Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cannot get Group Policy to work 3

Status
Not open for further replies.
Labone

Labone

IS-IT--Management
Apr 14, 2003
55
GB

OK all else has failed and I have RTFM but still I cannot get Group Policy to work.

Here's the scenario. I am new to GP so forgive me if I am not doing something glaringly obvious.

I have a network with 80+ PC's in 10 Departments, I want to apply Group Policy to "tie the users down". In order to test my application of group policies I have been trying to add a GPO to the IT department that simply puts up a message box asking if the user is a member of this domain, if not please log out etc. Should be simple enough.

On the Domain Controller I opened up ADUAC and right clicked the ITOU. Then, right clicked/properties/Group Policy/New then edited the new policy. I opened up Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options and then defined the Message text for users attempting to log on and the Message Title for users attempting to log on. I then closed down the Group Policy Box.

2 things happened at this point or rather 2 things didn't happen. Firstly the policy does not take effect even after forcing policy refresh using secedit, and secondly the policy is not filtered down to either computers or users in the ITOU. I have even tried applying the policy directly to the Users in ITOU and it still doesn't work.

I have read that I should import a security template into the policy but the manual I have does not tell me which template to import.

Any help with this problem would be greatly appreciated.

Regards,

RAL.
 
Sort by date Sort by votes
The problem sounds like you are trying to apply a computer policy to an OU of users.

The group policy has two components, user and computer. Settings that are defined under the Computer Configuration section of the policy only apply to Computer objects in AD. Likewise, settings that are defined under the User Configuration section of the policy will be applied only to User objects in AD. The Computer Configuration and User Configuration will have different possible settings, because some things are not set on the user level (like login messages).

What you will need to do is apply the policy to the OU where the Computer objects reside. To simplify this process, I have an OU for users and an OU for computers. Each of those OUs is broken down by department, and users and computers reside in the OU for their department under the appropriate OU.
 
Upvote 0 Downvote
kmcferrin,
You hit it on the head!

Labone,
If you follow kmcferrin's instructions, you will get yourself going. One more thing to add though, after applying the policy to the computers, (you can move the computers to your IT OU), you must force a policy refresh on the PC and reboot the PC.
 
Upvote 0 Downvote
Labone,

- Open ADUAc
- Click on Computers
- On the right screen right click on the name of the computer that belongs to the IT department or the computer you are testing
- Click on Move
- Click on the IT which is where you want to move the computer to
- Click OK
- If it's possible to Reboot your domain controller reboot this or just wait for a few minutes for the policy to take effect, or you can also force a policy to refresh
- Reboot your test PC which belongs in the IT department

Hopefully this will help you out
 
Upvote 0 Downvote
Thanks Guys,

It Works!

Stars to kmcferrin, tfg13 and dhanz10. Your combined tips have given me a better understanding of how Group Policy works.

Just need to practise now.

Thanks again.

RAL
 
Upvote 0 Downvote
Good luck! Group Policy was a bit tricky to get the hang of at first, but once you learn the ropes you'll love it. I do so much through group policy that I often wonder how I managed to get by without it in the NT4 days.

Do yourself and spend an hour or so one day familiarizing yourself with the various default group policies. There are tons of ideas there just waiting to be tapped.

The thing to understand about Group Policy is that it's essentially an easy way to change registry settings on large groups of PCs (also to install applications, etc). It is possible to write new templates to install in Group Policy to change just about any registry setting affecting users or computers.
 
Upvote 0 Downvote
Excellent advice kmcferin, tfg13, & dhanz10!

I had to wrestle through this myself before I found this site.

Good job.

MCSE CCNA CCDA
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
619
DTGMI
DTGMI
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
758
microsGuy16
microsGuy16
juliog
  • Locked
  • Question
Unable to get Server 2019 GPO Redirected Folders to Work on Windows 7
Replies
1
Views
327
tacohunter
tacohunter
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
390
hairlessupportmonkey
hairlessupportmonkey
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
350
RRankin355
RRankin355

Part and Inventory Search

Sponsor

Back
Top