help...
good luck!!
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.