Re: Group Policy Inheritance

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: "Thomas M." <NoEmailReplies@xxxxxxxxxx>
Date: Mon, 15 Oct 2007 16:44:30 -0600

"Florian Frommherz [MVP]" <florian@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:OEzjbAS%23HHA.484@xxxxxxxxxxxxxxxxxxxxxxx

Howdie!

Thomas M. schrieb:

However, the webcast is based on Windows 2003 Server, whereas I believe
that my DC is running Windows 2000 Server. Would that explain the
discrepancy that I am seeing between the webcast and what is happening in
my

No. That is not the reason. They work similar.

environment? If not, what are the possible reasons that the child OU
would not inherit the GPO from the parent OU, knowing that Block
Inheritance is turned off?

Is it possible that you have made contradicting settings in the Group
Policies in the subOU? What leads you to the thought inheritance doesn't
work?

cheers,

Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.

I finally got a block of time for working on this problem and I have solved
the issue. On the one hand, I'm glad that the problem has been fixed, but
on the other it amounts to one of those Homer Simpson "DOH!" moments. The
policy limits user rights by pushing down the local Administrators group.
This was not working for one user because he was getting administrator
rights through a domain group that I forgot to pull him out of, and there
were some other things going on that clouded the issue a bit, but the bottom
line is that I did not see the forest through the trees on this one. The
thing is, the user was once a Network Administrator (he's now in management)
and once belonged in the Network Administrators domain security group, which
is why I did not connect the dots when I first saw that. Only after I had
him run gpresult from the command line and saw that the group policy IS
getting applied, did I realize that he was getting his admin rights from
membership in a domain group that pushes down as part of the local
Administrators group.

--Tom

.

Follow-Ups:
- Re: Group Policy Inheritance
  - From: Florian Frommherz [MVP]

Prev by Date: Re: acrobat pro 7 and installshield setup
Next by Date: ifmember drive mapping
Previous by thread: Re: acrobat pro 7 and installshield setup
Next by thread: Re: Group Policy Inheritance
Index(es):
- Date
- Thread

Relevant Pages

Scecli 1202 : 0x534
... SDC) are running Windows 2000 Server in french. ... Now we have 3 NAS running Windows 2003 server in english. ... The SID for Administateurs or Administrators is the same, ...
(microsoft.public.windows.group_policy)
[Full-disclosure] n.runs-SA-2010.001 - Alcatel-Lucent - unauthenticated admi
... unauthenticated administrative access to CTI CCA Server ... 2010/02/16 initial information to Alcatel-Lucent from n.runs AG ... administrators. ... In addition there is no real authentication taking place. ...
(Full-Disclosure)
n.runs-SA-2010.001 - Alcatel-Lucent - unauthenticated administrative access to C
... unauthenticated administrative access to CTI CCA Server ... 2010/02/16 initial information to Alcatel-Lucent from n.runs AG ... administrators. ... In addition there is no real authentication taking place. ...
(Bugtraq)
RE: Access Denied when running RSoP
... The launch and activation security descriptor for the COM Server application ... It contains Access Control Entries with permissions that are ... which is a part of the McAfee Common ... > Administrators - Full Control - This namespace and subnamespaces ...
(microsoft.public.windows.server.sbs)
Re: Windows 2003 - User Logins vs Software
... > We have recently installed a Windows 2003 domain server. ... admin, open "Active Directory Users and Computers", locate the workstation ... "Administrators" group under "Local users and Groups". ...
(microsoft.public.windowsxp.security_admin)