Re: GPO Settings not applying

Howdie!

SBN via WinServerKB.com wrote:
I'm afraid but I don't get your problem, I think. What did you do? Add the computer from where you want to log in into the newly created OU? Logging afterwards in and received an error message?

Of course is it okay to "Move" the computer's Active Directory account into that newly created OU to which you linked your policy - otherwise the computer wouldn't pick up the policy settings again.

- well its like this im adding a new computer which according to the error
it is already existing

If you have joined your computer to the domain, there should be a computer account for that computer. It maybe is the one located at the "Computers" container.

- also is there a way i can check if all the settings i placed in the
computer settings or in the user settings is being applied. i configure the
account lockout policy to lockout 3 failed login attempts. it tried to login
6 times in the domain with wrong user name and password but it didn't lockout.

Since you have Windows XP workstations you can use rsop.msc to collect the resultant settings from a remote workstation. Just have a try.

I assume that you want to configure the lockout policy for domain accounts which means that after three failed attempts, the Active Directory user account shall be locked out. If so, you'll have to link that policy at Domain Level, in order to get that working. Password Policies (and account lockout features) need to be linked to domain level. When linked to an OU, the settings made in the GPO will apply to the local accounts on the computer, not the ones in Active Directory.

cheers,

Florian
--
Nachwuchsadmin aus dem Süddeutschen/Germany.
eMail: Vorname [bei] frickelsoft [Punkt] net.
blog: http://www.frickelsoft.net/blog.
.

Relevant Pages

  • Local security settings in W2k adv server causes problems
    ... I am experiencing a pretty weird problem with some local policy settings on ... I used this to rename the administrator account on that server, ...
    (Focus-Microsoft)
  • Re: Kerberos User Ticket Lifetime
    ... Wong - as Joe has been saying, Account Policies receive special ... Account policy is a single instance thing on ... >>> different groups do inherit the correct GP settings, ... >>>>>with the Maximum User Ticket Lifetime parm? ...
    (microsoft.public.security)
  • Re: Local Account & Password Policy Options Greyed out for Admins?
    ... it seems to have set the security settings back to what they should be. ... Still, the settings for the password and account lockout policies are greyed out, so they still cannot be changed. ... Reboot the computer and you should be able to change password policy in Local Security Policy. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Cannot edit "Log on as a service" and "Allow log on locally" policies on W2K3 server.
    ... I am installing a new version of a program on my W2K3 SP1 server and one of the requirements is to create a "local" user account and grant this account ... However when I go into the Local Security Policy editor/Security settings/Local Policies/User Rights Assignment, I do not get the option to add or edit. ... These two policies both have different icons showing so I'm not sure what that indicates but am sure it has to do with why I cannot make any changes there. ... drill down to those settings and it'll tell you which policy is applying to those settings. ...
    (microsoft.public.windows.server.general)
  • Re: How can I prevent an account from being locked out?
    ... The security folks pick up on a published ... The lockout threshold is a good ... functionality for the domain ID you need a new domain with that policy. ... password or unlock their account ...
    (microsoft.public.windows.server.active_directory)