Re: Newbie policy & security groups ?: SBS/Win 2003 AD
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 03/08/05
- Previous message: Steven L Umbach: "Re: Securing a 2k client in a NT4 Domain"
- In reply to: Gina: "Newbie policy & security groups ?: SBS/Win 2003 AD"
- Next in thread: Gina: "Re: Newbie policy & security groups ?: SBS/Win 2003 AD"
- Reply: Gina: "Re: Newbie policy & security groups ?: SBS/Win 2003 AD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 8 Mar 2005 16:50:07 -0600
The user or computer that you are applying the Group Policy to must be in
the OU. It should not matter where the groups are as Group Policy does not
apply to groups - only users and computers but groups can be used to manage
who Group Policy applies to via changing the "apply" permission for the
Group Policy. Use only global groups if you are trying to manage Group
Policy apply permissions. The rpc unavailable error could mean that the
computer that you are trying to run the RSOP for is not turned on, it has a
firewall enabled on it, or there is a name resolution problem. See the link
below on Active Directory dns as proper dns configuration in the domain is
critical for Group Policy and everything else to work properly. The support
tools netdiag and dcdiag are very helpful in tracking down domain/networking
problems that can contribute to Group Policy problems. --- Steve
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382 --- dns
FAQ
http://support.microsoft.com/default.aspx?scid=kb;en-us;321708 --- netdiag
and how to install support tools.
"Gina" <Gina@discussions.microsoft.com> wrote in message
news:31952EEB-F3F6-45A0-96DE-A18CDC8440E7@microsoft.com...
>I hope someone can pinpoint what I am doing wrong in the following:
>
> In AD, I create an OU, create a user policy to do obvious desktop things
> like remove run menu, and I assign/link the policy to the OU. Other than
> this policy, there is only the default policies which come with SBS 2003.
>
> If I move a user object to the OU, then log the user onto an XP client,
> the
> policy is applied as expected.
>
> Here is the problem: if I create a global or domain security group and
> add
> this user to the group, and move the security group to the OU the policy
> is
> not applied when this user logs on.
>
> Additional symptom: When this user logs on in the 2nd scenario, besides
> the
> custom policy not being applied, it appears that a previous domain policy
> which has been removed is trying to apply. It was a software install
> policy
> that results in a message when the user logs on saying "you have to be an
> admin to install software".
>
> One more thing: I cannot run the group policy results in SBS for this
> user
> and computer. I receive "rpc server unavailble" errors, but all the
> appropriate services are running.
>
> Thanks for anything--Gina
- Previous message: Steven L Umbach: "Re: Securing a 2k client in a NT4 Domain"
- In reply to: Gina: "Newbie policy & security groups ?: SBS/Win 2003 AD"
- Next in thread: Gina: "Re: Newbie policy & security groups ?: SBS/Win 2003 AD"
- Reply: Gina: "Re: Newbie policy & security groups ?: SBS/Win 2003 AD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
