Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Help with Policy Problem

Status
Not open for further replies.
Slider41

Slider41

IS-IT--Management
Jan 27, 2003
1
0
0
US
Currently the policies are set locally on Windows 2000 Pro boxes, however, we're in the process of migrating/testing Windows 2000 Server w/AD and set all the policies from a GPO object while removing the local policies (setting them as "not configured").

As soon as I configure network settings on the desktop, ie. DNS, WINS, IP, to the test domain, and login as an admin (Local/Domain/Enterprise)I immediately lose the ability to login locally (which was set on the GPO but not locally) as well as prevent the security policy from applying to the admin(s). After changing the GPO policy with no results, we then deleted the GPO policy in AD and still the above exists. Is there a way to refresh the local policies and/or GPO policies and/or see which policy (local or GPO)is still applying to the desktop after removing them? Or is there some a registry setting that's sticking even after we removed and/or disabled GPO and local policies....please help!

Thanks in advance,

Jim
 
Sort by date Sort by votes
You've most probably done this right already, but I'll try it anyway...

Authenticated Users shouldn't be able to apply the policy either.
Domain Admins are ofcourse also Authenticated users and will apply the policy.
 
Upvote 0 Downvote
Those policies are applied to computer, not to users.
Your computer will take the policy that is set for the container(s) where it resides.
The policies are applied in this order:
- locally
- site
- domain
- organizational unit(s) (OUs)
So, if you don't have other special settings(blocking inheritance, no override, or disabled) then the policies will be applied in the above order.
Check in order the GPOs for those above containers. Check for the logonlocally, and denylogonlocally.
If you want just to change the GPOs that are applied to your computer, make an OU, make a GPO, set what you want for that GPO, and move your computer in that OU (via AD Users and Computers mmc).
Also don't forget that a policy is something that is applying to your registry keys. So, even if you deleted the GPO, the settings will still be there till another policy will change them. Gia Betiu
giabetiu@chello.nl
Computer Eng. CNE 4, CNE 5, soon MCSE2k
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ravalos
  • Question
Problem with PDFs in IIS
Replies
1
Views
239
gbaughma
gbaughma
Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
102
gbaughma
gbaughma
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
143
suncit
suncit
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
143
DrB0b
DrB0b
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
84
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top