Re: Group Policies on OUs not Propagated

From: Eric Johansen (eric.johansen@reliastar.com)
Date: 03/22/02 

From: "Eric Johansen" <eric.johansen@reliastar.com>
To: <comprepsrv@yahoo.com>, <focus-ms@securityfocus.com>
Date: Thu, 21 Mar 2002 19:05:25 -0600

Although I do not have a specific answer for your issue, this chapter in the
newly released "Security Operations Guide for Windows 2000 Server" (from
Microsoft) has some troubleshooting tips and information on tools you can
use to help:

http://www.microsoft.com/technet/security/prodtech/windows2000serv/staysecur
e/secops03.asp

There are helpful links at the end of the chapter as well related to
troubleshooting group policy:

http://www.microsoft.com/Windows2000/techinfo/howitworks/management/gptshoot
.asp

http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q250842
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q216359

[URLs may be wrapped]

All in all...this is a great chapter and for that matter the entire guide
has some excellent information in it. :)

Good luck...

Eric

----- Original Message -----
From: <comprepsrv@yahoo.com>
To: <focus-ms@securityfocus.com>
Sent: Thursday, March 21, 2002 3:40 PM
Subject: Group Policies on OUs not Propagated

>
>
> Hello, I have a w2000 server running AD that
> authenticates w2000 clients. I have different policies
> set up for different OUs in AD. Domain level policies
> are picked up fine. With a new user account, policies
> are picked up okay. However, if a user account that
> has been in use is used, the policies do not refresh.
> Can anyone tell me how to correct this?
>
> thakns
> dp
>
>

Relevant Pages

  • Re: AD issues
    ... The domain controller will also act as DNS server i assume, so make sure that all domain machines uses this one as the DNS server on the NIC, not other external DNS servers. ... You should not change the default domain policy and the default domain controller policy, leave them as they are so in case of problems you can always revert back to the starting policies. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Policies having no effect on XP workstation
    ... If the nothing else is define yes the changes are made at the server holding ... If you check the GUID of the particular GPO object you can see if a such ... Also, the initial change is made to the PDC emulator DC, so it ... >> to the W2K3 server the policies started working. ...
    (microsoft.public.windows.group_policy)
  • Re: Remove GPO from member server that will not join the domain an
    ... Almost all policies do not permanently mark a machine. ... > server already and I'm not 100% sure how strong the inheritence will work ... >>> the server as this server will join his own workgroup. ...
    (microsoft.public.win2000.active_directory)
  • Re: Remote Desktop Logon to Server
    ... User Rights assignments under Local Policies. ... > person to logon to the server in a restricted mode. ... > change (this was before I put them into the Administrator ...
    (microsoft.public.win2000.networking)
  • Re: Question about Group Policies in XP.
    ... > taking the Run command off the start menu. ... > policies under the user account but if I have to set these ... Should I give the user account administrator rights ...
    (microsoft.public.windowsxp.security_admin)