Re: GPO doesn't take effect on the clients


"Florian Frommherz [MVP]" <florian@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:O6iyUSK6HHA.1212@xxxxxxxxxxxxxxxxxxxxxxx
Howdie!

MSExchangeStudent schrieb:
The 2 DC's in my company is listed under that OU.

You configured a Computer Configuration-policy and you therefore need to
have machine objects in that OU.
Are the workstations joined to the domain (correctly?)

Yes. There are a default domain policy that i assume work 100% because it
autimatically give evyone access to the internet if you join the domain.

The 2 DCs are listed under that OU?

The OU is called "Domain Controllers"

Did you link the policy to the "Domain Controllers" OU or did you just move
the DCs out there into a seperate OU?
I did right-click on the OU and choose "Link an existing GPO here" and
browse to the one i have created


Do the workstations' DNS settings point to a Domain Controller (as the
only, primary source)?
Yes. That is set in the network properties to pick up the DNS
automatically and all the pc's point to 192.168.150.101 as the DNS. This
is also the pc that i try to work on the GPO through AD

So 192.168.150.101 is your Active Directory Domain Controller, right?
Yes.
The client's DNS must point to the IP of a Domain Controller.
Does this mean i must manually enter the IP on every machine on the network
to point to 192.168.150.101
Just confirm is the info i gave above is technical sound. If it if and my
system still not work i will do the instructions you gave below. thanks for
your time so far. I really hope we get this sorted

If nothing helps, try that:

Go create an OU. Put an Active Directory account of a workstation into
that OU. If you wish, the guy next to you's machine. Then create a Group
Policy at that exact you just created and configure the Computer
Configuration\... setting. Does that work? If not, what does "rsop.msc"
say after you tried "gpupdate"?

cheers,

Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.


.

Relevant Pages

  • Re: Adding a 2003 DC to an existing 2000 AD
    ... I went to run the DNS manager on our secondary DC and noted that DNS manager ... Run diagnostics against your Active Directory domain. ... Solve those DNS warnings. ... errors and the group policy errors may go away. ...
    (microsoft.public.win2000.active_directory)
  • Re: Windows firewall spontaneously changes profiles
    ... If you want to get your Active Directory and Group Policy to work correctly ... to have your domain controllers be dns servers for your Active Directory ...
    (microsoft.public.windows.server.security)
  • Re: Configuring DNS settings
    ... and DNS settings.Now I need to change the DNS settings for all clent machines.Individually going and doing on all PC's will be tediuos. ... You need to script that as there is no native Group Policy for it. ... Be aware that pointing all clients to a wrong DNS server might break your entire Directory Server (Active Directory) with Group Policy. ... I recommend you really test the script in a test environment. ...
    (microsoft.public.windows.group_policy)
  • Re: Group Policy on a Win2K domain wont apply to an XP Pro workstation.
    ... Active Directory ... then check that the Tcp/Ip settings for DNS on the XP ... client is identical to that on the working W2k. ... >>Group policy application onto XP clients works. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: NT to W2K3 Migration
    ... How to Upgrade from Windows NT Server 4.0 ... Best Practice Active Directory Design for Managing Windows Networks ... ensure that you have designed a DNS ...
    (microsoft.public.windows.server.active_directory)