Re: Policies in Users OU don't process
- From: "Chris Jones" <nothanks@xxxxxxxxxx>
- Date: Thu, 1 Nov 2007 09:34:45 -0400
I guess no one else in the community has any ideas?
"Darren Mar-Elia" <dmanonymous@xxxxxxxxxxxxx> wrote in message
news:%23LPrFixFIHA.1324@xxxxxxxxxxxxxxxxxxxxxxx
Actually, sorry, block inheritance wouldn't result in what you're seeing
here. But it does indicate that somehow, the users you're trying to effect
are not in the scope of the GPO when its linked lower.
"Darren Mar-Elia" <dmanonymous@xxxxxxxxxxxxx> wrote in message news:...
Have you checked to make sure that there isn't a Block Inheritance flag
set on one of those lower OUs. Generally speaking, when this occurs, its
usually an issue where *something* from a targeting perspective is
mis-configured.
Darren
--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
Script Group Policy Settings with the GPExpert Scripting Toolkit for
PowerShell!
Find out more at http://www.sdmsoftware.com/products2.php
Visit the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy
Information Hub:
FAQs, Training Videos, Whitepapers and Utilities for all things Group
Policy-related
"Chris Jones" <nothanks@xxxxxxxxxx> wrote in message
news:OGBYPVxFIHA.4296@xxxxxxxxxxxxxxxxxxxxxxx
Some feedback on me. I'm an IT consultant. I directly manage or assist
in managing over 100 domains. We setup domains for new networks,
migrate domains, fix domain based networks, and basically do this stuff
all the time.
My problem is, at one of my sites, I can't get group policies to apply
to user OU's. All of the policies set to the workstation and servers
work fine. User policies will apply to the users ONLY if they are
placed in the root folder. If I move the policy to a sub OU, it's as if
they don't even exist.
Here's my OU structure:
Domain.local
Domain Computers
SMRU
TH
Domain Controllers
Domain Terminal Servers
Domain Users
Public Safety
Public Works
SMRU
Town Hall
Lets say for example I want to redirect my docs and map some drives with
a batch file. If I setup a new GPO under Domain\Domain Users, nothing
will happen. If I move it back to the Domain (root) folder, they work.
More info: I ran a Group Policy Results query on a user and their
computer. Everything looks great til I get to the user policies. Where
it lists Applied GPO's and Denied GPO's, the policies applying to the
users don't show up at all. If I move the GPO's back to the root, then
they show up.
I've had this issue on this domain for some time and it didn't really
matter because I could put the mapped drives and redirects to apply for
everyone or specific groups (by allowing or denying gpo apply rights)
from the root. But now I'm wanting to add more gpo's by location and
would like it to work as it should.
I tried creating a new Domain Users OU and moved all the users to it and
that did not work either.
Any thoughts? I'm baffled that there's not even an attempt to
acknowledge the GPO's exist when they are being processed. It's
honestly as if the GPO's aren't in an OU that applies to the user, but
they are.
.
- Prev by Date: Re: Prevent Users from printing via GPO
- Next by Date: Need to Force Group Policy
- Previous by thread: Re: group policy site specific
- Next by thread: Need to Force Group Policy
- Index(es):
Relevant Pages
|
