GPO not taking affect

  • Thread starter Thread starter lion
  • Start date Start date
L

lion

Ive got a w2k server as a member server in w2k domain. Im
using terminal service for certain vpn clients to access.
Ive created a OU for this server and its the only pc in
the OU.
When i create a GPO for this server and link it to the
OU, where i disalow quite a lot of features,ie cant
browse the network.. The GPO settings do not take affect.
Ive got no other GPOs linked to that OU. Ive tried
blocking inheritance, no over ride, still it does not
affect the users who log in. Another thing is that i set
the apply policy option in security to apply to only a
group, with users who need these restrictions.
Can some one help me. If i go through local policies
indtead of creating it at the domain level, im not sure i
can filter it to specific users.
 
To filter the scope of Group Policy according to security group membership:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/entserver/Filter.asp

How to Lock Down a Windows 2000 Terminal Server Session:
http://support.microsoft.com/default.aspx?scid=kb;en-us;278295

I hope the articles above helps you.

--
Regards,

Christoffer Andersson
No email replies please - reply in the newsgroup
If the information was help full, you can let me know at:
http://www.itsystem.se/employers.asp?ID=1
 
A GPO is logically made up of two sections - Computer Configuration and User
Configuration. Settings under Computer Configuration affect computer
accounts the GPO applies to and are applied at startup (and then refreshed
periodically). Settings under User Configuration affect user accounts the
GPO applies to and are applied at logon (and then refreshed periodically).

The Computer Configuration section of Group Policy is always pulled based on
the computer account's location in the directory. Additionally, the default
behavior is to pull the User Configuration section of Group Policy based on
the user account's location in the directory. (e.g. half of the Group Policy
settings may come from one set of GPOs whereas the other half come from a
totally different set of GPOs)

This default behavior can be changed by using a feature called loopback
processing. When using loopback processing, the User Configuration portion
of Group Policy is pulled based on the computer account's location in the
directory. Depending on which setting you choose, the GPO settings for User
Configuration based on the location of the computer account can either be
merged with or totally replace the GPO settings for User Configuration based
on the location of the user account (that's a mouth full - let me know if
its unclear). Here is a support article that describes loopback processing
and how to enable it:

http://support.microsoft.com/default.aspx?scid=231287

------------------------------------------------------------------
Mike Aubert
MCSE, MCSD, MCDBA
(e-mail address removed)

Note the "news2" in my email address is temporary and may be changed in the
future, remove it to email me at my Permanente address.
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Back
Top