Ah, so you are saying that, because my Terminal Server is in the 2000 domain, it will get it's machine policy from Group Policy, and because the user accounts are in the 2000 domain (same domain) it will only get its user policy from Group Policy as well? Just trying to understand you correctly, that's all. Glenn Sullivan, MCSE+I MCDBA David Clark Company Inc. -----Original Message----- From: Frank Monroe [mailto:Frank.Monroe@xxxxxxxxxxx] Sent: Tuesday, July 16, 2002 6:02 PM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Re: POLEDIT policy in an Active Directory I believe this article is in error. And I have also discussed this with MS before and they agree. Native mode does not change the way policies are applied. With that said, Windows 2000 clients apply policies based on the what type of domain the authenticating account is in. In other words, if the NT 4.0 primary domain controller that holds the computer account (not the user account) has been upgraded to Windows 2000, the system's machine policies are processed by AD. If the USER account's primary domain controller was upgraded to Windows 2000 than AD will be used there as well. -----Original Message----- From: Ryan Gorman [mailto:Ryan@xxxxxxxxxxxxxx] Sent: Tuesday, July 16, 2002 1:46 PM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Re: POLEDIT policy in an Active Directory I can't see me previous post about "did you change your AD mode to Native" just yet but check the last line of the following extract (I've posted this before - it's a good document) <extract> How Policies Apply to Clients with Different Operating Systems If you have a Windows NT 4.0 client in a workgroup or a domain, the only policies that can apply are downlevel Windows NT 4.0 policy (POL) file policies. If you have a standalone Windows 2000 client or member server, policies are evaluated in the following order: Downlevel Windows NT 4.0 policy (POL) file Windows 2000 local GPO If you have a Windows 2000 client or member server in a mixed-mode domain, policies are evaluated in the following order: Downlevel Windows NT 4.0 policy (POL) file Windows 2000 local GPO Site GPOs in priority order Domain GPOs in priority order Organizational Unit GPOs in priority order, applied in a hierarchical fashion down the tree ending with the Organizational Unit that the computer or user resides in As this extends the LSDOU process to include Windows NT 4.0 system policies, this process is commonly written as 4LSDOU. If you have a Windows 2000 client or member server in a native-mode domain, policies are evaluated in LSDOU order. </extract> http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechn ol/windows2000serv/maintain/gpo.asp Ryan, not even a MCP but NT since 1996 -----Original Message----- From: Sullivan, Glenn [mailto:GSullivan@xxxxxxxxxxxxxx] Sent: 16 July 2002 14:56 To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] POLEDIT policy in an Active Directory I am pulling my hair out here... I had an NT4 domain. My Win2K terminal server was happily pulling a unique policy file from my file server, from a non-NETLOGON share. Upgrade the NT4 domain to Active Directory... Now it appears that the policy files in this unique location are not being applied. I double checked the NetworkPath and UpdateMode entries in the registry, and they still point to the correct location, and UpdateMode is still 2 (manual update). But the policy is not being applied. I turned on auditing on the folder where the policy file lives, and there aren't even any failed Object Access audits; it is just ignoring the registry settings completely! Frankly, I intend to replace these with Group Policy, but wanted to do so carefully, so I wanted to continue with my "Tried and tested" .POL files for now. Anyone have any suggestions? BTW, I have not modified the default domain policy at all, and this TS is currently in the "Computers" OU, with no special GPO's applied. Vanilla Active Directory install... Thanks in advance, Glenn Sullivan, MCSE+I MCDBA David Clark Company Inc. ________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ =================================== This weeks Sponsor: triCerat, Inc ScrewDrivers fxp: Self Configuring Printer Driver with Bandwidth Control Learn more at: http://www.tricerat.com/?page=products&product=sdfxp =================================== For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm =================================== This weeks Sponsor: triCerat, Inc ScrewDrivers fxp: Self Configuring Printer Driver with Bandwidth Control Learn more at: http://www.tricerat.com/?page=products&product=sdfxp =================================== For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm =================================== This weeks Sponsor: triCerat, Inc ScrewDrivers fxp: Self Configuring Printer Driver with Bandwidth Control Learn more at: http://www.tricerat.com/?page=products&product=sdfxp =================================== For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm