Computer Policy not being applied

Archived from groups: microsoft.public.win2000.group_policy (More info?)

OK I have a Computer logon policy via a BAT file to add a user to a Local
Group. I have applied this policy to the default Domain Policy group but it
will not apply. Do I have to assign the policy only to computers OU?
8 answers Last reply
More about computer policy applied
  1. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    No. If a policy is applied at the domain level, and your computers are
    contained in an OU below that, then the policy will apply to that OU.
    There are many factors that could be causing these machines to not be
    applying this policy, however the placement of the GPO at the domain
    level as opposed to on the specific OU is not it.

    Have you tried using the group policy resultant set of policy console
    to see what is and what isn't being applied?

    Regards,
    Rick Gouin, MCSE
  2. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Hmm. I've been reading on Bugtraq lately that unplugging your NIC at
    the opportune time during login can make group policies not apply
    correctly. Interesting thought.

    Perhaps try running "gpupdate /force" (XP) or "secedit /refreshpolicy
    machine_policy /enforce" (2000) to force the policies to refresh and
    apply, and see if the policy runs next time you log on.

    A conclusive test to see if this is the case would be to plug your
    laptop into a wire and see if it is any different.
  3. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    See http://support.microsoft.com/?id=810076 for an alternative way of
    populating Local Groups via Group Policy (Windows 2000 SP4 or later) -
    avoids the need for your Startup Script.

    --
    Bruce Sanderson MVP Printing
    http://members.shaw.ca/bsanders

    It is perfectly useless to know the right answer to the wrong question.


    "James Robetson" <jrobertson@calaveras.k12.ca.us> wrote in message
    news:uEvdTGmKFHA.1176@TK2MSFTNGP12.phx.gbl...
    > OK I have a Computer logon policy via a BAT file to add a user to a Local
    > Group. I have applied this policy to the default Domain Policy group but
    > it will not apply. Do I have to assign the policy only to computers OU?
    >
  4. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    "Rick Gouin" wrote:
    > No. If a policy is applied at the domain level, and your
    > computers are
    > contained in an OU below that, then the policy will apply to
    > that OU.
    > There are many factors that could be causing these machines to
    > not be
    > applying this policy, however the placement of the GPO at the
    > domain
    > level as opposed to on the specific OU is not it.
    >
    > Have you tried using the group policy resultant set of policy
    > console
    > to see what is and what isn't being applied?
    >
    > Regards,
    > Rick Gouin, MCSE

    Hi,

    First of all, try something simple in the batch file to make sure it
    is not just the batch file that isn’t working. Remember that sometimes
    when startup scripts run, services haven’t started yet. So it may be
    just that particular batch file isn’t working.

    I didn’t know there was a command line to add a user to a group?

    Also, the batch file MUST be in the Netlogon Share. It is Not
    recommended to do at the Domain Group Policy level because it will
    affect your DC’s as well. Create a Computers OU and a new group policy
    for that and put the "Startup script" (not logon script) there.

    Cheers,

    Lara

    --
    Posted using the http://www.windowsforumz.com interface, at author's request
    Articles individually checked for conformance to usenet standards
    Topic URL: http://www.windowsforumz.com/Group-Policy-Computer-applied-ftopict345221.html
    Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1082255
  5. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Thanks for the input.

    Yes you can add user to a group via a command that is

    net localgroup "Power Users" (username) /add

    if the group is a single word then the quotes are not needed

    that command adds them to the local groups of the machines. You can also
    change the Local Administrators password using the NET command.

    But here is a second thought. My laptop will not obtain the group policy.
    Is it because of the Wireless connection and Third Party manager have not
    connected to the network until I log in. I have no errors in the event log
    other than the Domain Controller could not be contacted. But I can contact
    it through DNS all of the way through the SYSVOL domain when I am logged in.
    Any suggestions or thoughts?


