Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

I cant get any GPO's to enforce.

Status
Not open for further replies.
dpresley

dpresley

IS-IT--Management
Aug 10, 2002
120
US
As it stands we have server 2003 installed on the DL140 server box. I have DNS, DHCP and active directory up and working. The ip scheme we're using is 10.0.0.X/255.0.0.0/10.0.0.1. The servers IP 10.0.0.5. The computers netbios name is DC and the domain name is tjhs.com. dc.tjhs.com is the qualified domain name of the server. I've verified that AD, DNS and DHCP are up and running correctly. The PROBLEM is that I cant get a group policy to enforce. I've created my OU's and placed user groups in the OU. I've created users and made them a member of the group. I've then created a GPO with the GPO console available from microsoft. I've enable it, I've linked it to the OU and made it so the default domain GPO doesnt override it. I can not get it to enforce on any client i log into the domain with under that or any user. If i put the GPO with the "student" group on the domain level, my admin login gets the gpo even though i do NOT have it enforcing on my login thru the security options. I've tried every variation I could think of in order to get it to enforce. Putting the computers, users and groups in the OU. Nothing works. I've been told there is a login script I can use that will pull down the GPO to the client computer but i know nothing about login scripts.

ANY help would be appreciated. I feel like i've exhausted about all my options before I call for the bosses credit card to call microsoft for $$ to help.

THANKS IN ADVANCE!!

Dave Presley
Network & Systems Administrator
Premier, Air Academy & Thomas Jefferson High Schools
dpresley@qwest.net

MCP
 
Sort by date Sort by votes
Are the policies making it to the pc? you can check this by running gpresult at a command prompt. you should see something simular to the following:

Applied Group Policy Objects
-----------------------------
Default Domain Policy
Local Group Policy

You will see policies that are applied for computers and for users. if you dont see your gpo's in the lists try running gpupdate from a command line, this will force a reload of the computer and user gpo's.

P:\>gpupdate
Refreshing Policy...

User Policy Refresh has completed.
Computer Policy Refresh has completed.

RoadKi11
 
Upvote 0 Downvote
Yeah, i've run the gpupdate and nothing. It does it's thing, i get all excited... go check.. and nada.
Gpresult provides nothing either. I dont think it's getting to the computers at all.

Dave Presley
Network & Systems Administrator
Premier, Air Academy & Thomas Jefferson High Schools
dpresley@qwest.net

MCP
 
Upvote 0 Downvote
OKay.... i found another GPO question on here and it referred me to GPOguy.com. Looking thru the trouble shooting area of the site i came across this:

"1. Your AD domain controllers are not correctly registered in DNS. While it may not seem like there is any relationship btw GPO and DNS, there is. In fact, your users may be able to authenticate to the domain just fine without DNS being healthy but GPOs will not process. GPO processing requires that the various SRV records related to LDAP be located in order to successfully complete. Specifically, the _ldap._tcp.<sitename>._sites.dc._msdcs.<domainname> record must be found for domain in which the GPO resides. This name allows a machine to find a DC to query for the list of GPOs that it must process. If you have determined that GPOs simply aren't being processed, check DNS first. You can simply ping the LDAP name above from the problem workstation to ensure its correctly being resolved to a valid DC as follows:
ping _ldap._tcp.mysite._sites.dc._msdcs.gpoguy.com
If the name is not resolved correctly, try restarting the Netlogon service on the missing DC to refresh SRV registration. Check the DC's system event log to make sure there aren't other issues. In larger environments this problem is usually rare, since there are usually some DCs that can be found, even if they're not in the local site."

Could anyone please translate this? It sounds like it may be it as i've exhausted everything else i can find.

Thanks!!

Dave Presley
Network & Systems Administrator
Premier, Air Academy & Thomas Jefferson High Schools
dpresley@qwest.net

MCP
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC &amp; Adding back to our Network
Replies
0
Views
612
DTGMI
DTGMI
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
744
microsGuy16
microsGuy16
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
332
penguinroundup
penguinroundup
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
380
hairlessupportmonkey
hairlessupportmonkey
Sequeira69
  • Locked
  • Question
Server cant connect to another afeter url
Replies
0
Views
243
Sequeira69
Sequeira69

Part and Inventory Search

Sponsor

Back
Top