Computer Policy not being applied

  • Thread starter Thread starter James Robetson
  • Start date Start date
J

James Robetson

OK I have a Computer logon policy via a BAT file to add a user to a Local
Group. I have applied this policy to the default Domain Policy group but it
will not apply. Do I have to assign the policy only to computers OU?
 
No. If a policy is applied at the domain level, and your computers are
contained in an OU below that, then the policy will apply to that OU.
There are many factors that could be causing these machines to not be
applying this policy, however the placement of the GPO at the domain
level as opposed to on the specific OU is not it.

Have you tried using the group policy resultant set of policy console
to see what is and what isn't being applied?

Regards,
Rick Gouin, MCSE
 
Rick Gouin said:
No. If a policy is applied at the domain level, and your
computers are
contained in an OU below that, then the policy will apply to
that OU.
There are many factors that could be causing these machines to
not be
applying this policy, however the placement of the GPO at the
domain
level as opposed to on the specific OU is not it.

Have you tried using the group policy resultant set of policy
console
to see what is and what isn't being applied?

Regards,
Rick Gouin, MCSE
Click to expand...

Hi,

First of all, try something simple in the batch file to make sure it
is not just the batch file that isn’t working. Remember that sometimes
when startup scripts run, services haven’t started yet. So it may be
just that particular batch file isn’t working.

I didn’t know there was a command line to add a user to a group?

Also, the batch file MUST be in the Netlogon Share. It is Not
recommended to do at the Domain Group Policy level because it will
affect your DC’s as well. Create a Computers OU and a new group policy
for that and put the "Startup script" (not logon script) there.

Cheers,

Lara
 
Thanks for the input.

Yes you can add user to a group via a command that is

net localgroup "Power Users" (username) /add

if the group is a single word then the quotes are not needed

that command adds them to the local groups of the machines. You can also
change the Local Administrators password using the NET command.

But here is a second thought. My laptop will not obtain the group policy.
Is it because of the Wireless connection and Third Party manager have not
connected to the network until I log in. I have no errors in the event log
other than the Domain Controller could not be contacted. But I can contact
it through DNS all of the way through the SYSVOL domain when I am logged in.
Any suggestions or thoughts?
 
Hmm. I've been reading on Bugtraq lately that unplugging your NIC at
the opportune time during login can make group policies not apply
correctly. Interesting thought.

Perhaps try running "gpupdate /force" (XP) or "secedit /refreshpolicy
machine_policy /enforce" (2000) to force the policies to refresh and
apply, and see if the policy runs next time you log on.

A conclusive test to see if this is the case would be to plug your
laptop into a wire and see if it is any different.
 
Bruce Sanderson1 said:
See http://support.microsoft.com/?id=810076 for an alternative
way of
populating Local Groups via Group Policy (Windows 2000 SP4 or
later) -
avoids the need for your Startup Script.

--
Bruce Sanderson MVP Printing
http://members.shaw.ca/bsanders

It is perfectly useless to know the right answer to the wrong
question.



message
Click to expand...

Hi,

Group Policy issues are usually DNS related. Make sure that the DNS
server in the IP of your laptop is pointing to your Windows 200x DNS
server. Also make sure on your DNS server that the laptop is
registered with the correct IP. I have a laptop that wasn’t working
and I found it wasn’t registered in DNS.

check my website to make sure the DNS is setup
http://www.sd61.bc.ca/windows2000/dns.htm

Cheers,

Lara
 
Ok. this is not a DNS issue or a Hard Wire network connection. Looks to be
a wireless issue and I will be contacting the vendor to find out how their
wireless adapter connects to the network before authentication and after.
Thanks everyone for the tips.
 
James Robetson said:
Ok. this is not a DNS issue or a Hard Wire network
connection. Looks to be
a wireless issue and I will be contacting the vendor to find
out how their
wireless adapter connects to the network before authentication
and after.
Thanks everyone for the tips.
Click to expand...

Hi,

Remember that if a laptop has a wireless connection, it will need both
IP’s registered in DNS. One for regular Nic IP and one for wireless
IP.

Cheers,

Lara
 
Back
Top