GPO applied to some but not al users

[Charles McMillan]

Is the one problem user logging on from their own
workstation? If so is that workstation in the same ou as
the workstations of the non-problem users? I have problems
with the workstations being being in the default computers
ou instead of the OU I had intended.

 

[richard.takemeoutahere]

It does not matter where the user logs in from. The behavior is the
same regardless of computer. (This particular GPO applies only to
USERS in the OU.)

Thanks,

RS

 

[richard.takemeoutahere]

Charles,

You can not apply GPOs to Containers. The default "Users"
and "Computers" C O N T A I N E R S will cause a problem
for you. Remember, in a default set up the only
Organizational Unit initially is the Domain Controllers
OU. The others are simple Containers...

For the User-side of things I usually create an OU called
DEPARTMENTS, then create Sub-OUs called ACCOUNTING,
FINANCE, etc. and put the user accounts in the appropriate
OU. This would be my "Default" set up. Naturally, this
may not apply in all situations so I modify and adjust
accordingly.

For the Computer-side of things I usually create an OU
called PCs and then create Sub-OUs called WIN2000 and
WINXP. Naturally, the WIN2000 clients are put in the
WIN2000 OU and the WINXP clients are put in the WINXP OU.
Again, this would be my "Default" set up and might not
apply to all situations.

Always keep in mind that you apply GPOs at the Domain,
Site or OU level ( let's just leave out the local level
for a second ) and that you can use Security Groups to
further "control" the results. Normally, "Authenticated
Users" is the group that has the "Read" and "Apply Group
Policy" permissions on the Security tab ( remember, the
Domain Admins, Enterprise Admins and SYSTEM do not have
the "Apply Group Policy permission - by default! ) . You
might need to modify this accordingly.

HTH,

Cary

The GPO applies only to an OU which is 3 layers below the domain in
the AD hierarchy. (As viewed on the AD users and computers snap-in.)
There are only 5 users located in the affected OU and the policy works
for four of them. It does NOT work for the fifth even though that
particular user has the same group membership as the other 4. NONE of
the users are any type of admin. The GPO applies only to USERS in the
affected OU. There is no computer policy associated with this GPO.

Finally, as I stated in a post a few minutes ago, it does not matter
where the user logs in from. Folder redirection for him just doesn't
work.

Thanks,

RS