Announcement

Collapse
No announcement yet.

Unable to apply Group Policy to user..

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Unable to apply Group Policy to user..

    Hello. First of all thanx everyone you reads my request for help..
    I m trying to setup a server on Windows 2003 Server which I' ve set as Domain Controller but not as a DNS server, though.
    I have set a Windows XP Client in another PC joined under the Domain.
    I have set up a new user in the active directory.
    In the Server, i have made a new OU, put inside the user I 've made and now i am trying (through GPCM) to manage the rights and the policies.
    BUT the Client is not responding at all.
    Is there any idea about what I have propably made wrong...
    Thanx again in advanced.

  • #2
    Re: Unable to apply Group Policy to user..

    Is this the only AD server in the domain? You cannot have AD without DNS. I find it odd you state specifically you didn't setup DNS, why is that?
    Plus, can you explain what you mean by "the Client is not responding at all" as that is really vague.
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: Unable to apply Group Policy to user..

      A DNS server is defently needed for Active Directory. But i am pratically sure there is one, otherwise you wouldn't be able to create the domain in the first place.

      The client refreshes it policy every 90 to 120 minutes (by default). So that means if you apply a new setting in a GPO linked to the user object, these settings will only be applied the next time the policy is refreshed. However, you can force the client to refresh it's policies by typing "GPUPDATE /FORCE" in a comand prompt (on the client).

      GPUPDATE /TARGET:COMPUTER
      Computer policies are refreshed
      GPUPDATE /TARGET:USER
      User Policies are refreshed
      GPUPDATE /FORCE
      All Policies are refreshed

      Note: Some computer policies require a reboot.

      To be sure which policies are applied at the client, you can type GPRESULT at the client (WIN XP or later).
      [Powershell]
      Start-DayDream
      Set-Location Malibu Beach
      Get-Drink
      Lay-Back
      Start-Sleep
      ....
      Wake-Up!
      Resume-Service
      Write-Warning
      [/Powershell]

      BLOG: Therealshrimp.blogspot.com

      Comment


      • #4
        Re: Unable to apply Group Policy to user..

        In AD is recommended to have AD Integrated zone regarding to DNS. I hope you have reasons for not having integraded zone.
        Also watch out what GP is inherited to yours OU.

        Comment


        • #5
          Re: Unable to apply Group Policy to user..

          I am trying to set this server in a laboratory and I was asked by my teacher not to set the Domain Controller as a DNS Server. Propably for educational purpose. I am using static IPs instead.
          Killerbe, it is not a matter of policy refreshing as I have done so (restarts also).
          The client pc is not responding as I "tune" the user Configuration in the GPO management.
          Specifically, I have set the client not to see the turn off button in the start menu , but after i log as a client the button is still visible.

          Comment


          • #6
            Re: Unable to apply Group Policy to user..

            To make one thing clear, AD cannot function without DNS.
            A client needs a srv record for a logon server, this is done by DNS.

            You tell us that the client was able to join the domain, so there must be a dns server that has the required records to service the client. In fact you wouldn't be able to create a forest/domain if you DNS server is available to support your domain.

            Did you create the computer account manually? Or was it auto created when the client joined the domain?
            [Powershell]
            Start-DayDream
            Set-Location Malibu Beach
            Get-Drink
            Lay-Back
            Start-Sleep
            ....
            Wake-Up!
            Resume-Service
            Write-Warning
            [/Powershell]

            BLOG: Therealshrimp.blogspot.com

            Comment


            • #7
              Re: Unable to apply Group Policy to user..

              It was auto created when the client joined the domain.. The computer name was shown in Server..

              Comment


              • #8
                Re: Unable to apply Group Policy to user..

                Any idea please....??

                Comment


                • #9
                  Re: Unable to apply Group Policy to user..

                  Ok as the computer was able to join the domain; and you where able to create a new domain/forest there MUST be a DNS server available. If you run NSLOOKUP it will show you which is its default DNS server.

                  The most obvious is that allthough the computer has an account in AD, you are not logged on to the domain but local. What realm what sellected when loging in?
                  The domain or the computer?
                  [Powershell]
                  Start-DayDream
                  Set-Location Malibu Beach
                  Get-Drink
                  Lay-Back
                  Start-Sleep
                  ....
                  Wake-Up!
                  Resume-Service
                  Write-Warning
                  [/Powershell]

                  BLOG: Therealshrimp.blogspot.com

                  Comment


                  • #10
                    Re: Unable to apply Group Policy to user..

