Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cant get a GPO to apply

Status
Not open for further replies.
dpresley

dpresley

IS-IT--Management
Aug 10, 2002
120
US
Heya folks. Im running a win2k advanced server. I have AD, DNS, DHCP, etc up and running.

In Active Directory Users and Computers I have created a GPO on the Domain level. I have, in the security section for that GPO, added a user and checked the Apply GP box.

I can not get the GPO to apply when a user logs onto the domain. What am i doing wrong? :-(
Is it because I put the user in the security rather than the computers? Im lost.

Thanks in advance!!




Dave Presley
Network & Systems Administrator
Premier, Air Academy & Thomas Jefferson High Schools
dpresley@qwest.net

MCP
 
Sort by date Sort by votes
You said you have the apply box checked. Is the Read box checked? The read and apply boxes must be checked.

 
Upvote 0 Downvote
Yeppers... both are checked. Read and apply. :-(

Dave Presley
Network & Systems Administrator
Premier, Air Academy & Thomas Jefferson High Schools
dpresley@qwest.net

MCP
 
Upvote 0 Downvote
Is this user in another group that is denied? Also, remember that the GPO highest in the list has the highest priority.

Good Luck
 
Upvote 0 Downvote
In AD users and computers, when i click on the properties of an OU, shouldnt there be a GPO tab in there, or is it just on the domain level? The server book says yes there should so i would be able to link the GPO to the OU, but eh... it's not there.

Yeah... the policy i want applied is highest on the list.
NO, no one else is denied.

Dave Presley
Network & Systems Administrator
Premier, Air Academy & Thomas Jefferson High Schools
dpresley@qwest.net

MCP
 
Upvote 0 Downvote
Dangit... Okay.. i've updated all the service packs and what-not and i still cant get the sumbitch to work.

I've re-read thru the server 2k microsoft book and cant see anything im doing wrong. :-(


Dave Presley
Network & Systems Administrator
Premier, Air Academy & Thomas Jefferson High Schools
dpresley@qwest.net

MCP
 
Upvote 0 Downvote
what boxes are checked for authenticated users? I would clear all boxes but not remove.
 
Upvote 0 Downvote
Read only for Authenticated users.



Dave Presley
Network & Systems Administrator
Premier, Air Academy & Thomas Jefferson High Schools
dpresley@qwest.net

MCP
 
Upvote 0 Downvote
It's DOING nothing.. hehe.. Im trying to just lock down some items on the host computers. They're computers in a LAB and im wanting to prevent access to control panels, keep from changing the wallpaper. Simple stuff...

Dave Presley
Network & Systems Administrator
Premier, Air Academy & Thomas Jefferson High Schools
dpresley@qwest.net

MCP
 
Upvote 0 Downvote
Have you made configuration changes under the user node, or computer node of the GPO? or both? If you've made your changes under computer node, I think you'll need to give the computer object read and apply perms.

Either try running gpresult from the command line, as the user that the policy is supposed to be applying to. It should show if the policy is applied, or not (and give a reason).

Or if your user doesn't have access to the command prompt run the RSOP snapin in the MMC for the computer and user that the policy should be applied to.
 
Upvote 0 Downvote
There are changes in the user and the computer noe of the GPO. I did end up putting computers and users in the OU that has the GPO applied... read and apply checked. Still not working. :-(


I'll check out running gpresult and see what i can see.
Thanks



Dave Presley
Network & Systems Administrator
Premier, Air Academy & Thomas Jefferson High Schools
dpresley@qwest.net

MCP
 
Upvote 0 Downvote
And as far as not getting the GPO tab, does your account definitely have the permission to modify GPs for this OU?
 
Upvote 0 Downvote
Yeah... im the domain admin. I can create, edit and delete GPO's.

I created a new OU... called it GPO OU... and there is the tab... i was looking on the USER folder under the domain. That doesnt have that tab. :-(



Dave Presley
Network & Systems Administrator
Premier, Air Academy & Thomas Jefferson High Schools
dpresley@qwest.net

MCP
 
Upvote 0 Downvote
... if the above doesn't yield anything, then have a look in event viewer (on the client) for any errors about retrieving or applying policies. Recently I had a problem with a workstation which wouldn't apply policy. Finally figured out that it was due to the w/s time being out of sync with the server.
 
Upvote 0 Downvote
I apologize in advance if this question insults you...but is the Group Policy Object in question...enabled? If it is..have you tried forcing group policies to update themselves? For windows 2000 you would user secedit /refreshpolicy machine_policy /enforce
and
secedit /refreshpolicy user_policy /enforce

for Windows XP user

Gpupdate /force
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ADB100
  • Locked
  • Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
419
technome
technome
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
590
DTGMI
DTGMI
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
688
microsGuy16
microsGuy16
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
336
RRankin355
RRankin355
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
786
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top