GPMC confusion

[LudicrouSpeed]

Hey All

Just to add to my list of things that’s confusing the hell out of me, ive been trying to get group policy to apply to all the client pc’s on our domain, the problem is some (expletive deleted)has installed GPMC on our SBS box so It makes things really complicated, I tried this link which is kewl(you need to run it in IE)

http://www.microsoft.com/windowsserver2003/evaluation/demos/sims/gpmc/viewer.htm

but its confusing the hell out of me… the problem is that a dedicated OU has not been created so the users are just sitting in the users folder, I have tried creating an OU under the domain for our staff but when I moved our users in, it ruined there permissions for authenticating, so I moved them back and its all good.

Im pretty sure I can uninstall GPMC but im afraid it will wreak havoc with the GPO’s, so basically Im trying to get this figured out…

Am i just being foolish in that GPMC IS actually a good tool and im just too dumb to figure it out?

Or am i right and there is a better (simpler way)

Oh i nearly forgot to mention that we only have 32 users on one domain, and i just put all staff into a staff group.

THanks for any help

Ry

 

[58sniper]

GPMC is actually recommended, and makes life EASIER than not having it.

Users need to be an OU other than the built-in "users" OU in order to apply GPOs to them.

As for the authenticating problem, you'll have to be more specific with event log errors, etc.

Pat Richard, MCSE MCSA:Messaging CNA
Want to know how email works? Read for yourself -

http://www.ietf.org/rfc/rfc2821.txt

 

[TechSoEasyMVP]

I'd concur... the <expletive> who installed GPMC was probably Windows Update, since SBS really wants to use GPMC by default.

If users are sitting in the users folder, then most likely they weren't added to the SBS correctly with the add-user wizard. All users MUST be in the default OU of domain.local\MyBusiness\Users\SBSUsers. (and all computers must be in domain.local\MyBusiness\Computers\SBSComputers).

What policy are you trying to have propagate to all PC's?

Jeff
TechSoEasy

 

[markdmac]

I agree that when the users were created it should be done so using the Wizard. ALl hell breaks loose on SBS when you deviate from the Wizards.

I don't believe GPMC is pushed via Windows update but it really doesn't matter. You have it and should learn the interface which really is better than the old way of using ADUC.

As for figuring it out, where are you having problems in understanding it? GPMC is very like ADUC in that it will show you your OUs. It also shows you what GPOs are linked to an OU. You can create a single GPO and link it to multiple OUs using GPMC. You can also backup and import your GPOs making this a very powerful and handy tool. Once you right click on a GPO and choose to edit it, the screens are identical to what you would see when you edited a GPO via ADUC. So the only thing I can imagine youa re having problems with is correlating the placement of GPOs to your OUs.

For the sake of simplicity, I typically like to apply all my GPOs at the domain level. As all of your users exist in a single location, this will be sufficient for you.

One word of advice, do not edit the Default Domain Policy accept to set password restrictions.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

 

[LudicrouSpeed]

Hi Guys

thanks for all the replies, the policy im trying to propogate is simply automatic updates to occur automatically for non-admins, (which all users are except IT).

Hmmmm, thats a bit of a worry because all my users and computers are sitting inside the users and computers folder.

Is there any way to fix this, as i said before, when i attempted to move my users into another OU they seemed to lose there permissions

 

[58sniper]

Its by design that you can't apply policies to the default OUs. If you have problems with non-default OUs, you need to resolve those first.

Pat Richard, MCSE MCSA:Messaging CNA MVP
Want to know how email works? Read for yourself -

http://www.ietf.org/rfc/rfc2821.txt

 

[TechSoEasyMVP]

If your computers are not in the default OU then most likely they weren't added using the Add-Computer wizard and weren't joined to the domain properly using the ConnectComputer wizard.

Therefore, to correct this problem you need to do the following:

On each client machine:
1. Log in with THAT machine's LOCAL administrator account. (Local login)
2. Unjoin the domain into a WORKGROUP
3. Change the name of the computer (this is not an option, you must use a name that is unique and hasn't been used before on your SBS)
4. Delete or rename the following directory C:\Program Files\Microsoft Windows Small Business Server\Clients if it exists
5. Make sure that the network settings are configured to get an IP address automatically (DHCP enabled)
6. Reboot

Then on the server, from the Server Management Console:
1. Remove the client computers if it still shows in the Client Computer screen on the Server Management Console
2. Add the client with it's NEW name using the Add Computer wizard

Then, go back to the client machine and join the domain by logging in again with the LOCAL Administrator account, opening Internet Explorer and navigating to

http://servername/connectcomputer

Jeff
TechSoEasy

 

[LudicrouSpeed]

Wow, thankyou so much for your extremely informative post, ill give that a go (when i have a chance) sounds like it might take a while but if thats what is required then thats what is required.

May i ask if there is a similar process required for the AD users aswell? or can these simply be moved into the correct OU of domain.local\MyBusiness\Users\SBSUsers.

Thanks again

 

[TechSoEasyMVP]

If you did not create your users with the Add-User Wizard, then you have not set them up properly. Just moving them to the default OU would not help in making sure that their home directory was set up and configured with the proper permissions, it wouldn't create their Mailbox with the proper settings, and it wouldn't create their SharePoint user account.

So, you may want to just do all of this at once because when you run the Add-User wizard it chains into the Add-Computer wizard as well.

If you aren't familiar with Small Business Server, I'd suggest that you review

http://sbsurl.com/techguide

for a good resource for documentation. SBS is a use-specific server that is preconfigured and must be installed and managed in the way in which it was designed. Definitely a "read the manual" situation.

Good Luck!

Jeff
TechSoEasy

 

[LudicrouSpeed]

Hi, thanks for your reply, unfortunately for me, i was trained to use the non SBS version of server 2k3 so i was not aware of the different way to do things on SBS, i will look into the manual.

The problem is that our users have quite a lot of extra email addresses so this is going to be a pain to migrate. But i guess i will just grin and bear it

thanks very much for your help,

Cheers

Ryan

 

[TechSoEasyMVP]

Well, the first thing to learn about SBS is to forget most everything you know about Server 2003 (or at least just don't try to use it). Because SBS is a combination of services and functionality that you would never combine in one box under normal circumstances... but with the SBS Technology and the use of it's tools (the wizards), these things not only work together, they work great.

It's no problem to use multiple email addresses with SBS, by the way.

Jeff
TechSoEasy

 

[LudicrouSpeed]

Ok, thanks again for your help and atlease u told me RTM instead of RTFM, lol.

Cheers

Ryan

 

[TechSoEasyMVP]

What makes you think that's not what I meant.

Jeff
TechSoEasy

 

[LudicrouSpeed]

Oh i dont doubt that its what you meant but the point is you had the tact to avoid the "F"