RE: GPO has no effect
- From: v-yanniw@xxxxxxxxxxxxxxxxxxxx ("Jenny wu [MSFT]")
- Date: Mon, 01 Aug 2005 09:06:30 GMT
Hi Nicolas,
Thanks for posting here.
For your description, I understand the issue is that the GPO you created
doesn't take effect. If I am off base, please don't hesitate to let me know.
I. Do you run "gpupdate /force" to refresh the policy of clients in server
side? Run it and try to test. How about the result?
For more information about the GPUpdate command, please refer to the
following syntax.
Syntax: GPUpdate [/Target:{Computer | User}] [/Force] [/Wait:<value>]
[/Logoff] [/Boot] [/Sync]
Parameters:
Value Description
/Target:{Computer | User} Specifies that only User or only Computer
policy settings are refreshed. By default,
both User and Computer policy settings are
refreshed.
/Force Reapplies all policy settings. By default,
only policy settings that have changed are
applied.
/Wait:{value} Sets the number of seconds to wait for policy
processing to finish. The default is 600
seconds. The value ''0'' means not to wait.
The value ''-1'' means to wait indefinitely.
When the time limit is exceeded, the command
prompt returns, but policy processing
continues.
/Logoff Causes a logoff after the Group Policy settings
have been refreshed. This is required for
those Group Policy client-side extensions
that do not process policy on a background
refresh cycle but do process policy when a
user logs on. Examples include user-targeted
Software Installation and Folder Redirection.
This option has no effect if there are no
extensions called that require a logoff.
/Boot Causes a reboot after the Group Policy settings
are refreshed. This is required for those
Group Policy client-side extensions that do
not process policy on a background refresh cycle
but do process policy at computer startup.
Examples include computer-targeted Software
Installation. This option has no effect if
there are no extensions called that require
a reboot.
/Sync Causes the next foreground policy application to
be done synchronously. Foreground policy
applications occur at computer boot and user
logon. You can specify this for the user,
computer or both using the /Target parameter.
The /Force and /Wait parameters will be ignored
if specified.
For more information on force a group policy update, please refer to the
following articles.
298444 A Description of the Group Policy Update Utility
http://support.microsoft.com/?id=298444
II. What is the OU your GPO applied to?
Technically, the Group Policy system in Windows Server 2003 (SBS 2003) is
the same as Windows 2000. We can create an OU and the link a group policy
to this OU. Then the group policy will be applied to the Users and
Computers in this OU.
To create a Group Policy Object, please follow these steps:
1. Click Start, point to Administrative Tools, and then click Active
Directory Users and Computers.
2. Right-click the domain and then click Properties.
3. Click the Group Policy tab, and then click New.
4. Type the name that you want to use for this policy (for example,
ShopUsers policy), and then press ENTER.
5. Click Properties, and then click the Security tab.
6. Click to clear the Allow check box next to Apply Group Policy for the
security groups that you want to prevent from having this policy applied.
7. Click to select the Allow check box next to Apply Group Policy for the
groups to which you want to apply this policy, and then click OK.
8. Click OK, click OK again, and then quit Active Directory Users and
Computers.
Changes to a GPO are not immediately imposed upon the target computers, but
are applied in accordance with the currently valid group-policy refresh
interval. You can use the Secedit.exe command-line tool to impose GPO
settings on a target workstation immediately. See the Windows Server 2003
Help and Support Center for information about using the secedit command.
You can also refer to the following article to get detail info:
227302 Using SECEDIT to Force a Group Policy Refresh Immediately
http://support.microsoft.com/?id=227302
Try to test, how about the result?
III. If the issue persists, please run "gpresult /v>c:\gpresult.txt"
respectively in SBS server and some problematic client PC and send me the
file for further analyze. The mail address is v-yanniw@xxxxxxxxxxxxx
Have a nice day!
Best Regards,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>From: "Stephen Lilly" <stephen@xxxxxxxxxxxxxxxxxx>
>Newsgroups: microsoft.public.windows.server.sbs
>Subject: GPO has no effect
>Date: Fri, 29 Jul 2005 17:25:01 +0100
>Lines: 28
>Message-ID: <dcdl90$oco$1$8302bc10@xxxxxxxxxxxxxxxx>
>NNTP-Posting-Host: ebacuk.demon.co.uk
>X-Trace: news.demon.co.uk 1122654310 24984 83.104.61.223 (29 Jul 2005
16:25:10 GMT)
>X-Complaints-To: abuse@xxxxxxxxx
>NNTP-Posting-Date: Fri, 29 Jul 2005 16:25:10 +0000 (UTC)
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>X-Priority: 3
>X-RFC2646: Format=Flowed; Original
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>X-MSMail-Priority: Normal
>Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli
ne.de!newsfeed.icl.net!newsfeed.fjserv.net!peer-uk.news.demon.net!kibo.news.
demon.net!news.demon.co.uk!demon!not-for-mail
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:139906
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>Hi,
>
>Installation
>Windows 2003 SBS installed as a DC with AD, Windows 2003 Terminal Server
for
>thin net clients
>
>Problem
>Restricting access to shopfloor users to a minium...These users log onto
the
>domain and connet to the TS Server
>
>Setup
>I have created a GPO (ShopUsers), and linked this to a OU....This OU has
>then been linked to a new security group (Restricted Access)
>I have in turn added this Security Group (Restricted Access) to all the
>shopfloor users..
>
>Any Chages in the GPO do not effect the restriction of the ShopUsers..
>
>Have I linked this correctly ???
>
>Any ideas why this does not work ??
>
>Thank you
>
>Stephen
>
>
>
>
.
- Follow-Ups:
- RE: GPO has no effect
- From: "Jenny wu [MSFT]"
- RE: GPO has no effect
- Prev by Date: Re: Intermittant GPO failure to apply
- Next by Date: Re: SP1 install issue
- Previous by thread: OWA, Remote Web Workplace and ISA 2000 timeout issues are servie p
- Next by thread: RE: GPO has no effect
- Index(es):
Relevant Pages
|
