Problems having new computers display group policies

By psullivan18 ·

I work in a school and we just had 30 new computers (xp sp3) installed on a server running windows 2003. The server had existing group policies associated with the old computers pertaining to user permissions through the gpmc. The new computers are hooked up to the domain and the server does list them in the active directory. However these computers do not show the same preferences/limitations as the old ones did. It's as if the new computers have no group policy associated with them. What has to be done in order for these new computers to display the policies?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Couple of things

by IC-IT In reply to Problems having new compu ...

Are they in an OU with the applicable GPOs linked to that OU?

Usually (due to fast user startup) XP takes a few reboots to properly apply the GPOs.
You may want to open a cmd prompt on one and do a gpupdate /force
than a gpresult

Collapse -

Every newly add ced computer could not be seen in ADO

by salim In reply to Couple of things

In order to see your newly installed computer in Active directory, you have to add them manually in Active directory tree. Then you can apply GPO as usual. It does not be seen automatically.

Collapse -

active directory

by psullivan18 In reply to Every newly add ced compu ...

As far as I can see the new computers are in the active directory. In the same place as the old ones underneath computers. Can these new computers use the same logons that the old ones used? Could this be causing the problem?

Collapse -

Active Directory

by psullivan18 In reply to Couple of things

As far as I can see, the computers are appearing in active directory underneath computers. Is it a problem thah the old computers are still listed also? I have run the gpupdate command from them with no luck. Do these computers need to be added somewhere else?

Collapse -

I take it you don't know that much about Active Directory

by CG IT In reply to Active Directory

First what type of GPO is supposed to be applied? a computer config or a user config?

If it's a computer configuration, and if the network engineer who designed your network knew his stuff, he created an OU and applied the GPO to the OU and dumped whatever computers he wanted the GPO to apply to into that OU. He did not change the default domain group policy that is applied to the default domain computer OU.

How does that relate to workstation joined to the domain? Those computers are placed in the default domain computers OU and only have the default domain computer GPO applied. So you have to move the computers you want the configred GPO to apply to to the OU in which the configured GPO is connected to.

This holds true with user GPOs. A good network AD desginer would not modify the default domain users GPO nor apply a configured GPO to the default domain users OU. He would create a new OU, configure the GPO and apply it to the new OU, then dump users he wants that GPO to apply to into the new OU.

Now if that network designer also was on the ball, he first designed the AD network with OUs and GPOs on paper, along with any tweeks and changes so that there would be documentation in case another network admin had to make changes.

If no documentation exists, then the first order of business is to create it. One you've done that and know how the AD network is configured, you then know what needs to be done to have GPOs applied to either users or computers.

Collapse -

Thanks for the help

by psullivan18 In reply to I take it you don't know ...

I fiddled with active directories years ago and alot of the knowledge I had is either outdated or forgotten. So I guess the next step would be to check to see which GPO these new computers are connected to. According to your response, I will probably see that they are connected to the default, correct? How do I dump these new computers to a already created GP that has the settings we want? Thanks again

Collapse -

you don't dump computers or users into a Group Policy

by CG IT In reply to Thanks for the help

Organizational Units (OU) are containers for collecting users or computers to apply a Group Policy Object (GPO). The GPO is applied to the OU. Computers or Users that are not in the OU do not receive the Group Policy.

So those users or computers that are not receiving the Group Policy you want are not in the OU that the GPO is applied to.

You have to find the correct OU then move those users or computers into the OU that the GPO is applied to.

The Group Policy Management Console is where you manage Group Policy.

There are tools available for determining a user or computer's Group Policy. RSoP. Resultant Set of Policy tool. You can find that on Microsoft Technet,.

All this (information)is available on Microsoft Technet.

There are other 3rd party tools also available for managing Group Policy. Just Google.

Collapse -

Test user

by psullivan18 In reply to you don't dump computers ...

So with some help of a technology consultant, we tested out some situations. From what I could see the consultant created a container and then created a test user. He then modified the GPO associated with that container. He basically removed the users ability to see the conrol panel. We then logged into a computer with the user name and password. The computer appeared to apply the settings but after the reboot, the user was still able to see and use the control panel. Nothing had changed. The GPO appeared to be enforced but with no changes. Is there something extra that has to be done?

Collapse -


by Brenton Keegan In reply to Active Directory

What is the scope of the actual GPOs? If the scope is not set to include the new workstations the policies will not apply.

Also, are there any WMI filters set?

Related Discussions

Related Forums