    "lforbes" <UseLinkToEmail@WindowsForumz.com> wrote in message
    news:3_1082255_0669770d39de8f6752bb1fb13a5a9f88@windowsforumz.com...
    > "Rick Gouin" wrote:
    > > No. If a policy is applied at the domain level, and your
    > > computers are
    > > contained in an OU below that, then the policy will apply to
    > > that OU.
    > > There are many factors that could be causing these machines to
    > > not be
    > > applying this policy, however the placement of the GPO at the
    > > domain
    > > level as opposed to on the specific OU is not it.
    > >
    > > Have you tried using the group policy resultant set of policy
    > > console
    > > to see what is and what isn't being applied?
    > >
    > > Regards,
    > > Rick Gouin, MCSE
    >
    > Hi,
    >
    > First of all, try something simple in the batch file to make sure it
    > is not just the batch file that isn't working. Remember that sometimes
    > when startup scripts run, services haven't started yet. So it may be
    > just that particular batch file isn't working.
    >
    > I didn't know there was a command line to add a user to a group?
    >
    > Also, the batch file MUST be in the Netlogon Share. It is Not
    > recommended to do at the Domain Group Policy level because it will
    > affect your DC's as well. Create a Computers OU and a new group policy
    > for that and put the "Startup script" (not logon script) there.
    >
    > Cheers,
    >
    > Lara
    >
    > --
    > Posted using the http://www.windowsforumz.com interface, at author's
    > request
    > Articles individually checked for conformance to usenet standards
    > Topic URL:
    > http://www.windowsforumz.com/Group-Policy-Computer-applied-ftopict345221.html
    > Visit Topic URL to contact author (reg. req'd). Report abuse:
    > http://www.windowsforumz.com/eform.php?p=1082255
  6. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    "Bruce Sanderson1" wrote:
    > See http://support.microsoft.com/?id=810076 for an alternative
    > way of
    > populating Local Groups via Group Policy (Windows 2000 SP4 or
    > later) -
    > avoids the need for your Startup Script.
    >
    > --
    > Bruce Sanderson MVP Printing
    > http://members.shaw.ca/bsanders
    >
    > It is perfectly useless to know the right answer to the wrong
    > question.
    >
    >
    >
    > "James Robetson" <jrobertson@calaveras.k12.ca.us> wrote in
    > message
    > news:uEvdTGmKFHA.1176@TK2MSFTNGP12.phx.gbl...
    > > OK I have a Computer logon policy via a BAT file to add a
    > user to a Local
    > > Group. I have applied this policy to the default Domain
    > Policy group but
    > > it will not apply. Do I have to assign the policy only to
    > computers OU?
    > >

    Hi,

    Group Policy issues are usually DNS related. Make sure that the DNS
    server in the IP of your laptop is pointing to your Windows 200x DNS
    server. Also make sure on your DNS server that the laptop is
    registered with the correct IP. I have a laptop that wasn’t working
    and I found it wasn’t registered in DNS.

    check my website to make sure the DNS is setup
    http://www.sd61.bc.ca/windows2000/dns.htm

    Cheers,

    Lara

    --
    Posted using the http://www.windowsforumz.com interface, at author's request
    Articles individually checked for conformance to usenet standards
    Topic URL: http://www.windowsforumz.com/Group-Policy-Computer-applied-ftopict345221.html
    Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1084219
  7. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Ok. this is not a DNS issue or a Hard Wire network connection. Looks to be
    a wireless issue and I will be contacting the vendor to find out how their
    wireless adapter connects to the network before authentication and after.
    Thanks everyone for the tips.
  8. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    "James Robetson" wrote:
    > Ok. this is not a DNS issue or a Hard Wire network
    > connection. Looks to be
    > a wireless issue and I will be contacting the vendor to find
    > out how their
    > wireless adapter connects to the network before authentication
    > and after.
    > Thanks everyone for the tips.

    Hi,

    Remember that if a laptop has a wireless connection, it will need both
    IP’s registered in DNS. One for regular Nic IP and one for wireless
    IP.

    Cheers,

    Lara

    --
    Posted using the http://www.windowsforumz.com interface, at author's request
    Articles individually checked for conformance to usenet standards
    Topic URL: http://www.windowsforumz.com/Group-Policy-Computer-applied-ftopict345221.html
    Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1086957
Ask a new question

Read More

Policy Computers Microsoft Windows