• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 377
  • Last Modified:

Group Policy or Something Else?

Hello everyone,

I have been scratching my head on this one for a few days now. I have a group of users in an OU in Active Directory. They have many icons on their desktop that shouldn't be there. As part of the policy (they are Middle School Students) they aren't allowed to right click on the desktop, modify the desktop, printers etc etc within a few GPO's that are assigned to that OU. I have no clue why these icons (some are other user's documents) are there. Once I pull the user out of the OU and into the default users container AD has by default, I can modify and delete the desktop as I should. I can restart and the icons do not reappear. But as soon as I move any user into that OU in question. The icons appear again.

I have looked through the GPO settings to show what each GPO (there are three two in the root and one inherited) has for settings and I do not see anything that would create this behavior.

So now to my question,

Is there anything other than a GPO that could do this? Keep in mind that the user is not using a roaming profile and when moved out of the OU's the icons still appear until they are deleted. Or, is there a way to look at what is being applied to computer when logged in or as the computer is starting up?

My infrastructure Background:

I have a Windows Active Directory Domain with Windows 7 and XP clients. The servers are mixed 2003R2 and 2008R2 Standard. In this instance I am working on a 2008 server and a client machine with Windows 7.

I'd be more than happy to give you anymore info that's needed.

Thank You for any help!
0
WindhamSD
Asked:
WindhamSD
2 Solutions
 
BCipolloneCommented:
I believe you are using this: http://community.spiceworks.com/how_to/show/989

You need to check the location that the Group Policy is pointing to and make sure those items are not on the shared desktop.  The only other way this could be happening is if there is something in the login script that is loading them from a location.
0
 
AcklesCommented:
Hi,
My approach would be very simple:

Take RSOP of the machine once when it's in the OU & secondly when it's in default container. This way Group Policy will be clearer, however since GP Preferences are not picked up in RSOP, but that shouldn't be your concern since you mentioned that you can't delete the icons. GP Preferences do allow you to modify the change, but since you can't delete it can't be Preferences.

Once you have done this, check if there is anything enforced on the top level. This also depends because the OU where you are putting the students is in a different OU & something is enforced from the top OU but not from the Domain level. If it was being enforced from Domain OU then even putting it in default container would effect.

This will give you a clearer picture. Please post the result & we can take it from there.

A
0
 
WindhamSDAuthor Commented:
The problem was that someone modified the Deafult Domain Policy. I had to remove what was added. Thank You for all of your help.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now