E
Elipsis
Hello, I'm new to this forum (I found it in a search) and I've run into
some trouble setting up my first domain at work.
My domain runs off of two domain controllers, which are kept
synchronized through the file replication service. I've had serious
problems, however, getting the domain policy to apply to the rest of
the domain computers.
Though I am new to this, I'm pretty sure that I've done everything
correct, at least on the surface. My "domain controller policy" is
applying correctly to the domain controllers, but the "domain policy"
is having no effect.
To make matters worse, once I join machines to the domain, their local
policies essentially go dead. It's as if it knows there is a domain
policy present for the domain, but choses not to apply it. The local
policy is still editable on client machines, but the only way to get
changes to take effect is to disjoin that machine from the domain,
allow changes to apply, and then rejoin the domain. So essentially,
once I join a machine to the domain, I have NO policy control.
I'm working directly with the "default domain policy" GPO, which I
believe SHOULD apply to the domain by default anyway. I've checked the
permissions of it, "authenticated user" has permission to apply and
read the policy, but that doesn't seem to matter, as even when i give
"everyone" permission to apply the policy, I get no results on the
client machines.
I've looked at http://www.mcse.ms/message47584.html and I believe I'm
having the same or similar problem to he was having (and was unable to
resolve). I've typed "secedit /refreshpolicy user_policy /enforce" so
many times I just made a .bat file for it... and still can't get any
results.
Any help would be greatly appreciated, I've tried everything I can
think of... the maddening thing here is that everything SEEMS to be
setup correctly.
Oh and the GPO changes ARE being pushed from one domain controller to
the other correctly, so that isn't the problem.
Thanx,
-. . .
some trouble setting up my first domain at work.
My domain runs off of two domain controllers, which are kept
synchronized through the file replication service. I've had serious
problems, however, getting the domain policy to apply to the rest of
the domain computers.
Though I am new to this, I'm pretty sure that I've done everything
correct, at least on the surface. My "domain controller policy" is
applying correctly to the domain controllers, but the "domain policy"
is having no effect.
To make matters worse, once I join machines to the domain, their local
policies essentially go dead. It's as if it knows there is a domain
policy present for the domain, but choses not to apply it. The local
policy is still editable on client machines, but the only way to get
changes to take effect is to disjoin that machine from the domain,
allow changes to apply, and then rejoin the domain. So essentially,
once I join a machine to the domain, I have NO policy control.
I'm working directly with the "default domain policy" GPO, which I
believe SHOULD apply to the domain by default anyway. I've checked the
permissions of it, "authenticated user" has permission to apply and
read the policy, but that doesn't seem to matter, as even when i give
"everyone" permission to apply the policy, I get no results on the
client machines.
I've looked at http://www.mcse.ms/message47584.html and I believe I'm
having the same or similar problem to he was having (and was unable to
resolve). I've typed "secedit /refreshpolicy user_policy /enforce" so
many times I just made a .bat file for it... and still can't get any
results.
Any help would be greatly appreciated, I've tried everything I can
think of... the maddening thing here is that everything SEEMS to be
setup correctly.
Oh and the GPO changes ARE being pushed from one domain controller to
the other correctly, so that isn't the problem.
Thanx,
-. . .