Question

Locked

Group Policy is not taking effect on OU

By jeff.friend ·
All,


I am trying to apply a group policy to an OU in Active Directory 2008. For some reason it does not work when linked to just the OU. Here is my setup:

OU contains the computer that the policy needs to apply to and nothing else. The Group Policy is linked to the OU. The overall goal is to have a group policy take effect for users when they log onto a specific computer but not on any of the other computers they may log into.

Is there any method you guys would suggest to begin troubleshooting or if you know what may be the issue please let me know. I have tried several different alternatives to achieving the same result and have had no success.

Thanks,

-Jeff

This conversation is currently closed to new comments.

23 total posts (Page 3 of 3)   Prev   01 | 02 | 03
| Thread display: Collapse - | Expand +

All Answers

Collapse -

update 2

by jeff.friend In reply to update

I tried implementing computer settings in the GPO and those applied just fine when the user is not in the OU but it still will not apply the user settings without the user being inside the OU where the GPO is applied. Here is the gpresults:


Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 8/11/2010 at 4:24:02 PM


RSOP results for 3WIRE\csr on 3WIREPA-CSR2 : Logging Mode
----------------------------------------------------------

OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: 3WIRE
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
Roaming Profile:
Local Profile: C:\Documents and Settings\csr
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
CN=3WIREPA-CSR2,OU=VAWorkstations,OU=3WireComputers,DC=3Wire
Last time Group Policy was applied: 8/11/2010 at 4:20:54 PM
Group Policy was applied from: 3wirepa-vmserv.3Wire
Group Policy slow link threshold: 500 kbps

Applied Group Policy Objects
-----------------------------
VA_VPN_GPO<----------------------was applied here
Default Domain Policy

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
AllUsers
Filtering: Disabled (Link)

Local Group Policy
Filtering: Not Applied (Empty)

The computer is a part of the following security groups:
--------------------------------------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
3WIREPA-CSR2$
Domain Computers


USER SETTINGS
--------------
CN=csr,CN=Users,DC=3Wire
Last time Group Policy was applied: 8/11/2010 at 4:21:46 PM
Group Policy was applied from: 3wirepa-vmserv.3Wire
Group Policy slow link threshold: 500 kbps

Applied Group Policy Objects
-----------------------------
N/A<-------------------------Not applied here

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Default Domain Policy
Filtering: Not Applied (Empty)

Local Group Policy
Filtering: Not Applied (Empty)

The user is a part of the following security groups:
----------------------------------------------------
Domain Users
Everyone
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL

Collapse -

A possible solution

by NetMan1958 In reply to update 2

I think I understand your issue as it now exists; i.e. everything works like you want it to as long as the user that logs on to the traget computer is in the OU that the GPO is linked to. But, you don't want to or can't leave the user(s) in that OU.

Here is a possible solution. I believe you stated in an earlier post that you are only concerned with one computer and it is the only computer in this particular OU. If that's the case, what about just getting rid of the GPO on the AD controller and configure your settings in the local GPO on that computer itself. Make sure that the computer's local group named "Users" can apply the GPO. Make sure that the AD group "Domain Users" is a member of the local group named "Users" (it should be). I think that will solve your problem.

Collapse -

I figured it out (Loopback Processing)

by jeff.friend In reply to Group Policy is not takin ...

I noticed the computer policy was applying but the user policy was not. With a little research I found that loopback processing would resolve my issue. Here is a link to the info I found:

http://support.microsoft.com/kb/231287

Back to Desktop Forum
23 total posts (Page 3 of 3)   Prev   01 | 02 | 03

Related Discussions

Related Forums