G
Guest
OK, this one's REALLY strange. Please help!
Environment...
Windows 2003 Server, all critical updates applied
XP Pro SP2 desktops, all critical updates applied
Situation...
Everything was working fine from a Group Policy perspective until today. I
just added a new workstation to the domain, and upon reboot I noticed that
specific Group Policy restrictions were being applied, despite the fact that
I hadn't yet moved the workstation to an OU where I have the GPOs are
defined. More specifically, restrictions from different GPOs linked to
different OUs are being applied, despite the fact that the workstation
remains in the default "Computers" container in AD. The only GPO that should
be applied at this point is the Default Domain Policy, which is unmodified,
and contains none of the restrictions I'm seeing.
I ran gpresult on the workstation and confirmed that indeed nothing but the
Default Domain Policy is listed, yet the restrictions that are specifically
defined in the other GPOs are in effect.
I've spent hours combing through the policies and can find nothing out of
the ordinary. The Default Domain Profile definitely does not contain the
restrictions I'm seeing. I've even gone so far as to disable EVERY GPO on my
server, including the Default Domain Profile, rebooted the server, rebooted
the workstation, and still the restrictions remain in effect. Gpresult
confirms that NO Group Policy is applying whatsoever, yet the restrictions
remain in effect.
So I've asked myself "what's changed" since the OU and GPO structure was
working properly. The only thing that's different is that I ran Windows
Update on the server and I believe there were 3 critical updates this past
week. Other than that there have been no changes. No new software, no
configuration changes, nothing.
The answer is there, I just don't see it. Someone please show me the light.
Environment...
Windows 2003 Server, all critical updates applied
XP Pro SP2 desktops, all critical updates applied
Situation...
Everything was working fine from a Group Policy perspective until today. I
just added a new workstation to the domain, and upon reboot I noticed that
specific Group Policy restrictions were being applied, despite the fact that
I hadn't yet moved the workstation to an OU where I have the GPOs are
defined. More specifically, restrictions from different GPOs linked to
different OUs are being applied, despite the fact that the workstation
remains in the default "Computers" container in AD. The only GPO that should
be applied at this point is the Default Domain Policy, which is unmodified,
and contains none of the restrictions I'm seeing.
I ran gpresult on the workstation and confirmed that indeed nothing but the
Default Domain Policy is listed, yet the restrictions that are specifically
defined in the other GPOs are in effect.
I've spent hours combing through the policies and can find nothing out of
the ordinary. The Default Domain Profile definitely does not contain the
restrictions I'm seeing. I've even gone so far as to disable EVERY GPO on my
server, including the Default Domain Profile, rebooted the server, rebooted
the workstation, and still the restrictions remain in effect. Gpresult
confirms that NO Group Policy is applying whatsoever, yet the restrictions
remain in effect.
So I've asked myself "what's changed" since the OU and GPO structure was
working properly. The only thing that's different is that I ran Windows
Update on the server and I believe there were 3 critical updates this past
week. Other than that there have been no changes. No new software, no
configuration changes, nothing.
The answer is there, I just don't see it. Someone please show me the light.