Group Policies not being applied

StNick

Senior Member
Joined
Mar 30, 2005
Messages
720
Reaction score
0
Location
Durban
I am very new to Windows Domains and Group Policies etc, and I'm having some trouble with trying to implement a few things.

Basically, I want our users at the JHB office to authenticate over our VPN on the server in Durban.

So I did the following to test out the idea:

I create a new Organizational Unit
I right click the OU and tick "Block Inheritance" (so that it ignores the default GPO)
I then create and link a new Group Policy Object to that OU called Test GPO
For testing purposes, I edit the GPO and go to User Configuration -> Control Panel -> Add or Remove Programs and I enable "Remove Add or Remove Programs"
I then create a new user called Test User and place it in the newly created OU
I walk over to any PC in the office that is on the domain and log in with Test User's credentials on the domain
It logs me in and creates a new local profile
I then go to Control Panel to see if the new GPO has taken effect.
It has not. Add or Remove Programs is still there.

What gives? Why is it not applying my GPO?
 
Run from the command prompt on the desktop. Might require a reboot. Remember policies get applied during startup not suring logon. Logon scripts get applied during logon. If you want the policies re-applied during logon create a logon script that does the gpupdate.

gpupdate /force

This will force the desktop to call the DC for the GP.
 
Computer account policies get set at Startup (some), User policies are set at logon. There is an option to run Policies asynchronously, so that when the user logs on it does not apply the policy, but only copies to the machine. When you log on the next time it applies it.

I would not worry about running the gpupdate from a batch file, although it is useful for updating a recently changed policy. Also try using RSOP, it simulates the policy settings for a user/machine.
 
If you haven't already, go download the Group Policy Management console from the microsoft site. Makes life much easier when working with GPOs. Also, Group Policy Modelling and Group Policy Results are available in the same console, so you can test what is supposed to happen with a user/PC when a policy is applied (Modelling), or you can test what is actually happening against a particular user/PC. The nice thing about it is that you can see if there are any errors via the summary when the policy applies, which generally points at how you can fix the problems. It also shows you related events from the event logs in question. Very nifty.
 
If you haven't already, go download the Group Policy Management console from the microsoft site. Makes life much easier when working with GPOs. Also, Group Policy Modelling and Group Policy Results are available in the same console, so you can test what is supposed to happen with a user/PC when a policy is applied (Modelling), or you can test what is actually happening against a particular user/PC. The nice thing about it is that you can see if there are any errors via the summary when the policy applies, which generally points at how you can fix the problems. It also shows you related events from the event logs in question. Very nifty.

+1 - RSOP was the previous system - as pointed out by the above post....
 
Thanks to everyone for the replies. Most of it made sense to me. :)

I'm still having problems though.

gpupdate /force didn't do the trick, but I didn't really expect it to since if I was logging on at a terminal with the test user for the first time, surely it would be forced to fetch the GP from the DC anyway...? In any case, it still doesn't seem to be applying my GP, or at least, some other GP is overriding it.

I had already installed the Group Policy Management Console, and it is a lot better than the previous one. If I do a Group Policy Modelling for my test user, I see that my test GPO is the only "applied GPO" under User Configuration Summary. But above that is Computer Configuration, and the Default GPO still applies up there... So does that mean it overrides the User Configuration?
 
It was a DNS issue.

Turns out, the primary DNS server on the client PC HAS to be the domain controller.
 
DHCP comes from our Mikrotik gateway which in turn handed out the DNS entries. :(
 
DHCP comes from our Mikrotik gateway which in turn handed out the DNS entries. :(

Aha, I see.

I would rather setup DHCP on another server so the PC's can register their names/IP's in DNS as well.

All these services are designed to integrate into Active Directory.
 
Cool, well thanks for all the help... I've learned a lot from this whole exercise.
 
Top
Sign up to the MyBroadband newsletter
X