Solved

Group Policy or Something Else?

Posted on 2011-09-23
3
367 Views
Last Modified: 2012-05-12
Hello everyone,

I have been scratching my head on this one for a few days now. I have a group of users in an OU in Active Directory. They have many icons on their desktop that shouldn't be there. As part of the policy (they are Middle School Students) they aren't allowed to right click on the desktop, modify the desktop, printers etc etc within a few GPO's that are assigned to that OU. I have no clue why these icons (some are other user's documents) are there. Once I pull the user out of the OU and into the default users container AD has by default, I can modify and delete the desktop as I should. I can restart and the icons do not reappear. But as soon as I move any user into that OU in question. The icons appear again.

I have looked through the GPO settings to show what each GPO (there are three two in the root and one inherited) has for settings and I do not see anything that would create this behavior.

So now to my question,

Is there anything other than a GPO that could do this? Keep in mind that the user is not using a roaming profile and when moved out of the OU's the icons still appear until they are deleted. Or, is there a way to look at what is being applied to computer when logged in or as the computer is starting up?

My infrastructure Background:

I have a Windows Active Directory Domain with Windows 7 and XP clients. The servers are mixed 2003R2 and 2008R2 Standard. In this instance I am working on a 2008 server and a client machine with Windows 7.

I'd be more than happy to give you anymore info that's needed.

Thank You for any help!
0
Comment
Question by:WindhamSD
3 Comments
 
LVL 13

Accepted Solution

by:
BCipollone earned 250 total points
ID: 36588966
I believe you are using this: http://community.spiceworks.com/how_to/show/989

You need to check the location that the Group Policy is pointing to and make sure those items are not on the shared desktop.  The only other way this could be happening is if there is something in the login script that is loading them from a location.
0
 
LVL 11

Assisted Solution

by:Ackles
Ackles earned 250 total points
ID: 36592098
Hi,
My approach would be very simple:

Take RSOP of the machine once when it's in the OU & secondly when it's in default container. This way Group Policy will be clearer, however since GP Preferences are not picked up in RSOP, but that shouldn't be your concern since you mentioned that you can't delete the icons. GP Preferences do allow you to modify the change, but since you can't delete it can't be Preferences.

Once you have done this, check if there is anything enforced on the top level. This also depends because the OU where you are putting the students is in a different OU & something is enforced from the top OU but not from the Domain level. If it was being enforced from Domain OU then even putting it in default container would effect.

This will give you a clearer picture. Please post the result & we can take it from there.

A
0
 

Author Comment

by:WindhamSD
ID: 36985798
The problem was that someone modified the Deafult Domain Policy. I had to remove what was added. Thank You for all of your help.

0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Why pager replacement is still an issue OnPage has what some might call a “hate/hate” relationship with pagers. Not much room for love. As we see it, pagers are an antiquated bit of technology. Pagers are dinosaurs which, like most dinosaurs, sho…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

805 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question