Group Policy help

[TJPC]

I setup a new domain with a single Domain Controller running Active Directory. However, our company network has multiple domains within itself. I edited the default domain group policy to reflect proxy server settings to limit internet access. Microsoft states that it takes sometime before these changes go into effect on the workstations, but it's been over a week.

The group policy changes are taking effect on the server. However, a workstation I setup on the new domain doesn't have the proxy settings. Is there a way I can force an update to all authenticating users?

 

[58sniper]

The change should be on those machines by the next reboot.

But I would create a separate GPO before editing the default GPO.

Run a GPO Results query using the GPMC (it's at the bottom on the left) and pick a random machine. It should indicate what GPOs are getting to the machine and what problems have occurred. That should tell you what's going on.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -

http://www.ietf.org/rfc/rfc2821.txt

 

[cydud3]

Make sure outgoing ICMP packets from the workstation to the Active Directory server aren't blocked by some sort of firewall. You can then run "gpresult" on the workstations to see whether the group policy was applied.

Whenever you change any GPO, you can also make sure the changes goes into effect immediately by using "gpupdate /force".

2B||!2B

 

[TJPC]

58sniper,
I went into Group Policy Management Console. I brought up the Group Policy Results Wizard and selected my test machine on this new domain. I received the following message:
Group Policy Error
You do not have permission to perform this operation.
Details:
Access is denied.

I did this through a remote desktop connection to the server on the admin account... incase those details matter. If I do create another group policy, how do I ensure the workstation inherit the new policy and not the default policy?

cydud3,
I'm unsure about ICMP packets being blocked but all of this setup is on one side of the firewall so I don't see it being a problem. I ran gpresult on the workstation and received:

INFO: The user "DOMAIN\User" does not have RSOP data.

I then ran a "gpupdate /force" on the workstation. It read:
Refreshing Policy...
User Policy Refresh has completed.
Computer Policy Refresh has completed.

After reboot, the group policy settings still didn't take effect.

 

[cydud3]

Try to ping your server from the workstation. I also got that same "does not have RSOP data" error before and it turned out to be a software firewall on the workstation that was blocking out the ICMP packets. If you can ping your server then the problem is different from mine.

You can override the default domain policy by placing the active directory objects in a different OU and creating a new ADO for that OU only. If I remember correctly, proxy settings are under User Configuration so you should move the User ADO to that new OU.

2B||!2B

 

[TJPC]

The workstation can ping the server and the firewall is turned off. I thought maybe it was the anti-virus so I exited that and ran another "gpupdate /force". It came back up and still wasn't taking the group policy nor letting me run a results wizard in GPMC. I appreciate all of these suggestions. This is getting really frustrating.