Group policies not working

[cathlewis]

We have been setting up group policies for our public access area, but they arent working!

The users are shop1, shop2, shop3.
All win2000 workstations/server
They are in an organisational unit called 'shop'
Have created a policy in AD called 'public access' and applied it to the shop organisational unit, in the User administrative templates, to stop users tampering with desktop settings etc.
Have done SECEDIT to enforce workstation policy - no luck.
We dont want to lock down the PC itself, as we need to change settings on them ourselves.

We had recent training on this, and setting up the policy looked simple. It worked in the training session (on the trainer's server!) without any amending of policy inheritance from the domain.
Our trainer went through what we did and said it should be working.
Our hardware engineers have looked at it and said it should be working.
The Domain Security Policy / Local Policy/Security options (eg get rid of CTRL/alt/Del requirement on login) are also not applying - but the Account Policies (eg password length requirement) are.
Is affecting both our main site and the sub-domains.

Does anyone know of anything else (eg DNS problems) that could affect group policies? We do have some unresolved connectivity problems between sites.

 

[Seaspray0]

Password policies must be applied at the domain level.

Also is the policy you are adjusting a user or computer policy? user policies affect user objects and computer policies affect computer objects. Where are your computer objects located? Try applying the policy to that OU as well.

 

[lewic]

It is a User policy, applied to an organisational unit containing the users shop1, shop2 etc.

We dont want to apply policies to these computers as we need full access ourselves.

(computer objects are in a folder 'default container for upgraded computer accounts' - there is no tab for group policies on it, and no way of creating a sub-organisational unit in that folder)