[windows2000] Re: GPO

  • From: "James Lilly" <LillyJ@xxxxxxxxxxx>
  • To: <windows2000@xxxxxxxxxxxxx>, <Bill.beckett@xxxxxxxxxxxxxxxxx>
  • Date: Thu, 07 Oct 2004 16:34:27 -0400

A couple of things to check here:  

A)  Is this a recent change?  Have you ran secedit /refreshpolicy on
the TS boxes?
B)  Are you getting any error messages in the System Event Log about
Group Policies not being applied due to errors?
C)  No override/Block inheritance settings are not set anywhere, are
they?

IMHO, the easiest way to troubleshoot this, if you have an XP machine
handy running at least SP1, is to go out and download the Group Policy
Management Console (or GPMC, as it is more commonly known).  You can run
this against Windows 2000 domains.

Once it's loaded, you can run the Resultant Setup of Policy(Logging)
Wizard, and have it run a report giving you which settings are applied,
which policy they are coming from, which settings are getting
overwritten, and which policies are being denied due to security
filtering.  Cool stuff.

The GPMC is probably the first place I'd go to troubleshoot.

Hope this helps;
James

>>> Bill.beckett@xxxxxxxxxxxxxxxxx 10/7/2004 4:12:58 PM >>>
Well I thought I understood it but it's not working so maybe I don't.
Here's
what I've got...2K domain, default domain policy. With more and more
users
using Citrix, I want to move the Terminal Server boxes into another OU
so
that different policies apply. I've got a test box in an OU called
Terminal
Servers. I have created a new Group Policy for the Terminal Server OU.
I
have enabled loopback processing and have configured a logon script for
that
GP. However, when I login in to the test Terminal Server, the logon
script
does not run/apply. What could I be doing wrong?


-----Original Message-----
From: James Lilly [mailto:LillyJ@xxxxxxxxxxx] 
Sent: Thursday, October 07, 2004 3:57 PM
To: windows2000@xxxxxxxxxxxxx; Bill.beckett@xxxxxxxxxxxxxxxxx 
Subject: [windows2000] Re: GPO


Yes, that's correct, they would apply, but only when the user logs into
a
server in the TS OU, which, I'm assuming, is what you are after. 
Correct?

Also, if you want the TS OU Group Policy settings to apply all the
time
(regardless of the settings users get from other policies elsewhere),
you'll
probably want to configure Loopback in the Replace mode.

Hope this helps;
James

>>> Bill.beckett@xxxxxxxxxxxxxxxxx 10/7/2004 3:35:04 PM >>>
If I use loopback processing on the TS OU then user settings would
apply,
correct?


-----Original Message-----
From: James Lilly [mailto:LillyJ@xxxxxxxxxxx] 
Sent: Thursday, October 07, 2004 3:09 PM
To: windows2000@xxxxxxxxxxxxx; Bill.beckett@xxxxxxxxxxxxxxxxx 
Subject: [windows2000] Re: GPO


GP applies in the following order:  Local policy, Site, Domain, OU (in
order
of OU nesting)

So, if you have settings lower in the hierarchy, they overwrite ones
above
(unless you Block Inheritance or set the No Override options)

Now, these overwrites are on a setting by setting basis, depending on
what
settings are applied.

Therefore, you are correct, the settings just apply to the computer,
unless
you use loopback processing, in which case those Group Policy settings
CAN
apply to the users, but only when they log into the Terminal Server.

Did that help make it clear as mud?  :)

James

>>> Bill.beckett@xxxxxxxxxxxxxxxxx 10/7/2004 2:50:00 PM >>>
Group Policy clarification please. If I have a default and also have a
Terminal Server OU with its own group policy, do changes under the
User
Configuration apply if only the terminal server is under that OU?

Example...
 
OU=Terminal Server
Object=Citrix Server
 
There are no users under the Terminal Server OU. Does the GPO linked to
the
Terminal Server OU affect computer configuration only?

********************************************************
This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
http://www.StressedPuppy.com 
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm 
********************************************************
This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
http://www.StressedPuppy.com 
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm 


********************************************************
This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
http://www.StressedPuppy.com 
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm 
********************************************************
This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
http://www.StressedPuppy.com 
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm 


********************************************************
This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

Other related posts:

  1. Home
  2. windows2000
  3. Archive
  4. 10-2004