Windows 2003 group policies not applying to pre-Windows 20..

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

We are in the process of moving our student lab computers from Windows
2000 Professional to Windows XP Professional. In the past, we have
used group policies running on a Windows 2000 server to restrict
access to Run, My Network Places, etc.

As we create new policies for an OU in our Windows 2003 domain running
with Windows 2003 native functionality, we find that the policies are
applied properly to any users who are freshly created within the OU,
but do no apply at all to pre-existing users who are moved into the OU
or to newly created users in the default Users container.

When the functional level of the Windows 2003 domain was raised from
mixed mode to Windows 2003 native, we did not move existing users into
an OU as recommended by the appropriate MS white paper on upgrading
the domain.

Does anyone have any suggestions on how to correct this problem? With
hundreds of returning students and the need to lock down our
configurations, this is a major obstacle we need to overcome.

Thanks in advance for any thoughts.

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I don't know if you figured it out yet but keep in mind that in XP it may take at
least two logon/logoffs to propagate user configuration to a user assuming it has
refreshed on the domain controller due to fast logon optimization. I would also run
netdiag on the computer you are having difficulty with the user policy applying to
make sure everything looks good and be sure the computers time is in synch with the
domain controller. Using gpresult may be helpful in showing what container a user is
in, which should show that they had been moved from the users container to your OU
and the last time policy was applied. At least until you sort things out I would
disable " server: digitally sign communications (always) " security option in the
Domain Controller Security Policy and the run gpupdate /target:computer /force on the
domain controller. Those tools are on the install disk for the appropriate operating
system under support/tools where you will have to run setup. I find it odd that MS
recommends leaving users in the users container. Possibly that does not apply after
upgrading as that would be crazy and drastically reduce the effectiveness of Active
Directory. --- Steve


"Jason Hammer" <jhammer@law.tulane.edu> wrote in message
news:hgmgd09ql858nf7khmfjvm4s8enb7t0i0u@4ax.com...
> We are in the process of moving our student lab computers from Windows
> 2000 Professional to Windows XP Professional. In the past, we have
> used group policies running on a Windows 2000 server to restrict
> access to Run, My Network Places, etc.
>
> As we create new policies for an OU in our Windows 2003 domain running
> with Windows 2003 native functionality, we find that the policies are
> applied properly to any users who are freshly created within the OU,
> but do no apply at all to pre-existing users who are moved into the OU
> or to newly created users in the default Users container.
>
> When the functional level of the Windows 2003 domain was raised from
> mixed mode to Windows 2003 native, we did not move existing users into
> an OU as recommended by the appropriate MS white paper on upgrading
> the domain.
>
> Does anyone have any suggestions on how to correct this problem? With
> hundreds of returning students and the need to lock down our
> configurations, this is a major obstacle we need to overcome.
>
> Thanks in advance for any thoughts.
>
>