Re: DC Demotion

Group Policies are applied in the following order:

Local
Site
Domain
Parent OU
Child OU
Grandchild OU
....etc.

It's much like having an argument with a 5-year old, in that the person who
gets in the last word is the one who wins - whichever setting was applied
last is the one that will take effect. Your best bet would be to use the
Resultant Set of Policies in the Group Policy Management Console (free
download from the MS website if you don't have it) - RSoP will show you a
report of exactly which policy settings are in effect, and, if more than one
policy is at work, which policy is "winning". See the following link for
dowload location: http://www.petri.co.il/download_gpmc.htm


--
Laura E. Hunter: MVP Windows Server - Networking
All replies to newsgroup, please
Post provided as-is, no warranties expressed or implied

"Mark Pfeifer" <mpfeifer@xxxxxxxxxxxxx> wrote in message
news:urYjaHp9FHA.1844@xxxxxxxxxxxxxxxxxxxxxxx
> We have a WSS Server that was originally a domain controller. We removed
> the DC role and attached the machine to the new DCs and domain.
>
> Currently, the local security policies are disabled but the group policies
> are not being picked up from the new DCs.
>
> Our network folks are thinking we need to demote the server using dcpromo,
> but I wanted to see if there was anything we should be considering. We
> simply want to get this server to pick up the group policies.
>
> Also, if a local policy is more restrictive then the group one, will it
> override the group? It looks like the local policies have some of the old
> setting still set but as I said we can't change them.
>
> TIA
> Mark
>
>


.

Relevant Pages

  • Re: Strange My Documents redirection issue
    ... And please check the system and application logs on the server and workstation to see if anything gets logged when the policy fails. ... I'd have expected to see a user that was added incorrectly to just not have folder redirection at all....where files go the C drive of the *workstation*, not the server. ... Without knowing more details about your OU structure and the group policies in play, that is as specific as I dare get. ...
    (microsoft.public.windows.server.sbs)
  • Re: Missing Wireless Network (IEEE 802.11) Policies Node
    ... try to find out which domain controller the tool is connecting ... to for editing the group policies. ... your server to your workstation. ... > the wireles node is there, however if I open the policy on my WinXP SP2 ...
    (microsoft.public.windows.group_policy)
  • Group Policies have stopped working.
    ... We've had Group Policies running for well over a year here with little ... Group Policy was applied from: ... My AD is split geographically with a US container with seperate Users ... There is also a EU container with seperate Users and Computers ...
    (microsoft.public.win2000.group_policy)
  • DC Demotion
    ... We have a WSS Server that was originally a domain controller. ... the DC role and attached the machine to the new DCs and domain. ... the local security policies are disabled but the group policies ...
    (microsoft.public.windows.server.active_directory)
  • Re: SMS 2.0 and Windows 2000 GPO
    ... The problem is with Windows group policies and the ... When I move the clients out of the OU that has policies ... > unless I change the SMS Client Service Log On account from SMSCliSvcAcct& ... I've changed the group policy System Services SMS ...
    (microsoft.public.sms.admin)