Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Group Policy or Something Else?

Posted on 2011-09-23
3
368 Views
Last Modified: 2012-05-12
Hello everyone,

I have been scratching my head on this one for a few days now. I have a group of users in an OU in Active Directory. They have many icons on their desktop that shouldn't be there. As part of the policy (they are Middle School Students) they aren't allowed to right click on the desktop, modify the desktop, printers etc etc within a few GPO's that are assigned to that OU. I have no clue why these icons (some are other user's documents) are there. Once I pull the user out of the OU and into the default users container AD has by default, I can modify and delete the desktop as I should. I can restart and the icons do not reappear. But as soon as I move any user into that OU in question. The icons appear again.

I have looked through the GPO settings to show what each GPO (there are three two in the root and one inherited) has for settings and I do not see anything that would create this behavior.

So now to my question,

Is there anything other than a GPO that could do this? Keep in mind that the user is not using a roaming profile and when moved out of the OU's the icons still appear until they are deleted. Or, is there a way to look at what is being applied to computer when logged in or as the computer is starting up?

My infrastructure Background:

I have a Windows Active Directory Domain with Windows 7 and XP clients. The servers are mixed 2003R2 and 2008R2 Standard. In this instance I am working on a 2008 server and a client machine with Windows 7.

I'd be more than happy to give you anymore info that's needed.

Thank You for any help!
0
Comment
Question by:WindhamSD
3 Comments
 
LVL 13

Accepted Solution

by:
BCipollone earned 250 total points
ID: 36588966
I believe you are using this: http://community.spiceworks.com/how_to/show/989

You need to check the location that the Group Policy is pointing to and make sure those items are not on the shared desktop.  The only other way this could be happening is if there is something in the login script that is loading them from a location.
0
 
LVL 11

Assisted Solution

by:Ackles
Ackles earned 250 total points
ID: 36592098
Hi,
My approach would be very simple:

Take RSOP of the machine once when it's in the OU & secondly when it's in default container. This way Group Policy will be clearer, however since GP Preferences are not picked up in RSOP, but that shouldn't be your concern since you mentioned that you can't delete the icons. GP Preferences do allow you to modify the change, but since you can't delete it can't be Preferences.

Once you have done this, check if there is anything enforced on the top level. This also depends because the OU where you are putting the students is in a different OU & something is enforced from the top OU but not from the Domain level. If it was being enforced from Domain OU then even putting it in default container would effect.

This will give you a clearer picture. Please post the result & we can take it from there.

A
0
 

Author Comment

by:WindhamSD
ID: 36985798
The problem was that someone modified the Deafult Domain Policy. I had to remove what was added. Thank You for all of your help.

0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the most frustrating experiences a help desk technician will ever encounter is when a customer comes to them with a solution of their own invention and expects the tech to implement it. This often happens when people with a little bit of tech…
Scenario: Your operations manager has discovered an anomaly in your security system. The business will start to suffer within 15 minutes if it is a major IT incident. What should she do? We have 6 recommendations for managing major incidents (https:…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question