Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Group Policy or Something Else?

Posted on 2011-09-23
3
Medium Priority
?
372 Views
Last Modified: 2012-05-12
Hello everyone,

I have been scratching my head on this one for a few days now. I have a group of users in an OU in Active Directory. They have many icons on their desktop that shouldn't be there. As part of the policy (they are Middle School Students) they aren't allowed to right click on the desktop, modify the desktop, printers etc etc within a few GPO's that are assigned to that OU. I have no clue why these icons (some are other user's documents) are there. Once I pull the user out of the OU and into the default users container AD has by default, I can modify and delete the desktop as I should. I can restart and the icons do not reappear. But as soon as I move any user into that OU in question. The icons appear again.

I have looked through the GPO settings to show what each GPO (there are three two in the root and one inherited) has for settings and I do not see anything that would create this behavior.

So now to my question,

Is there anything other than a GPO that could do this? Keep in mind that the user is not using a roaming profile and when moved out of the OU's the icons still appear until they are deleted. Or, is there a way to look at what is being applied to computer when logged in or as the computer is starting up?

My infrastructure Background:

I have a Windows Active Directory Domain with Windows 7 and XP clients. The servers are mixed 2003R2 and 2008R2 Standard. In this instance I am working on a 2008 server and a client machine with Windows 7.

I'd be more than happy to give you anymore info that's needed.

Thank You for any help!
0
Comment
Question by:WindhamSD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 13

Accepted Solution

by:
BCipollone earned 1000 total points
ID: 36588966
I believe you are using this: http://community.spiceworks.com/how_to/show/989

You need to check the location that the Group Policy is pointing to and make sure those items are not on the shared desktop.  The only other way this could be happening is if there is something in the login script that is loading them from a location.
0
 
LVL 11

Assisted Solution

by:Ackles
Ackles earned 1000 total points
ID: 36592098
Hi,
My approach would be very simple:

Take RSOP of the machine once when it's in the OU & secondly when it's in default container. This way Group Policy will be clearer, however since GP Preferences are not picked up in RSOP, but that shouldn't be your concern since you mentioned that you can't delete the icons. GP Preferences do allow you to modify the change, but since you can't delete it can't be Preferences.

Once you have done this, check if there is anything enforced on the top level. This also depends because the OU where you are putting the students is in a different OU & something is enforced from the top OU but not from the Domain level. If it was being enforced from Domain OU then even putting it in default container would effect.

This will give you a clearer picture. Please post the result & we can take it from there.

A
0
 

Author Comment

by:WindhamSD
ID: 36985798
The problem was that someone modified the Deafult Domain Policy. I had to remove what was added. Thank You for all of your help.

0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question