If you are implying that the policies are being overridden by a different policy, I don't think that is the case... The problem is, the policy is not applied at all. As I mentioned, I turned on Object Access Auditing on that folder (success and failure), and there is no successful or failed access to this file during logon... But at lest you are confirming that (theoretically) it SHOULD work, since I have not changed to Native Mode (still have at least one fully functional NT4 BDC). I will start with a reboot tonight (since I cannot confirm that the TS has been rebooted since the AD came up) and go from there. Thanks for all the advice, Glenn Sullivan, MCSE+I MCDBA David Clark Company Inc. -----Original Message----- From: Ryan Gorman [mailto:Ryan@xxxxxxxxxxxxxx] Sent: Tuesday, July 16, 2002 1:46 PM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Re: POLEDIT policy in an Active Directory I can't see me previous post about "did you change your AD mode to Native" just yet but check the last line of the following extract (I've posted this before - it's a good document) <extract> How Policies Apply to Clients with Different Operating Systems If you have a Windows NT 4.0 client in a workgroup or a domain, the only policies that can apply are downlevel Windows NT 4.0 policy (POL) file policies. If you have a standalone Windows 2000 client or member server, policies are evaluated in the following order: Downlevel Windows NT 4.0 policy (POL) file Windows 2000 local GPO If you have a Windows 2000 client or member server in a mixed-mode domain, policies are evaluated in the following order: Downlevel Windows NT 4.0 policy (POL) file Windows 2000 local GPO Site GPOs in priority order Domain GPOs in priority order Organizational Unit GPOs in priority order, applied in a hierarchical fashion down the tree ending with the Organizational Unit that the computer or user resides in As this extends the LSDOU process to include Windows NT 4.0 system policies, this process is commonly written as 4LSDOU. If you have a Windows 2000 client or member server in a native-mode domain, policies are evaluated in LSDOU order. </extract> http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechn ol/windows2000serv/maintain/gpo.asp Ryan, not even a MCP but NT since 1996 -----Original Message----- From: Sullivan, Glenn [mailto:GSullivan@xxxxxxxxxxxxxx] Sent: 16 July 2002 14:56 To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] POLEDIT policy in an Active Directory I am pulling my hair out here... I had an NT4 domain. My Win2K terminal server was happily pulling a unique policy file from my file server, from a non-NETLOGON share. Upgrade the NT4 domain to Active Directory... Now it appears that the policy files in this unique location are not being applied. I double checked the NetworkPath and UpdateMode entries in the registry, and they still point to the correct location, and UpdateMode is still 2 (manual update). But the policy is not being applied. I turned on auditing on the folder where the policy file lives, and there aren't even any failed Object Access audits; it is just ignoring the registry settings completely! Frankly, I intend to replace these with Group Policy, but wanted to do so carefully, so I wanted to continue with my "Tried and tested" .POL files for now. Anyone have any suggestions? BTW, I have not modified the default domain policy at all, and this TS is currently in the "Computers" OU, with no special GPO's applied. Vanilla Active Directory install... Thanks in advance, Glenn Sullivan, MCSE+I MCDBA David Clark Company Inc. ________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ =================================== This weeks Sponsor: triCerat, Inc ScrewDrivers fxp: Self Configuring Printer Driver with Bandwidth Control Learn more at: http://www.tricerat.com/?page=products&product=sdfxp =================================== For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm =================================== This weeks Sponsor: triCerat, Inc ScrewDrivers fxp: Self Configuring Printer Driver with Bandwidth Control Learn more at: http://www.tricerat.com/?page=products&product=sdfxp =================================== For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm