Group Policy not being applied to Win2k Pro machines

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Using Windows 2003 and the Group Policy Management Console. I created a
policy enabled it, ran the modeling wizard successfully. When logged in
with a test account, on a windows 2k and XP workstation, the machines logged
on without errors, but the policy did not apply. Any ideas?

thanks!

Stuart
3
answers
Last reply
More about group policy applied win2k machines
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Stuart,

    You did not provide even close to enough information ;-)

    Did you link the policy to the computer configuration side or to the user
    configuration side?

    If linked to the computer configuration side, is the computer account object
    that you are 'testing' directly located in the OU ( or whatever ) to which
    you linked the GPO?

    If linked to the user configuration side, is the user account object that
    you are 'testing' directly located in the OU ( or whatever ) to which you
    linked the GPO?

    Now, let's back up a second.

    Let's assume that you are trying to install software via GPO. Might not
    apply. But you did not specify what you are trying to do, so I am guessing
    right now....Does the computer account object or the user account object
    have at least READ permissions to the shared folder? Is the computer
    account object or the user account object located in an OU where 'BLOCKED
    INHERITANCE' is affecting the GPO that you are testing? Did you disable the
    computer configuration side ( and applied this GPO to the computer
    configuration side ) or the user configuration side ( and applied the GPO to
    the computer configuration side )? Does the computer have the correct DNS
    information ( meaning, only your internal DNS information and NOT your
    ISP's )?

    I think that you are getting the picture now. There are about 20 things
    that we would need to ask without more information from you.

    Have you run any of the appropriate Troubleshooting tools? Doesn't the GPMC
    have such a tool built-in? Have you run GPOTOOL on the WIN2000 client?

    What have you done in the way of Troubleshooting?

    --
    Cary W. Shultz
    Roanoke, VA 24014
    Microsoft Active Directory MVP

    http://www.activedirectory-win2000.com
    http://www.grouppolicy-win2000.com


    "Stu" <ssheinman@cf.cc.com> wrote in message
    news:Pl_Fd.221105$Oc.133628@tornado.tampabay.rr.com...
    > Using Windows 2003 and the Group Policy Management Console. I created a
    > policy enabled it, ran the modeling wizard successfully. When logged in
    > with a test account, on a windows 2k and XP workstation, the machines
    > logged on without errors, but the policy did not apply. Any ideas?
    >
    > thanks!
    >
    > Stuart
    >
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    "ssheinman" wrote:
    > Using Windows 2003 and the Group Policy Management Console. I
    > created a
    > policy enabled it, ran the modeling wizard successfully. When
    > logged in
    > with a test account, on a windows 2k and XP workstation, the
    > machines logged
    > on without errors, but the policy did not apply. Any ideas?
    >
    > thanks!
    >
    > Stuart

    Hi,

    Group Policy requires DNS to be setup correctly. Check here to make
    sure your DNS is properly setup.
    http://www.sd61.bc.ca/windows2000/dns.htm

    Cheers,

    Lara

    --
    Posted using the http://www.WindowsForumz.com/ interface, at author's request
    Articles individually checked for conformance to usenet standards
    Topic URL: http://www.WindowsForumz.com/Active-Directory-Group-Policy-applied-Win2k-Pro-machines-ftopict250881.html
    Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.WindowsForumz.com/eform.php?p=770145
  3. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    "Stu" <ssheinman@cf.cc.com> wrote in message
    news:Pl_Fd.221105$Oc.133628@tornado.tampabay.rr.com...
    > Using Windows 2003 and the Group Policy Management Console. I created a
    > policy enabled it, ran the modeling wizard successfully. When logged in
    > with a test account, on a windows 2k and XP workstation, the machines
    logged
    > on without errors, but the policy did not apply. Any ideas?

    How do you know? Does it have obvious User or
    Computer settings, both?

    Most problems with skipping group policy are due
    to DNS and/or Authentication with the domain (by
    the computer). Authentication with the domain is
    mostly a DNS issue too. (See below)

    The policy must be LINKED (assigned) to a container
    that contains the User or the Computer (whichever you
    are trying to affect with the policy.)

    To which Domain, OU, or Site container did you link
    the policy? Is the User or is the Computer a member of
    that container?

    Permissions much allow READ and Apply Policy but
    those are set by default unless you mess with them.
    Authentication may be a (separate) problem if the
    Computer has no account, or if that account needs to
    be RESET (right-click AD User/Computers).

    There are also a variety of settings for overiding,
    disabling (either User/Computer or entire policy)
    the policy where it is linked to a container but if you
    linked it these are unlikely to be wrong unless you
    changed (messed with) them.

    Mostly authentication problems are a failure to find
    the DC in AD, or the DC being missing from DNS.

    DNS for AD
    1) Dynamic for the zone supporting AD
    2) All internal DNS clients NIC\IP properties must specify SOLELY
    that internal, dynamic DNS server (set.)
    3) DCs and even DNS servers are DNS clients too -- see #2

    Restart NetLogon on any DC if you change any of the above that
    affects a DC and/or use:

    nltest /dsregdns /server:DC-ServerNameGoesHere

    Ensure that DNS zones/domains are fully replicated to all DNS
    servers for that (internal) zone/domain.

    Also useful may be running DCDiag on each DC, sending the
    output to a text file, and searching for FAIL, ERROR, WARN.

    Single Lable domain zone names are a problem Google:
    [ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
Ask a new question

Read More

Policy Windows Server 2003 Active Directory Windows