Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Default domain GPO is overiding local OU GPO

Status
Not open for further replies.
fitfixer

fitfixer

Technical User
Apr 11, 2001
150
IE
I have setup an internet filtering solution and want to try it out with one department before rolling it out to the whole building, I need to change each user's IE Proxy, I created a new GPO and put the proxy in the Internet Explorer maintenance part of the user settings, I linked it to the trial OU that contains the computers in this dept and blocked inheritance, I am using the GPMC for this.

The GPO is not being applied, the default domain GPO which just contains some global settings and no IE Proxy settings, seems to override, if I manually set the proxy the GPO just takes it out, what am I doing wrong?
I would be grateful for any suggestions

FrankF
A+,Network+,MCSA

 
Sort by date Sort by votes
check this first, and check the rest later

THIS:
" I need to change each user's IE Proxy, I created a new GPO and put the proxy in the Internet Explorer maintenance part of the user settings, I linked it to the trial OU that contains the computers in this dept"

User settings apply to USERS! not Computers!
try one of these ideas.
enable loopback processing
apply the GPO to a OU with user accounts in it.....

THE REST:
have you checked that the domain gpo doesn't override the proxy settings AND have no override set?

have you run gpupdate(xp) secedit /refresh . . . . (2000)?
or rebooted the PC? it might not have refreshed the settings .

"if I manually set the proxy the GPO just takes it out"
there may be another GPO between the 2 you mention that has a different setting...

try changing the title bar or sth like that, see if the gpo is getting thru at all. and check the gpo is activated, and that it has the correct rights!

Aftertaf
________
Regain control of your PC, at
 
Upvote 0 Downvote
fitfixer,

I agree with aftertaf.

GPO's are applied in the order Local, Site, Domain, OU, with each level overriding the same settings in GPO's previously applied.

If you are applying user settings and have no users in the OU then they will not be applied at the OU level. The domain GPO will be the last one processed if you only have computer objects in the OU.

Wishdiak
A+, Network+, Security+, MCSA: Security 2003
 
Upvote 0 Downvote
Thanks for your help guys
I have some users (including myself) and their computers in the trial OU, I have blocked inheritance at the OU level and disabled enforcement at domain level (same as no override)
Using the GPMC I have deleted or disabled any unused GPO's save for the default domain GPO and the GPO in question
I have modified the access properties from Authenticated users to everyone, for a brief moment yesterday the GPO did its work and I was redirected to the Proxy server but shortly afterward IE returned to its default no proxy setting, looking at the Browsing logs this also happened to one other user,

My next step will be to backup & remove the Domain GPO to determine if this is still overriding the OU GPO, just one thing, how do I enable loopback in a GPO?
regards

FrankF
A+,Network+,MCSA

 
Upvote 0 Downvote
what OS are your clients running?

and have you checked what they have in their local policy??

MMC> Group policy > This Computer ??

Aftertaf
________
Regain control of your PC, at If you break your hard drive, it'll be DPlank's fault
 
Upvote 0 Downvote
fitfixer,

To enable Loopback processing for computer objects,

1. In the Group Policy Microsoft Management Console (MMC), click Computer Configuration.
2. Locate Administrative Templates, click System, click Group Policy, and then enable the Loopback Policy option.

This is from which was written for Windows 2000, but should apply to Windows Server 2003 also.

Wishdiak
A+, Network+, Security+, MCSA: Security 2003
 
Upvote 0 Downvote
Servers: 2003 Std on both DC's
Workstations: most are XP Pro SP2, some W2000 pro and a few Win98se
There are no local policies, the default domain GPO settings are working OK on the XP and W2K machines, the problem was in applying the new proxy settings just to the test OU,
I have enabled loopback merged on the test GPO

FrankF
A+,Network+,MCSA

 
Upvote 0 Downvote
and the result???
:)

dont forget your 98 machines wont use gpo, they can't!

Aftertaf
________
Regain control of your PC, at If you break your hard drive, it'll be DPlank's fault
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ADB100
  • Locked
  • Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
405
technome
technome
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
1K
goombawaho
goombawaho
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
355
hairlessupportmonkey
hairlessupportmonkey
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
327
RRankin355
RRankin355
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
348
ADB100
ADB100

Part and Inventory Search

Sponsor

Back
Top