Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Group Policy change not being implemented.

Status
Not open for further replies.
albracco

albracco

IS-IT--Management
Jun 10, 2004
62
0
0
US
Windows 2003 SP2 server (single DC). Had previously setup an OU and GP for 8 PCs located in stores that needed to be very locked down. Now one of those PCs needs some additional functionality enable. I created a new OU and moved that user account into it. I am using GPM. I created a new policy for that OU with my user configuration changes. It has been linked and enforced. I saw it work once for about 5 minutes after doing a gpupdate. After rebooting the PC, it stopped working. Instead of the new policy being applied, the old policy seems to be enforced. However, the new policy is the only one listed for this OU in GPM. I am not enforcing a domain default policy, either.

If I run the Group Policy Results wizard for this computer/user, it shows my new GP0 as being the only one applied. I know the settings in the policy itself are correct.

Any ideas on where to look next?

Al
 
Sort by date Sort by votes
Upvote 0 Downvote
The store PCS are extremely locked down, so they can't change anything in Windows - just run the retail sql application they need. One example is printers. From the store PCs, they do not have the ability to get to Control Panel at all, never mind do anything with printers. The one PC in question is actually in the warehouse. That PC has 4 printers attached, and he needs the ability to select a printer from various applications. So, we need to unblock most restrictions to do with printers. When it worked for that brief time, the user could see control panel, and the only thing in it was Printers. And, from the various Windows applications, he could select the printer he needed. When the policy is not applied, he is completely locked out of those functions. We have had to keep him logged in as administrator so he can do what he needs. Obviously, we don't want to continue that.

It seems like the old policy is still being applied, rather than the new one. Maybe it had something to do with when I moved the user account to the new OU? Perhaps I should try deleting the user account and creating a new one?

Al
 
Upvote 0 Downvote
sorry for the late reply on this. I wouldn't go deleting the account, but you could create a new one in the same environment, same group membership etc, and see if the policies have been applied ok

Also, I presume you've already checked, but are there any warnings/errors in eventviewer or RSoP that indicate group policy processing failed?

I still can't quiet understand how RSoP could show the settings you want yet they're not being applied. If you want you can use GPMC to save a HTML report of group policy results (RSoP) and list it here, and I'll have a look. Change any company/user names etc on the report as you see fit.

Sorry I haven't been able to provide you with a concrete solution, but we don't have to admit defeat just yet !!!



Irish Poetry - Karen O'Connor
Irish Poetry and Short Stories - Doghouse Books
Garten und Landschaftsbau
 
Upvote 0 Downvote
that i understand, the computers are in one ou and the restrictions apply, the u created another ou where u put in a user that weakens the restrictions for him on one of the pc´s in the other ou
afik that wont work the restrictions are cumulativ with the most restrictive in place
 
Upvote 0 Downvote
yes, the policies are per user, not computer. I don't have a default policy that applies to everyone, just individual policies per OU and no policy for admin. If I log into that computer with a username from the "stores" OU, it applies the correct policies. if I login with the more restriced username, I still get the store policy characteristics, even though that policy is only linked to the stores OU.

A real puzzler...
 
Upvote 0 Downvote
Useful information in there, but Terminal Server is not in use in this situation.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
105
microsGuy16
microsGuy16
dpellegrini
  • Locked
  • Question
Website will load using hostname but not IP address
Replies
3
Views
180
mangentle
mangentle
ADB100
  • Locked
  • Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
79
technome
technome
on3mansh0w
  • Locked
  • Question
[HELP] AD GPO not applied unexpectedly
Replies
0
Views
64
on3mansh0w
on3mansh0w
disturbedone
  • Locked
  • Question
Edge Chromium protected media not working
Replies
1
Views
60
disturbedone
disturbedone

Part and Inventory Search

Sponsor

Back
Top