Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DC > AD/GPO XP will not accept Computer/User modifications.

Status
Not open for further replies.

HopnDude

IS-IT--Management
Oct 25, 2007
64
US
Hopefully someone a bit more knowledgeable could shed some light on this issue for me!

I'm ditching 3 old DC's running Server 2003 that were setup in 2005.

I'm currently setting up 4 new (1 main, and 1 backup per location) DC's running Server 2008 (yes, 2012 is on the market, but I work for a nonprofit organization, we work with what we can afford).

Windows Vista/7 - Accepts and follow the GPO's
Windows XP - Accepts but DOES NOT follow the GPO's

I work for a Library, the employee's are always busy, I'm not worried about them doing anything. Playing a quick game of cards/mindsweeper/facebook really quick is a quick and quiet tension reliever for them. But they are typically always busy from the start of their shift/finish due to the amount of people we get in!

As for the Public Access Machines and Catalog Machines. The Public Access are setup so settings cannot be modified, it's not their personal machine. Yet they can modify documents on their thumb drive, facebook, communicate with family, research paper, homework, etc. They cannot change the desktop, they can't install software, nothing. On the Catalog Machines, I have them locked down AIR TIGHT! All they can do is open Internet Explorer and open my Library's web site. They can't do anything else. Within our web site they cannot navigate to the open internet.

But if the policies don't work for Windows XP (the majority OS of our machines as of current) then I have a rather big issue on my hands!

Can someone help me figure out WHY my Windows XP machines aren't following the GPO's I have put in place for them!

Thank You For Your Time,
Scott
 
:facepalm: DNS wasn't selected for machines, auto was on.

Just need to configure proxy settings on that server for the designated IP range, and keep them on the one website. Find out in AD how to keep the "Start > Programs" folder from displaying, and I'm set!
 
Modified the Proxy settings in AD on the DC. Only allowed the one site needed for these machines on port 80, nothing else works on them. Catalogs are set, now onto the Public Access machines!

 
Everything is pretty much done, and really to roll! Only one issue remains!

I removed a bunch of permissions on IE to the point that the Address bar no longer shows. There are two work arounds to be able to find/navigate around with IE if need be, but FireFox and Chrome will be on the patron PC's as well. But this is the last obstacle and I'm done with this project. Create two more DC's, and have them join the existing tree, then onto the next project!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top