Re: Default Domain Policy Doesn't Apply

From: Steven L Umbach (sumbach_at_nospam-ameritech.net)
Date: 03/11/04

• Next message: Derek Melber [MVP]: "Re: User Policy doesnt apply on one PC!"
• Previous message: Steven L Umbach: "Re: Default Domain Policy Doesn't Apply"
• In reply to: Steven L Umbach: "Re: Default Domain Policy Doesn't Apply"
• Messages sorted by: [ date ] [ thread ]

Date: Thu, 11 Mar 2004 14:50:50 GMT

Also to add that Group Policies are by default applied in this
order -local>site>domain>OU which means than defined settings at the local
level will be overriden by any defined settings at the site, domain, OU
level and so forth which could explain why domain settings [other than
account policies] are not being applied to the domain controllers since they
are in their own container. --- Steve

"Steven L Umbach" <sumbach@nospam-ameritech.net> wrote in message
news:pX_3c.32725$PY.32528@newssvr26.news.prodigy.com...
> The first thing to check is dns configurations. Domain controllers must
> point to themselves or another AD domain controller only for their
preferred
> dns server. Check that the _srv records exist in the dns zone for your
> domain. The domain members must point only to AD domain controllers for
> their preferred dsn servers and NEVER an ISP dns server even down the
list.
> After that is confirmed, I would run netdiag and dcdiag on your domain
> contollers looking for any pertinent failed tests and look in Event Viewer
> for any pertinent errors. Also run netdiag on your domain members.
Nslookup
> can be helpful in checking domain name resolution when run from a domain
> member machine. Netdiag and dcdiag are on the install cdrom in the
> support/tools folder where you will have to run the setup there. If all
that
> checks out you can use gpresult to troubleshoot GPO problems maybe using
the
> /v switch for more details. Keep in mind that account polices such as
> password and lockout policy can ony be set at the domain level for domain
> user accounts. See the links below for more info. --- Steve
>
> http://support.microsoft.com/?kbid=241515
> http://support.microsoft.com/default.aspx?scid=kb;en-us;321709
> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382
> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B321708
>
> "Elipsis" <Elipsis.12y2qs@mail.mcse.ms> wrote in message
> news:Elipsis.12y2qs@mail.mcse.ms...
> >
> > Hello, I'm new to this forum (I found it in a search) and I've run into
> > some trouble setting up my first domain at work.
> >
> > My domain runs off of two domain controllers, which are kept
> > synchronized through the file replication service. I've had serious
> > problems, however, getting the domain policy to apply to the rest of
> > the domain computers.
> >
> > Though I am new to this, I'm pretty sure that I've done everything
> > correct, at least on the surface. My "domain controller policy" is
> > applying correctly to the domain controllers, but the "domain policy"
> > is having no effect.
> >
> > To make matters worse, once I join machines to the domain, their local
> > policies essentially go dead. It's as if it knows there is a domain
> > policy present for the domain, but choses not to apply it. The local
> > policy is still editable on client machines, but the only way to get
> > changes to take effect is to disjoin that machine from the domain,
> > allow changes to apply, and then rejoin the domain. So essentially,
> > once I join a machine to the domain, I have NO policy control.
> >
> > I'm working directly with the "default domain policy" GPO, which I
> > believe SHOULD apply to the domain by default anyway. I've checked the
> > permissions of it, "authenticated user" has permission to apply and
> > read the policy, but that doesn't seem to matter, as even when i give
> > "everyone" permission to apply the policy, I get no results on the
> > client machines.
> >
> > I've looked at http://www.mcse.ms/message47584.html and I believe I'm
> > having the same or similar problem to he was having (and was unable to
> > resolve). I've typed "secedit /refreshpolicy user_policy /enforce" so
> > many times I just made a .bat file for it... and still can't get any
> > results.
> >
> > Any help would be greatly appreciated, I've tried everything I can
> > think of... the maddening thing here is that everything SEEMS to be
> > setup correctly.
> >
> > Oh and the GPO changes ARE being pushed from one domain controller to
> > the other correctly, so that isn't the problem.
> >
> > Thanx,
> >
> > -. . .
> >
> >
> >
> > --
> > Elipsis
> > ------------------------------------------------------------------------
> > Posted via http://www.mcse.ms
> > ------------------------------------------------------------------------
> > View this thread: http://www.mcse.ms/message467997.html
> >
>
>

• Next message: Derek Melber [MVP]: "Re: User Policy doesnt apply on one PC!"
• Previous message: Steven L Umbach: "Re: Default Domain Policy Doesn't Apply"
• In reply to: Steven L Umbach: "Re: Default Domain Policy Doesn't Apply"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint