Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Windows IT help with group policy settings

T

ToddW

macrumors 6502a
Original poster
Feb 26, 2004
655
0
Well, I don't know if i should ask this here, but I'm going to ask anyway. I have gotten roped into setting up this domain controller for a standalone workstation environment. While that isn't that big of a deal for me, I am having a little trouble implementing some group policies that I want to configure our 40 clients on the domain. An example would be that I want to configure some windows settings like classic start menu and the same desktop background for all 40 clients no matter who the user is.

I can develop the group policy just fine. However when I log into one of the workstations on the domain none of the policies seem to take affect. Can anyone give me an idea what is going on.

Regards,

ToddW
 
I believe those are User settings rather than Computer ones. Have you applied the GPO to the Users container that contains your account, or to the Computer OU? If it is the Computer OU you'll have to move it over.

Also check the precedence order to make sure nothing gets overwritten in a later GP, and make sure that the policy is applied to Authenticated Users.
 
In the Group Policy Management tool I have it looking like this:

domain.com
-(linked)Default Domain Policy
-Domain Controllers
-(linked)Default Domain Controllers Policy
-(linked)My GPO
-Group Policy Objects
-Default Domain Controllers Policy
-Default Domain Policy
-MY GPO
-WMI Filters

In the GPO I have the security filter settings set for authenticated users

I'm not sure what else I need to do to get it working. I'm a newbie on GPOs. This is my first network that with this many clients and we want all the clients to be set up the same.

Previously everything was closed and we had general logins. Everything has to be secure now. I really don't want to have to do all the settings to each individual workstation.

Thanks for the help.
 
Maybe a stupid question, but have you joined the workstations to the AD domain?

If so, run the gpresult.exe program from the Command Prompt to check with GPOs are being applied.
 
Well the workstations are apart of the domain. Under the active directory under users and computers as follows:

domain.com
-Builtin
-Computers
-WS1
-WS2
-WS3
-WS4
-Domain Controllers
-ForeignSecurityPrinciples
-Users
-user1

When i run gpresult.exe
I get the policy object does not exist

thanks again

Todd
 
The Computers container is not a true OU from an AD perspective, so you cannot apply GPOs to objects in the Computers container. You will need to create a new OU, move your workstation objects into that OU, and then link your GPO to that OU (assuming your settings are Computer Configuration-based). The Users container is also somewhat special, so it's best practice to place your users (other than the system-created ones), computers, and other objects within an OU that you create.
 
DigitalVoodoo is mostly correct. Since these are per-user settings that you are trying to set, you have a couple of choices. You can either move your users into an OU and link your "My GPO" policy to that OU, or you can link "My GPO" to the domain, which means it will then apply to all users in the domain. The former is probably better practice than the latter, but both will work. Per-User settings must be linked such that user objects in AD will "see" them. Similiarly, per-computer settings must be linked the same way.

Darren (aka the GPOGUY)
www.sdmsoftware.com
 
thanks guys i appreciate the help. i knew i wasn't putting two and two together. i'll update tomorrow. again thanks for the help everyone.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back