Clients are not updating when the policy on the win2003 Server

[atracy]

Hi! I'm new to windows 2003 Server. I opened mmc.exe, and added the Group Policy Object Editor as a snap-in. One of the choices when adding the Group Policy Object Editor is to select the Local computer as the Group Policy Object. I chose to select the browse button and selected the Default Domain Controllers Policy instead. I enabled the Hide Log Off option policy to test it out. I also changed the time the policies get updated from 90 minutes to 0 minutes so it would update the client every 7 seconds. I even waited the 90 minutes just to make sure the client got the message that it was supposed to look for the updates every 7 seconds. Well, after all that work and waiting. I still have my Log Off button on my client.

Server configuration. I have my server setup with the following roles (brand new server installation). It is a Active Directory domain controller and a File Server. I have the IP addresses fixed and the DNS is turned off for security reasons. The client is a fresh installation of windows XP and has been successfully joined to the domain. I'm using a user account I setup on the domain called 'testuser' with user rights to log into the client machine.

So there you have it. My thoughts are that I'm using the wrong Group Object Policy Editor. And if the Default Domain Controllers Policy is not the correct policy, which policy should I be changing to manipulate the clients correctly?

This is a pretty simple setup question. Am I missing some setting somewhere? Am I using the wrong policy? Please let me know!

Thanks!

Aaron

 

[djtech2k]

Before we even start to talk about this, you need to get the correct GPO editor. You need to get the gpmc.msc. You can get the latest that includes the stuff for 2003 SP1 here:

http://www.microsoft.com/downloads/...24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en

A rule of thums in AD is NEVER edit the "Default" policies. YOu always create your own. The native policies should be left intact at all times.

Now, you have to run an internal DNS to AD or it will never work correctly. It is critical and it is best to run it from every DC you have. It sounds to me like this could be part of the AD structure problem that you apparently have. If you did not have a structure problem, GPO policy changes happen pretty quickly, especially in small environments.

 

[atracy]

Thanks djtech2k for the quick response! I've downloaded the gpmc.msi from the link you put in your reply. I then added a snapin to the Group Policy Management that I believe was installed when I ran the gpmc.msi. I did notice that the Group Policy Management does not have any reference to folder redirection. That is ultimately my goal, to setup a server that will redirect all my documents to the server.

I do recall when I setup the Active Directory that I told it to not worry about setting up the DNS because I wasn't going to use it. But if you say that Active Directory needs it to run internally. Well, how do I go about adding the DNS after the fact? (I used the wizard to setup the Active Directory).

What's the next step!?

Aaron

 

[warthog72]

I'm having a similar issue as atracy but I know my server is running DNS already. I'm trying to redirect the My Docs to a network share and I'm also trying to redirect a few users internet connection to a dead proxy (123.123.123.123) to keep them from browsing the web.

I thought I could create a new Operation Unit and create a new group policy (via right-click and properties). The settings are there but when I login the user, obviously, none of the above happen.

Any help would be greatly appreciated.

 

[Daveyd123]

Make sure your user/workstations are in the OU that the GPO is being applied to. If so, log into the workstations and from a command prompt run gpupdate /force.

On the workstations run gpresult from a command prompt and rsop.msc from the Run line to troubleshoot

 

[warthog72]

I'll give that a try. My structure is like this:

Domain has OU - Deny Internet

Deny Internet has Security Group - No Internet

No Internet has members A,B,C and D

I don't need to add each User separately to the OU do I?

Thanks.

 

[warthog72]

Ok, I think I'm missing something here. My user shows up as part of the OU I created but the Group Policy I set for that OU, by right-clicking on the OU, selecting Group Policy from the tab and adding a new policy (named Deny Internet - with no override selected) isn't showing up anywhere. When I check the rsop - obviously it shows me that my dead proxy isn't there. The gpresult says that the Local Group Policy wasn't applies because it wasn't filtered...

Any ideas? BTW - in case you couldn't tell, I'm new to this. I greatly appreciate your help.

 

[warthog72]

SWEET! I figured it out and its really as easy as downloading the GPMC from Microsoft. The funny thing is this plug in just makes it work - all the settings were in place, OUs defined (appropriately enough) - it applied the GPOs to the OUs and I was done.