• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 648
  • Last Modified:

GPO not applying

Hi all,

I have a standalone 2003 server which is a DC & I have joined 15 PCs to its Domain successfully.
I have implemented a GPO to lockdown those PCs, but the GPO isnt applying to any of the PCs.
The Link is Enabled & Enforced.
I have ran gpresult on the PCs which states that the gpo is not found.
I have made sure the securities are right i.e. Authenticated Users = Read priveleges.
I have it on the right OU, which contains accounts, Computers are in another OU.
I have only used User settings.
I dont have loopback processing enabled.
I have ran Windows Server 2003 Resource Kit Tools using gpotools cmd which says the GPO is ok.

Has anyone else got any other suggestions?
0
craigaddison
Asked:
craigaddison
  • 5
  • 2
  • 2
  • +4
1 Solution
 
Andrew_EllisCommented:
I've had issues like this before, and came back a day later to find it working. Computer settings sometimes take a day or two to kick in, no idea why.
0
 
Hypercat (Deb)Commented:
What is the operating system of the workstations? Are the users logging on with domain user accounts(not local user accounts)? Check in the event logs on some of the workstations and see if there are any GPO-related errors. The source of the errors would be Userenv or SceCli.
0
 
arrorynCommented:
What are you trying to lock down? Does the GPO apply to computer or user objects? If user objects, have you tried applying the GPO as a domain administrator?

Have you checked the event logs on an affected machine to see if there are any events relating to group policies (specifically failures)?
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

 
craigaddisonAuthor Commented:
GPO applies to User settings.
It has been a few days since I set it and still nothing.
Operating system = XP
0
 
Venugopal NCommented:
1.Is the OU contains Users to which the GPO is linked ( user setting GPO)?
2.Login as the user and run the gpupdate /force and check if the GPO applies to the client.
3.Is the GPO not applying to any client?
4.Make sure that the user ( Authenticated) have  Read and Apply Group policy permission for the GPO.
0
 
Sudeep SharmaTechnical DesignerCommented:
Do you have correct DNS settings?

Further as suggested by arroryn did you check event viewer for any error message related to GPO?

Further what is the result from gpresult.exe /R from the command prompt?
0
 
craigaddisonAuthor Commented:
I have not had a chance to do the checks from above, I will complete these tomorrow. I will post the results here then.

My DNS is primarily pointed at the DC server, then secondarily pointed at the router gateway. i.e  192.168.1.5
      192.168.1.1
Is that correct?
0
 
craigaddisonAuthor Commented:
Yes the Users are in the right OU that has the GPO applied.
The Users are logging in with Domain Accounts.
There are no entries in the Event Log of Userenv or SceCli type or of any logon nature.
I'm just trying to lockdown basic things like no Run command etc... & I'm trying to repoint the Docs & Desktop folders to the server & I have a logon script in the gpo to map a shared drive, so nothing out of the ordinary.
I have ran gpupdate /force on the clients & server & it still hasn't made a difference.
The GPO is not applying to any client.
Authenticated User has Read & Apply group policy set to allow.
Gpresult states that 'INFO: The policy object does not exist'
0
 
Hypercat (Deb)Commented:
What OU are the users in? Where did you create and link the GPO (i.e., at the domain level or at the OU level)? Please describe how this is configured.  I know that you said it was in the right OU, but by your description of the GPResult message, it sounds as though the group policy is not being applied to the OU that contains your user accounts. In the group policy management console, click on your GPO and then do a screen capture of the Scope information.  Then click on the Settings tab. When the report appears, right-click and print it to a file and post that screen capture and file here for analysis.

You should remove the secondary DNS server (your router IP address) from the server and all workstations.  It's not doing anything useful.
0
 
Venugopal NCommented:
Check if any GPO has been set to Nooveride ( which is applied on parent level or at the same level).To get the list of GPo applied to the user, Run gpresult and check the Nooverride setting of each GPO.

http://technet.microsoft.com/en-us/library/cc978255.aspx
0
 
craigaddisonAuthor Commented:
All sorted. Thanks for the help
0
 
craigaddisonAuthor Commented:
Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

  • 5
  • 2
  • 2
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now