E
Eric Rehder
I cannot get user policy to apply without making the user
a member of Domain Admins in a Windows 2000 DC. (it does
not apply even if user is as a member of Administrators).
I am testing with only one active simple policy called
Test1 with only one enabled feature - it hides all icons
on desktop. It is linked to ou "ouUsers" to which the user
belongs and its policy security = Authenticated Users with
Read and Policy rights.
The user is roaming with a server-based profile in a home
folder to which he has full control (but not ownership) in
a shared folder (UserHome) that has permissions set for
Everyone = full control and same with the folder security.
The roaming profile for this user was initially created by
script doing a file copy from a "template" profile
elsewhere on the server. The user's AD account points to
his home folder profile.
Without being a member of Domain Admins, the user sees
desktop icons even though GPMC actually says this
particular registry setting to hide them was applied. As a
member of Domain Admins, the user does NOT see icons.
I have given permissions everywhere I can think of -
Sysvol is Everyone with full control. Also, when "turned
on", group policies are applied to the client computer
(running XP, sp1) without a problem so the trust
relationships, etc seem to work. I have looked at
Userenv.log when policy does and doesn't work but have
learned nothing.
Can anyone help?
a member of Domain Admins in a Windows 2000 DC. (it does
not apply even if user is as a member of Administrators).
I am testing with only one active simple policy called
Test1 with only one enabled feature - it hides all icons
on desktop. It is linked to ou "ouUsers" to which the user
belongs and its policy security = Authenticated Users with
Read and Policy rights.
The user is roaming with a server-based profile in a home
folder to which he has full control (but not ownership) in
a shared folder (UserHome) that has permissions set for
Everyone = full control and same with the folder security.
The roaming profile for this user was initially created by
script doing a file copy from a "template" profile
elsewhere on the server. The user's AD account points to
his home folder profile.
Without being a member of Domain Admins, the user sees
desktop icons even though GPMC actually says this
particular registry setting to hide them was applied. As a
member of Domain Admins, the user does NOT see icons.
I have given permissions everywhere I can think of -
Sysvol is Everyone with full control. Also, when "turned
on", group policies are applied to the client computer
(running XP, sp1) without a problem so the trust
relationships, etc seem to work. I have looked at
Userenv.log when policy does and doesn't work but have
learned nothing.
Can anyone help?