Re: Group Policy applies to some users, but not others
From: Tim Springston [MS] (tspring_at_online.microsoft.com)
Date: 09/08/04
- Next message: Yardsale: "Limiting Browser to one URL"
- Previous message: Tim Springston [MS]: "Re: Group policies in OU"
- In reply to: Tek Response: "Group Policy applies to some users, but not others"
- Next in thread: Tek Response: "Re: Group Policy applies to some users, but not others"
- Reply: Tek Response: "Re: Group Policy applies to some users, but not others"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 8 Sep 2004 10:58:49 -0500
This may be a result of inconsistent group membership and permissions on
GPOs.
How are the permissions on the GPOs assigned? One idea would be to check
the permissions on the GPO which is not applying to a particular user, and
then verify that the account (or a group the account is a member of) is
listed in the GPO permissions/access control list.
Please repost and let us know if this helps.
-- Tim Springston Microsoft Corporation This posting is provided "AS IS" with no warranties, and confers no rights. "Tek Response" <Tek Response@discussions.microsoft.com> wrote in message news:274AFD7F-12E4-4DAC-A418-529B2387DBF2@microsoft.com... > We have recently moved from one AD domain to a new one in a separate > forest. > We used the 'adduser' utility from the resource kit to export the users > from > the old domain and then import them into the new. > > This all worked fine. Unfortunately it didn't bring the OU details with > it. > Perhaps that was our mistake, perhaps that's just how it works, I don't > know. > Anway, once we'd completed the import we manually sat and sorted out the > OU > membership. > > However, when we apply Group Policy to the users, be it at the domain > level > or OU level we are finding some very strange inconsistencies where some > users > are having the policy assigned, others are not. > > The desktop operating system we are using is Windows XP SP1. > > As a test yesterday, I assigned a GP to an OU to remove Run from the Start > Menu. I then logged on as a user in that OU and the Run command was still > there. So I created a new user in the OU, logged on as that user and the > Run > command was missing as it should be. Since the new user was defaults only, > I > looked at the differences between it and the existing user. So I took a > few > long shots just in case. I removed the existing user's roaming profile. I > removed the logon script. I removed the mapped home directory. None of > these > made any difference. > > And yet some of the users created using 'addusers' have GP applied. > Bizarrely some seem to have only part of it applied, for example the run > command will be there, but access to the network properties will be > denied. > > In short, it is quite baffling and inconsistent. Any help would be greatly > appreciated.
- Next message: Yardsale: "Limiting Browser to one URL"
- Previous message: Tim Springston [MS]: "Re: Group policies in OU"
- In reply to: Tek Response: "Group Policy applies to some users, but not others"
- Next in thread: Tek Response: "Re: Group Policy applies to some users, but not others"
- Reply: Tek Response: "Re: Group Policy applies to some users, but not others"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
