[gptalk] Re: How to stop Dc From processing the default gpo?

  • From: "Alan & Margaret" <syspro@xxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Sun, 7 Sep 2008 21:53:11 +1000

Hi Asaf,


Just clarifying your statement. you mean that when you log on to the DC as
administrator, you receive all of the user components of the Default domain
GPO, but when you log on as a non administrator, you do not receive the user
components of the default domain GPO. 


I am a little confused by the title of your post. it suggests that your aim
is to stop the DC from processing the GPO.. Normally a user logging on to
the Domain Controller would expect the same policies to be applied as when
they log on to a normal machine (unless loopback is enabled)..


Have you checked event log to see if there are any messages?


Do you get the same behavior logging on to other machines?


If you are not getting anything on the event log, I would suggest enabling
detailed logging and check out the UserEnv log. It will at least tell you in
detail what is going on. See http://support.microsoft.com/kb/221833 The log
is a bit cryptic, so if you like, post the UserEnv log and we can look at it
for you




Alan Cuthbertson



 Policy Management Software (Now with ADMX and Preference support):-



ADM Template Editor(Now with ADMX support):-



Policy Log Reporter(Free)






From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Asaf Efrati
Sent: Sunday, 7 September 2008 7:11 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] How to stop Dc From processing the default gpo?




I have a problem with my Gpo processing, for some reason although I have a
forced admin policy with the relevant admin accounts as the security
filtering (schema, domain etc)

For some reason my DC is processing the default domain Gpo when I log in as
administrator but not when I log in with my user.

I can't find any difference between the two.

The default domain Gpo is set to Authenticated users.

Any thoughts and help will be appreciated,

I am afraid to change things because I already had a few problems when
changing things globally :-)


Thank you,


Asaf E | IT & Security | eToro

W www.eToro.com 


If you have received this email message in error, please notify the sender
immediately by telephone or return email and refrain from taking any action
relating to the content of the email. 

Thereafter, please destroy the original message without making a copy. You
may not use the content of the email without first obtaining prior written
consent from the sender. 

You may not forward this email to anyone other than the sender for
notification purposes. 



JPEG image

Other related posts: