Group Policy only working on domain controllers not workstations

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

We have Active Directory installed in our domain. I have linked the test group policy to the entire domain and even tried to a test OU. Group Policy appears to only apply to the actual domain controller servers and not to the workstations. Example, I added the display logoff on the start menu. This displays on the servers start menu, but not on the workstations. Appears none of our policy settings are being applied to workstations, just servers. Any ideas. Help is greatly appreciated. Thanks, Robbie.
 
Verify that the clients are not pointing to an ISP for DNS. They need to be
pointing to a DNS server that holds the SRV records for your domain
controllers. Check the app log on the clients to look for errors from
userenv. If there are errors post them in the group.

See the following article for more troubleshooting steps.
250842 Troubleshooting group Policy Application Problems
http://support.microsoft.com/?id=250842



--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


robbiet said:
We have Active Directory installed in our domain. I have linked the test
Click to expand...
group policy to the entire domain and even tried to a test OU. Group Policy
appears to only apply to the actual domain controller servers and not to the
workstations. Example, I added the display logoff on the start menu. This
displays on the servers start menu, but not on the workstations. Appears
none of our policy settings are being applied to workstations, just servers.
Any ideas. Help is greatly appreciated. Thanks, Robbie.
 
Hey Tim, this worked. We had another internal non-domain DNS server that was in front of this one. I made this the first internal and it now gets the policy. This has helped greatly. We just overlooked the simple things.
Any way to have this policy not affect our servers and just affect workstations? Once again, thanks for the quick response and great solution. Robbie

----- Tim Hines [MSFT] wrote: -----

Verify that the clients are not pointing to an ISP for DNS. They need to be
pointing to a DNS server that holds the SRV records for your domain
controllers. Check the app log on the clients to look for errors from
userenv. If there are errors post them in the group.

See the following article for more troubleshooting steps.
250842 Troubleshooting group Policy Application Problems
http://support.microsoft.com/?id=250842



--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


robbiet said:
We have Active Directory installed in our domain. I have linked the test
Click to expand...
group policy to the entire domain and even tried to a test OU. Group Policy
appears to only apply to the actual domain controller servers and not to the
workstations. Example, I added the display logoff on the start menu. This
displays on the servers start menu, but not on the workstations. Appears
none of our policy settings are being applied to workstations, just servers.
Any ideas. Help is greatly appreciated. Thanks, Robbie.
 
You can create an OU and place the computers in it, then apply the policy to
it. The other option would be to filter the policy by modifying the
permissions of the group policy object. Give the servers deny on apply
group policy.


--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

robbiet said:
Hey Tim, this worked. We had another internal non-domain DNS server that
Click to expand...
was in front of this one. I made this the first internal and it now gets the
policy. This has helped greatly. We just overlooked the simple things.
Any way to have this policy not affect our servers and just affect
Click to expand...
workstations? Once again, thanks for the quick response and great solution.
Robbie
----- Tim Hines [MSFT] wrote: -----

Verify that the clients are not pointing to an ISP for DNS. They need to be
pointing to a DNS server that holds the SRV records for your domain
controllers. Check the app log on the clients to look for errors from
userenv. If there are errors post them in the group.

See the following article for more troubleshooting steps.
250842 Troubleshooting group Policy Application Problems
http://support.microsoft.com/?id=250842



--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


robbiet said:
We have Active Directory installed in our domain. I have linked the
Click to expand...
test
group policy to the entire domain and even tried to a test OU. Group Policy
appears to only apply to the actual domain controller servers and not to the
workstations. Example, I added the display logoff on the start menu. This
displays on the servers start menu, but not on the workstations. Appears
none of our policy settings are being applied to workstations, just servers.
Any ideas. Help is greatly appreciated. Thanks, Robbie.
Click to expand...
 
Hey Tim, Will do on the deny and see if that meets our needs. Since you are knowledgeable and answering let me ask another policy question. We apparently have several older programs that are requiring the users to be local administrators on their computers. How can we, using group policy, allow them to perform those types of programs that write to the temp directory and some even edit the registry? I tried to create a restricted group, but it didn't appear to work. So far we can only get this to work by adding the users to the domain admin group? Any ideas? Thanks. Robbie
 
Back
Top