                    Its checked that I log in the domain as a client, NOT in the computer..

                    Comment


                    • #11
                      Re: Unable to apply Group Policy to user..

                      This is strange that you able to join you computer in domain without DNS. As far as my knowledge, you need to setup DNS for group policy to work. Group policy use DNS to find resources on network

                      Comment


                      • #12
                        Re: Unable to apply Group Policy to user..

                        Originally posted by ahmer_sahab View Post
                        This is strange that you able to join you computer in domain without DNS. As far as my knowledge, you need to setup DNS for group policy to work. Group policy use DNS to find resources on network
                        It is indeed strange, let alone IMPOSSIBLE to let your active directory work without the use of a DNS server. As he claims to have created a Forest/Domain and even joined a client to that domain, we must conclude that a (authorotive) DNS server is present.

                        Have you checked GPRESULT?

                        It should give you a very decent idea which policies are applied and which ones aren't.
                        [Powershell]
                        Start-DayDream
                        Set-Location Malibu Beach
                        Get-Drink
                        Lay-Back
                        Start-Sleep
                        ....
                        Wake-Up!
                        Resume-Service
                        Write-Warning
                        [/Powershell]

                        BLOG: Therealshrimp.blogspot.com

                        Comment


                        • #13
                          Re: Unable to apply Group Policy to user..

                          In the GPRESULT window it says that
                          "The following GPOs were not applied because they where filtered out".
                          Below that although there is not the GPO that I created in the server..
                          There's only the local Group policy appeared..

                          Comment


                          • #14
                            Re: Unable to apply Group Policy to user..

                            Originally posted by stefanos2110 View Post
                            In the GPRESULT window it says that
                            "The following GPOs were not applied because they where filtered out".
                            Below that although there is not the GPO that I created in the server..
                            There's only the local Group policy appeared..
                            The local policy is probably filtered out beca,use it is empty.
                            Can you post the gpresult?

                            GPRESULT > c:\GPRESULT.txt

                            Post the content of the textfile.
                            [Powershell]
                            Start-DayDream
                            Set-Location Malibu Beach
                            Get-Drink
                            Lay-Back
                            Start-Sleep
                            ....
                            Wake-Up!
                            Resume-Service
                            Write-Warning
                            [/Powershell]

                            BLOG: Therealshrimp.blogspot.com

                            Comment


                            • #15
                              Re: Unable to apply Group Policy to user..

                              Here it is... Thanx again



                              Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
                              Copyright (C) Microsoft Corp. 1981-2001
                              Created On 30/7/2008 at 1:22:59 وو

                              RSOP results for STEF-GIAN\Administrator on STEF-GIAN : Logging Mode
                              ---------------------------------------------------------------------
                              OS Type: Microsoft Windows XP Professional
                              OS Configuration: Member Workstation
                              OS Version: 5.1.2600
                              Domain Name: S2ELAB
                              Domain Type: WindowsNT 4
                              Site Name: N/A
                              Roaming Profile:
                              Local Profile: C:\Documents and Settings\Administrator
                              Connected over a slow link?: Yes

                              COMPUTER SETTINGS
                              ------------------

                              Last time Group Policy was applied: 30/7/2008 at 1:22:34 وو
                              Group Policy was applied from: N/A
                              Group Policy slow link threshold: 500 kbps
                              Applied Group Policy Objects
                              -----------------------------
                              N/A
                              The following GPOs were not applied because they were filtered out
                              -------------------------------------------------------------------
                              Local Group Policy
                              Filtering: Not Applied (Empty)
                              The computer is a part of the following security groups:
                              --------------------------------------------------------
                              BUILTIN\Administrators
                              Everyone
                              NT AUTHORITY\Authenticated Users

                              USER SETTINGS
                              --------------

                              Last time Group Policy was applied: 30/7/2008 at 11:49:11 مو
                              Group Policy was applied from: N/A
                              Group Policy slow link threshold: 500 kbps
                              Applied Group Policy Objects
                              -----------------------------
                              N/A
                              The following GPOs were not applied because they were filtered out
                              -------------------------------------------------------------------
                              Local Group Policy
                              Filtering: Not Applied (Empty)
                              The user is a part of the following security groups:
                              ----------------------------------------------------
                              None
                              Everyone
                              BUILTIN\Administrators
                              BUILTIN\Users
                              NT AUTHORITY\INTERACTIVE
                              NT AUTHORITY\Authenticated Users
                              LOCAL

                              Comment

                              Working...
                              X