Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Group policy management using Server 2000 and XP Pro - wont work

Status
Not open for further replies.

pcdoctorjon

IS-IT--Management
Jun 21, 2005
10
GB
Hi,

I have a Windows Server 2000 SP4, and 3 XP PRO machines.

I have manged to set up usernames etc in active directory, but when it comes to group policy, and deploying it on XP, where by i click on the domain controller in active directory users, and add a group policy.

Say in group policy, i wanted to set the Homepage for internet explorer as - for example, this wouldn't take effect on a Windows XP machine logged in as the domain member. It is as if the whole group policy feature doesn't work.

Cheers. Jon
 
...i click on the domain controller in active directory users, and add a group policy."


what are you actually doing here?

you might be modifying the domain controllers default policy, i'm not sure.

you should modify the default domain policy, or create a new policy and link it to the domain.


check these links:
thread96-1034735

Aftertaf
We shall prevail, and they shall not
 
When I configure the policy at Domain Level, it only seems to affect users that log onto Domain controllers and does not seem to affect any one who logs onto a workstation (these being XP SP2 Machines). I have specified the no overide option on the Domain policy to make sure that any lower OU's are unable to block the policy but this still doesn't work. Is there anything else I need to do to make sure every machine within the Domain is able to inherit the Domain group Policy.
 
You can try this.

on your AD server go to start - run - type in MMC
go to console - Add/remove snap in - Add a group policy - when the box with the Local computer comes up hit browse - under the Donmain/OU tab click on default domain policy - finish

Now in the console you should have your default donmain policy as a stand alone snap in. Make your changes and save it.

Goner05
 
How does the XP Machine know how to use this Group policy and how does it get hold of it.
 
If you log into the XP machine on the Domain (not the local account) the policy is forwarded to the local machine through the GPO.
 
Ok i have done what you said and logged in on the XP machine - still no luck!
I went to the command promt and typed gpupdate /force
Refreshing user policy...
User policy completed.
Computer policy completed.
I then went to things i specified in Group Policy and the URL homepage was the same and i could still use Control Pannel when i said not to.

I then went to command promt again and typed gpresult
It the came back saying Info: The Policy object does not exisit.

Please any ideas - you have been great so far - although it would be nice to get the Group Policy working on a xp machine!
 
Just a guess - you manage your group policies sitting in front of Win2000 server? If so, you should install adminpak.msi for Windows XP on one of your WinXP workstations and manage GP from there.

===
Karlis
ECDL; MCSA
 
In your event viewer / system log is there any netlogon errors with the quote "The computer COMP01 tried to connect to the server \\SERVER1 using the trust relationship established by the DNS domain. However, the computer lost the correct security identifier (SID) when the domain was reconfigured. Reestablish the trust relationship."

if you have these the GPO will not be enfored on any computers that have this error.

Goner05
 
I dont have that error but i have alot of W32Time errors.
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.

The time provider NtpClient was unable to find a domain controller to use as a time source. NtpClient will try again in 15 minutes.

Does that help?
 
Go onto you AD on the Domain controller. Check to make sure that the user and computer are listed as members of the Domain user/computer group. The default domain policy (to the best of my knowledge) will olny affect users and comps list under the Domain user/computers default membership.

If the users and comps are members of a custom made members group you will need to make a custom domain policy to affect users and computer in the custom members group. Best just to add the users and comps to the default Domain user/computers memberships.

as for the w32time you can check out to help you on this one.

Goner05
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top