RE: gp still tatooing!

From: Piotr Majcher (PiotrMajcher_at_discussions.microsoft.com)
Date: 12/09/04 

Date: Thu, 9 Dec 2004 09:51:10 -0800

thanks for answering,
I took a look at the www you advised me to look and I have read
the article "Understanding Policy Tattooing"

but there is no explanation and solution to my problem

the "hide clock" policy is not considered gp-tattooing but in my case it
tatoos
the local user profile how can i deal with such situation?

is the only solution to manually clean the registry?

Piotr Majcher

"Thor Vanden Reysen" wrote:

> hi,
> Here is a good link :
> http://www.gpoguy.com
> @+
>
>
> "Piotr Majcher" wrote:
>
> > I have remarked such a strange behaviour of policies
> >
> > I showed the students on my IT classess the GPO and such stuff and we were
> > testing GP precedence. everything worked well when we added (linked to OU)
> > more and more policies. the problem appears when i remove (unlink) or disable
> > policies ( no matter if 1, 2 or all of them)
> >
> > some of the settings ARE STILL APPLIED :(
> > (checked and confirmed: "hide clock" , "hide IE icon on the deskktop", "hide
> > network places on desktop") those settings are permament in the user's
> > environment!
> >
> > i check affected user with GPResults and it showes than no policies are
> > applied however the user still has the restrictions from the state where the
> > policies were working
> >
> > I AM NOT USING roaming prfiles for my users just local and I guess that the
> > policies tatooed locally stored locopy of user profile and when the profile
> > is used the restrictions are still applied.
> >
> > when the affected user logs onto another workstation (the one that he had
> > never log on to) he gets a new local profile and no policies are applied to
> > him.
> >
> > when the user logs onto a workstation and there is a copy of his profile
> > (which was using when the policies were linked) the user uses its profile and
> > despite there are no policies now he is being applied the old shadow policies
> >
> > when i delete the copy of the profile so the user gets a new one, everything
> > is ok
> >
> > I DO NOT WANT to use roaming nor mandatory roaming profiles, I want to let
> > my users use their local profiles
> >
> >
> > Do You have any idea on fixing the problem?
> >
> >
> > Have a good day
> > Piotr Majcher
> >
> >
> >

Relevant Pages

  • Re: Local Policies with Roaming Profiles - Security ID Prob
    ... are only local policies, they should be stored in the Group Policies ... when a second computer tries overwrite the copy of the profile, ... I'm guessing that other computers won't then recognise that SID ...
    (microsoft.public.win2000.security)
  • RE: gp still tatooing!
    ... > more and more policies. ... > policies tatooed locally stored locopy of user profile and when the profile ... > when the affected user logs onto another workstation (the one that he had ... > never log on to) he gets a new local profile and no policies are applied to ...
    (microsoft.public.windows.server.active_directory)
  • Re: Roaming Profiles & VPN
    ... "Mark Dormer" wrote in message ... > There are policies for not downloading profiles on slow connections. ... >> For a VPN to log on quicker, a local profile is best. ...
    (microsoft.public.windowsxp.network_web)
  • Re: gp still tatooing!
    ... "Piotr Majcher" wrote in message ... > does anyone know how can I avoid tattooing local user profiles? ... >>>> i check affected user with GPResults and it showes than no policies ... >>>> policies tatooed locally stored locopy of user profile and when the ...
    (microsoft.public.windows.server.active_directory)
  • Folder redirection and Terminal Services profiles
    ... policies, ... use Terminal Services to access a Winframe server, ... Directory that allows you to specify a Terminal Services profile, ... that policy when logging on to their own PC, but not the Winframe ...
    (microsoft.public.win2000.group_policy)