w2k server policies problems

[tibbet]

Hi, please please help me with this one.
I've got a w2k server (installed by other company...) and 45 client machines running w2k pro.
Placed a new OU in the AD Users and Computers. Named this OU limited. placed all possible restrictions on this OU. Then I placed a dummy user (member of administrators) in this OU named STP1.
logged out on the server, logged in as STP1, and all restrictions worked like a dream. Logged of from the server, turned to a client machine, logged in, but to no effect; I could still do 'everything'. Tried the following:
set 'apply Group policy' for the user.
Used secedit /refreshpolicy etc. on both server and ws.
hitting the servercabinet with a hammer.
Nothing works regarding the group policies! Any idea????
hanks in advance,

DumbTibbet...

 

[ashpp]

Where are all the comptuers located ?? Are they in another OU thats blocking inheritance?

Ash.

 

[tibbet]

Hi,

(sorry if this sound dumb, but I didn't 'build' the server)
I haven't actually looked into the separate computers that much. When all computers are on,I find them in the default Computers map. As for inheritance, The only (!) GPO that I have is on the OU. Do you suggest that I looked into the Computers map in the Users and Computers, and check if there is an inheritance option? I'll try it tomorrow morning!
I'll keep you informed,

T.

 

[Dyadmin]

Check your DNS... phically point each workstation to your Win 2K server and run the secedit /refreshpolicy machine_policy /enforce and the secedit /refreshpolicy machine_policy /enforce

Win 2K pro doesn't do anything if it can't find DNS or has more than one..

 

[koquito]

Check DNS..Chek if the computer where you are running the policy has the record in your domain DNS (Don't add the record manually), check if that computer is using the DC DNS. TRy also after checking all DNS problems, disjoining and joining back that computer into your domain.
I ran into a similar problem, by doing all this i made the computer host record to appear in my DC DNS, after that, the policy worked like a charm. A+, MCP, CCNA
marbinpr@hotmail.com

Keep fighting for your knowledge!

 

[tibbet]

thank, I've been reading another thread concerning similar problems. Correct me if I'm wrong with the following:
On the server with IP-address 200.100.100.10 I set DNS on the outgoing card to the addresses provided by our ISP,
while on the card connected to our local network I set the DNS to 200.100.100.10. (could 127.0.0.1 work as well?)
And on the client stations (all other machines on our local net) I set the DNS to the same 200.100.100.10?
After that I'll do the magic ipconfig /registerdns and secedit/refreshpolicy etc. and see what'll happen...
I''ll keep you posted.
From a classroom in Holland,

T.

 

[koquito]

yes, taht culd help solving the problem A+, MCP, CCNA
marbinpr@hotmail.com

Keep fighting for your knowledge!

 

[koquito]

sorry, i missed some letter...
i meant..YEs, that could help fixing the problem A+, MCP, CCNA
marbinpr@hotmail.com

Keep fighting for your knowledge!

 

[tibbet]

Well, you were right guys! It all worked out the way you said. The client machines had their DNS set to automtic. Changed that to the server TCP/IP address, ran ipconfig /registerdns and secedit /refreshpolicy etc., adn I have a fully working group policy running! Better start closing all options for the students now, like changing the bachground etc.

 

[koquito]

I'm glad it was it was helpful to you tibbet.One less headache for you.. A+, MCP, CCNA
marbinpr@hotmail.com

Keep fighting for your knowledge!

 

[Lee168]

If we have to put DNS entry manually in each work station. Wouldn't it kill the whole purpose of DHCP. IT must be some alternative to have GP works. Nevertheless all you guys are pro and knowledgeable.

 

[koquito]

Thanks Lee, we learn here too..
Its a way to make sure that they use the right DNS...sometimes they retain old DNS settings, if you dont give it using DHCP, and even if you do it with DHCP, it shouldn't be a problem, but DHCP could be another variable in the system (in the problem), and with less variables involved in a problem, the easier it is to solve the problem. A+, MCP, CCNA
marbinpr@hotmail.com

Keep fighting for your knowledge!