Hey all
I run a smallish network (40 odd users) and Windows 2000 advanced server with active directory. I have basically grouped pc’s into seperate OUs based on their role and OS version. The other day I was trying out some ‘new’ security templates from microsoft
http://go.microsoft.com/fwlink/?LinkId=14840
I created an OU called “test environment” and placed my own machine in there… created a new Group policy and applied the “Enterprise – client – desktop” template to it and refreshed the group policy to my machine. Unfortunately that same Group policy found its way into the other OUs and managed to apply itself to a number of our 2000 clients causing the following to happen:
Outlook comes up with a password prompt (user, password and domain) and nothing will authenticate with it porperly.
IE refuses to work citing a DNS error
“net use” becomes an unsupported command when tying to connect to remote drives
I checked the event log and found that part of the problem was that “a user account in the group policy could not be resolved to a SID” so I dug through the group policy itself and tried to resolve it by first removing the accounts from the user rights assignment.. then adding all the valid accounts. Refreshing the policy on the 2000 clients seemed to work, so I quickly deleted the link to the incorrect group policy and just have the “default domain policy” (which is unchanged) applied
The only problem is that the problem has reared its ugly head again today and I cannot get it fixed despite what I do. I figure its not a GP error now as the other 2000 clients are fine…
I cant seem to wrap my head around this one 🙁