Question

Locked

AD Default Domain Policy setting problem

By GreyIT ·
I have a problem with a domain policy pushing 2 desktop shortcut icons and a few quickmenu shortcuts to the users' desktop. My predecessor set it up, and I can't find where the setting is.

I have narrowed the issue to the default domain policy; if I break inheritance, the shortcuts only show up when I link the default domain policy to the OU. I would say this clearly identifies that policy as the culprit.

The problem is that when I check the default domain policy, I can find NO mention of any setting pushing desktop shortcuts.
Active Desktop settings are not used, and no login/logout/startup/shutdown scripts are used.

As those icons are no longer relevant, this is getting extremely annoying. I'm resorting to a login script to delete them each and every time, but that's an ugly hack that I would really prefer to solve properly.

Does anyone know what I might be overlooking ?

Oh, fyi, it's a windows server 2003 with SP2 installed.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Update

by GreyIT In reply to AD Default Domain Policy ...

Update: I've been testing by copying the policy and selectively erasing entries; the behavior holds even when the policy is removed from the OU (incl inheritance).

I can therefore only assume that something went wrong during my initial test (Murphy strikes) and that the successful result obtained by breaking inheritance was a non-reproducible fluke.

So if group policy is not the issue, how the **** does any new network user get 2 shortcuts, while local accounts don't ? So "All users" is out of the question, it's definitely network accounts only, but doesn't seem related to group policies now.

Collapse -

how Group Policy is processed

by CG IT In reply to Update

local machine, site, domain and OU in that order.

log on locally, you get only the local machine group policy, even if the computer belongs to a domain.

Have to add that the default domain policy applies domain wide, that is to all OUs and objects in OUs including nested OUs, and all computers and servers that are members of the domain, other than domain controllers that are in the domain controllers OU which has a seperate domain controllers default domain policy, in the domain, unless there is an OU policy.

You really can't remove or disconnect the default domain policy.

Collapse -

Login Script

by coberbeck In reply to Update

Stating the obvious, did you check the user's profile for a login script?

Collapse -

Resultant Set of Policy (rsop.msc)

by Churdoo In reply to Update

Start / run / rsop.msc

The result will tell you exactly what policies are affecting what. If this behaviour is caused by any policy, you should be able to find it with rsop.

Back to Networks Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums