Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Group Policy Problems in Active Directory

Status
Not open for further replies.
thebdj

thebdj

Technical User
Oct 21, 2003
27
GB
I am having a very annoying problem in Active Directory.

I right-click on my OU and select Group Policy. Anything I change under the User Configuration portion of the policy works a treat and becomes active whenever specified (in this instance after the next log-on). To check this theory I changed something innocuous. I added the log off button to the start menu for my users in the OU. Beautiful!

Anything I change under Computer Configuration seems to have no effect. I set two rather innocuous services to be started automatically on every machine in my OU (one of them happened to be the Uninterruptable Power Supply service, can't remember the other!). The reason I picked them is that they are not set to start automatically under Windows, hence they proved to be a good test. They do not start when the user logs on.

The reason for my testing is that I wanted to get a Windows Update scheduled and pushed out to machines, but as their registry entries are not being updated by the GPO, they aren't calling the server and hence not updating.

Before questions are asked, SUS is running like a treat, I have checked it via sorting out computers locally. They update perfectly with all of the updates I want them to have and they behave as I have specified.

Please please help me here.

Cheers
Justin
 
Sort by date Sort by votes
Even though your other group policies worked without you having to do anything extra in this case you may have to do the following on your domain controller:

secedit /refreshpolicy machine_policy

Wait a good 5-10min

Then reboot the machine(s) in question and verify that they picked up the policy.

Worse case scenerio is testing if the policy goes into effect when you remove one of these workstations from the domain (temporarily putting them into a workgroup e.g. TEST) and then readding them.

Let me know! :-D
 
Upvote 0 Downvote
Cheers for the idea but still nothing. User Configuration still working a treat but Computer Configuration just not having it. Is there not some high level control which quite simply says enable/disable Computer Configuration abilities in the GPOs?

I'm very stumped on this one. There must be something somewhere telling the entire AD not to bother with whatever is set in those configs .... but where :)

Justin
 
Upvote 0 Downvote
This might seem like a basic question but have you reviewed your security settings? i.e. Authenticated users have read and apply group policy rights?

Also.. have you verified that there is no other policy with 'No Override' or 'Block Policy Inheritance' that might prevent this Computer Configuration from being implemented?

Although these should be done automatically when you set up the policy, you may want to go ahead and review that.
...and did you try to remove the computer from the domain and re-add like I suggested.. regardless of the fact that your User Configuration policies function?

Get back to me :)



 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

julis2103
  • Locked
  • Question
Active Directory
Replies
0
Views
84
julis2103
julis2103
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
334
goombawaho
goombawaho
ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
470
gbaughma
gbaughma
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
261
Aquiles Vidal
Aquiles Vidal
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
207
mangentle
mangentle

Part and Inventory Search

Sponsor

Back
Top