gp still tatooing!

From: Piotr Majcher (PiotrMajcher_at_discussions.microsoft.com)
Date: 12/08/04 

Date: Wed, 8 Dec 2004 14:25:33 -0800

I have remarked such a strange behaviour of policies

I showed the students on my IT classess the GPO and such stuff and we were
testing GP precedence. everything worked well when we added (linked to OU)
more and more policies. the problem appears when i remove (unlink) or disable
 policies ( no matter if 1, 2 or all of them)

some of the settings ARE STILL APPLIED :(
(checked and confirmed: "hide clock" , "hide IE icon on the deskktop", "hide
network places on desktop") those settings are permament in the user's
environment!

i check affected user with GPResults and it showes than no policies are
applied however the user still has the restrictions from the state where the
policies were working

I AM NOT USING roaming prfiles for my users just local and I guess that the
policies tatooed locally stored locopy of user profile and when the profile
is used the restrictions are still applied.

when the affected user logs onto another workstation (the one that he had
never log on to) he gets a new local profile and no policies are applied to
him.

when the user logs onto a workstation and there is a copy of his profile
(which was using when the policies were linked) the user uses its profile and
despite there are no policies now he is being applied the old shadow policies

when i delete the copy of the profile so the user gets a new one, everything
is ok

I DO NOT WANT to use roaming nor mandatory roaming profiles, I want to let
my users use their local profiles

Do You have any idea on fixing the problem?

Have a good day
Piotr Majcher

Relevant Pages

  • Re: Local Policies with Roaming Profiles - Security ID Prob
    ... are only local policies, they should be stored in the Group Policies ... when a second computer tries overwrite the copy of the profile, ... I'm guessing that other computers won't then recognise that SID ...
    (microsoft.public.win2000.security)
  • RE: gp still tatooing!
    ... > more and more policies. ... > policies tatooed locally stored locopy of user profile and when the profile ... > when the affected user logs onto another workstation (the one that he had ... > never log on to) he gets a new local profile and no policies are applied to ...
    (microsoft.public.windows.server.active_directory)
  • Re: Roaming Profiles & VPN
    ... "Mark Dormer" wrote in message ... > There are policies for not downloading profiles on slow connections. ... >> For a VPN to log on quicker, a local profile is best. ...
    (microsoft.public.windowsxp.network_web)
  • RE: gp still tatooing!
    ... the article "Understanding Policy Tattooing" ... >> i check affected user with GPResults and it showes than no policies are ... >> policies tatooed locally stored locopy of user profile and when the profile ... >> never log on to) he gets a new local profile and no policies are applied to ...
    (microsoft.public.windows.server.active_directory)
  • Re: gp still tatooing!
    ... "Piotr Majcher" wrote in message ... > does anyone know how can I avoid tattooing local user profiles? ... >>>> i check affected user with GPResults and it showes than no policies ... >>>> policies tatooed locally stored locopy of user profile and when the ...
    (microsoft.public.windows.server.active_directory)
Loading