• Creator
  • #2213885

    AD Default Domain Policy setting problem


    by greyit ·

    I have a problem with a domain policy pushing 2 desktop shortcut icons and a few quickmenu shortcuts to the users’ desktop. My predecessor set it up, and I can’t find where the setting is.

    I have narrowed the issue to the default domain policy; if I break inheritance, the shortcuts only show up when I link the default domain policy to the OU. I would say this clearly identifies that policy as the culprit.

    The problem is that when I check the default domain policy, I can find NO mention of any setting pushing desktop shortcuts.
    Active Desktop settings are not used, and no login/logout/startup/shutdown scripts are used.

    As those icons are no longer relevant, this is getting extremely annoying. I’m resorting to a login script to delete them each and every time, but that’s an ugly hack that I would really prefer to solve properly.

    Does anyone know what I might be overlooking ?

    Oh, fyi, it’s a windows server 2003 with SP2 installed.

All Answers

  • Author
    • #3028709


      by greyit ·

      In reply to AD Default Domain Policy setting problem


    • #3028693


      by greyit ·

      In reply to AD Default Domain Policy setting problem

      Update: I’ve been testing by copying the policy and selectively erasing entries; the behavior holds even when the policy is removed from the OU (incl inheritance).

      I can therefore only assume that something went wrong during my initial test (Murphy strikes) and that the successful result obtained by breaking inheritance was a non-reproducible fluke.

      So if group policy is not the issue, how the hell does any new network user get 2 shortcuts, while local accounts don’t ? So “All users” is out of the question, it’s definitely network accounts only, but doesn’t seem related to group policies now.

      • #3028650

        how Group Policy is processed

        by cg it ·

        In reply to Update

        local machine, site, domain and OU in that order.

        log on locally, you get only the local machine group policy, even if the computer belongs to a domain.

        Have to add that the default domain policy applies domain wide, that is to all OUs and objects in OUs including nested OUs, and all computers and servers that are members of the domain, other than domain controllers that are in the domain controllers OU which has a seperate domain controllers default domain policy, in the domain, unless there is an OU policy.

        You really can’t remove or disconnect the default domain policy.

      • #3028624

        Login Script

        by coberbeck ·

        In reply to Update

        Stating the obvious, did you check the user’s profile for a login script?

      • #3028571

        Resultant Set of Policy (rsop.msc)

        by churdoo ·

        In reply to Update

        Start / run / rsop.msc

        The result will tell you exactly what policies are affecting what. If this behaviour is caused by any policy, you should be able to find it with rsop.

Viewing 1 reply thread