Sign in with
Sign up | Sign in
Your question

Computer Policy not being applied

Tags:
  • Policy
  • Computers
  • Microsoft
  • Windows
Last response: in Windows 2000/NT
Share
Anonymous
March 16, 2005 2:53:23 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

OK I have a Computer logon policy via a BAT file to add a user to a Local
Group. I have applied this policy to the default Domain Policy group but it
will not apply. Do I have to assign the policy only to computers OU?

More about : computer policy applied

Anonymous
March 16, 2005 4:59:27 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

No. If a policy is applied at the domain level, and your computers are
contained in an OU below that, then the policy will apply to that OU.
There are many factors that could be causing these machines to not be
applying this policy, however the placement of the GPO at the domain
level as opposed to on the specific OU is not it.

Have you tried using the group policy resultant set of policy console
to see what is and what isn't being applied?

Regards,
Rick Gouin, MCSE
Anonymous
March 16, 2005 8:15:42 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hmm. I've been reading on Bugtraq lately that unplugging your NIC at
the opportune time during login can make group policies not apply
correctly. Interesting thought.

Perhaps try running "gpupdate /force" (XP) or "secedit /refreshpolicy
machine_policy /enforce" (2000) to force the policies to refresh and
apply, and see if the policy runs next time you log on.

A conclusive test to see if this is the case would be to plug your
laptop into a wire and see if it is any different.
Related resources
Anonymous
March 16, 2005 10:24:28 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

See http://support.microsoft.com/?id=810076 for an alternative way of
populating Local Groups via Group Policy (Windows 2000 SP4 or later) -
avoids the need for your Startup Script.

--
Bruce Sanderson MVP Printing
http://members.shaw.ca/bsanders

It is perfectly useless to know the right answer to the wrong question.



"James Robetson" <jrobertson@calaveras.k12.ca.us> wrote in message
news:uEvdTGmKFHA.1176@TK2MSFTNGP12.phx.gbl...
> OK I have a Computer logon policy via a BAT file to add a user to a Local
> Group. I have applied this policy to the default Domain Policy group but
> it will not apply. Do I have to assign the policy only to computers OU?
>
Anonymous
March 17, 2005 3:01:08 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

"Rick Gouin" wrote:
> No. If a policy is applied at the domain level, and your
> computers are
> contained in an OU below that, then the policy will apply to
> that OU.
> There are many factors that could be causing these machines to
> not be
> applying this policy, however the placement of the GPO at the
> domain
> level as opposed to on the specific OU is not it.
>
> Have you tried using the group policy resultant set of policy
> console
> to see what is and what isn't being applied?
>
> Regards,
> Rick Gouin, MCSE

Hi,

First of all, try something simple in the batch file to make sure it
is not just the batch file that isn’t working. Remember that sometimes
when startup scripts run, services haven’t started yet. So it may be
just that particular batch file isn’t working.

I didn’t know there was a command line to add a user to a group?

Also, the batch file MUST be in the Netlogon Share. It is Not
recommended to do at the Domain Group Policy level because it will
affect your DC’s as well. Create a Computers OU and a new group policy
for that and put the "Startup script" (not logon script) there.

Cheers,

Lara

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Group-Policy-Computer-appl...
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1082255
Anonymous
March 17, 2005 3:01:09 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Thanks for the input.

Yes you can add user to a group via a command that is

net localgroup "Power Users" (username) /add

if the group is a single word then the quotes are not needed

that command adds them to the local groups of the machines. You can also
change the Local Administrators password using the NET command.

But here is a second thought. My laptop will not obtain the group policy.
Is it because of the Wireless connection and Third Party manager have not
connected to the network until I log in. I have no errors in the event log
other than the Domain Controller could not be contacted. But I can contact
it through DNS all of the way through the SYSVOL domain when I am logged in.
Any suggestions or thoughts?



"lforbes" <UseLinkToEmail@WindowsForumz.com> wrote in message
news:3_1082255_0669770d39de8f6752bb1fb13a5a9f88@windowsforumz.com...
> "Rick Gouin" wrote:
> > No. If a policy is applied at the domain level, and your
> > computers are
> > contained in an OU below that, then the policy will apply to
> > that OU.
> > There are many factors that could be causing these machines to
> > not be
> > applying this policy, however the placement of the GPO at the
> > domain
> > level as opposed to on the specific OU is not it.
> >
> > Have you tried using the group policy resultant set of policy
> > console
> > to see what is and what isn't being applied?
> >
> > Regards,
> > Rick Gouin, MCSE
>
> Hi,
>
> First of all, try something simple in the batch file to make sure it
> is not just the batch file that isn't working. Remember that sometimes
> when startup scripts run, services haven't started yet. So it may be
> just that particular batch file isn't working.
>
> I didn't know there was a command line to add a user to a group?
>
> Also, the batch file MUST be in the Netlogon Share. It is Not
> recommended to do at the Domain Group Policy level because it will
> affect your DC's as well. Create a Computers OU and a new group policy
> for that and put the "Startup script" (not logon script) there.
>
> Cheers,
>
> Lara
>
> --
> Posted using the http://www.windowsforumz.com interface, at author's
> request
> Articles individually checked for conformance to usenet standards
> Topic URL:
> http://www.windowsforumz.com/Group-Policy-Computer-appl...
> Visit Topic URL to contact author (reg. req'd). Report abuse:
> http://www.windowsforumz.com/eform.php?p=1082255
Anonymous
March 17, 2005 7:19:39 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

"Bruce Sanderson1" wrote:
> See http://support.microsoft.com/?id=810076 for an alternative
> way of
> populating Local Groups via Group Policy (Windows 2000 SP4 or
> later) -
> avoids the need for your Startup Script.
>
> --
> Bruce Sanderson MVP Printing
> http://members.shaw.ca/bsanders
>
> It is perfectly useless to know the right answer to the wrong
> question.
>
>
>
> "James Robetson" <jrobertson@calaveras.k12.ca.us> wrote in
> message
> news:uEvdTGmKFHA.1176@TK2MSFTNGP12.phx.gbl...
> > OK I have a Computer logon policy via a BAT file to add a
> user to a Local
> > Group. I have applied this policy to the default Domain
> Policy group but
> > it will not apply. Do I have to assign the policy only to
> computers OU?
> >

Hi,

Group Policy issues are usually DNS related. Make sure that the DNS
server in the IP of your laptop is pointing to your Windows 200x DNS
server. Also make sure on your DNS server that the laptop is
registered with the correct IP. I have a laptop that wasn’t working
and I found it wasn’t registered in DNS.

check my website to make sure the DNS is setup
http://www.sd61.bc.ca/windows2000/dns.htm

Cheers,

Lara

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Group-Policy-Computer-appl...
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1084219
Anonymous
March 18, 2005 7:09:48 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Ok. this is not a DNS issue or a Hard Wire network connection. Looks to be
a wireless issue and I will be contacting the vendor to find out how their
wireless adapter connects to the network before authentication and after.
Thanks everyone for the tips.
Anonymous
March 19, 2005 3:46:27 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

"James Robetson" wrote:
> Ok. this is not a DNS issue or a Hard Wire network
> connection. Looks to be
> a wireless issue and I will be contacting the vendor to find
> out how their
> wireless adapter connects to the network before authentication
> and after.
> Thanks everyone for the tips.

Hi,

Remember that if a laptop has a wireless connection, it will need both
IP’s registered in DNS. One for regular Nic IP and one for wireless
IP.

Cheers,

Lara

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Group-Policy-Computer-appl...
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1086957
!