Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Group policy is not working
Group policy is not working [message #328853] Thu, 26 November 2009 23:50 Go to next message
shivaj  is currently offline shivaj  United States
Messages: 16
Registered: November 2009
Junior Member
Hi

i am using 2003 server and i applied new group policy to disable
control panel
and linked to OU but its not working on client

Is there any security group i need to set for this.
and i removed authenticate user from security and added domain user
but still not working


--
shivaj
------------------------------------------------------------ ------------
shivaj's Profile: http://forums.techarena.in/members/151956.htm
View this thread: http://forums.techarena.in/active-directory/1275608.htm

http://forums.techarena.in
Re: Group policy is not working [message #328876 is a reply to message #328853] Fri, 27 November 2009 01:41 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello shivaj,

Are the user accounts located in the OU where the GPO is linked to? Because
the setting belongs to the user configuration part it has only effect on
the user accounts.

Check with gpresult /v or rsop.msc logged on as the user to see if the setting
is applied.

Also the automatic GPO refresh time is between 90-120 minutes, so you have
to run gpupdate on the client machine to refresh the GPO immediately.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi
>
> i am using 2003 server and i applied new group policy to disable
> control panel
> and linked to OU but its not working on client
> Is there any security group i need to set for this.
> and i removed authenticate user from security and added domain user
> but still not working
> http://forums.techarena.in
>
Re: Group policy is not working [message #328906 is a reply to message #328853] Fri, 27 November 2009 02:59 Go to previous messageGo to next message
shivaj  is currently offline shivaj  United States
Messages: 16
Registered: November 2009
Junior Member
yes its linked to ou where i want that policy


security filtering
The setting in the gpo can only apply to the following group, user ,
computer

(in that i added)
administrator
domain admin
remoter desktop user

but its not working is there any thing i need to do to affect this gpo
to the user

and the user is traniee member of following group


domain user
remotedesktop user

what do to next


--
shivaj
------------------------------------------------------------ ------------
shivaj's Profile: http://forums.techarena.in/members/151956.htm
View this thread: http://forums.techarena.in/active-directory/1275608.htm

http://forums.techarena.in
Re: Group policy is not working [message #328936 is a reply to message #328906] Fri, 27 November 2009 04:47 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello shivaj,

As asked before:

Did you check with gpresult /v or rsop.msc logged on as the user to see if
the setting is applied?

Did you run gpupdate /force on the machine?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> yes its linked to ou where i want that policy
>
> security filtering
> The setting in the gpo can only apply to the following group, user ,
> computer
> (in that i added)
> administrator
> domain admin
> remoter desktop user
> but its not working is there any thing i need to do to affect this gpo
> to the user
>
> and the user is traniee member of following group
>
> domain user remotedesktop user
>
> what do to next
>
> http://forums.techarena.in
>
Re: Group policy is not working [message #331015 is a reply to message #328853] Mon, 30 November 2009 04:07 Go to previous messageGo to next message
shivaj  is currently offline shivaj  United States
Messages: 16
Registered: November 2009
Junior Member
Rsop result

the data is invalid. Likely causes are data is corrupt Or data has been
deleted

gpupdate /force (update is completed)


--
shivaj
------------------------------------------------------------ ------------
shivaj's Profile: http://forums.techarena.in/members/151956.htm
View this thread: http://forums.techarena.in/active-directory/1275608.htm

http://forums.techarena.in
Re: Group policy is not working [message #331060 is a reply to message #331015] Mon, 30 November 2009 06:20 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"shivaj" <shivaj.42gojd@DoNotSpam.com> wrote in message
news:shivaj.42gojd@DoNotSpam.com...
>
> Rsop result
>
> the data is invalid. Likely causes are data is corrupt Or data has been
> deleted
>
> gpupdate /force (update is completed)
>
>
> --
> shivaj

Shivaj,

Please provide an ipconfig /all from the server and from a client that this
is not working on. This will help evaluate your config if there are any
mis-configuration issues that are contributing to the problem.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
Re: Group policy is not working [message #332034 is a reply to message #328853] Tue, 01 December 2009 05:10 Go to previous messageGo to next message
shivaj  is currently offline shivaj  United States
Messages: 16
Registered: November 2009
Junior Member
Server config



Windows IP Configuration



Host Name . . . . . . . . . . . . : Testdomain.local

Primary Dns Suffix . . . . . . . : Testdomain.local

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Testdomain.local



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit
Controller

Physical Address. . . . . . . . . : 00-1D-09-0E-63-C7

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.0.87

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.87

DNS Servers . . . . . . . . . . . : 203.145.184.13

203.145.184.32

Client config


Windows IP Configuration



Host Name . . . . . . . . . . . . : admin

Primary Dns Suffix . . . . . . . : Testdomain.local

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Testdomain.local



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx
Gigabit Controller

Physical Address. . . . . . . . . : 00-1E-C9-2D-1B-01

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.0.99

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 203.145.184.13

I checked that the client is not listed in forward lookup zone
what can i do to add client (host name :admin) to add forward lookup
zone


--
shivaj
------------------------------------------------------------ ------------
shivaj's Profile: http://forums.techarena.in/members/151956.htm
View this thread: http://forums.techarena.in/active-directory/1275608.htm

http://forums.techarena.in
Re: Group policy is not working [message #332074 is a reply to message #332034] Tue, 01 December 2009 07:00 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello shivaj,

Remove the 203.145.184.13 and 203.145.184.32 from the NICs and configure
them as FORWARDERS under the DNS server properties in the DNS management
console instead on the DC/DNS server.

Domain internal use only the domain DNS server on all NICs, nothing else
so on the client the x.x.x.87 as DNS server.

Also the server should not use itself as the default gateway, configure the
router ip address.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Server config
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : Testdomain.local
>
> Primary Dns Suffix . . . . . . . : Testdomain.local
>
> Node Type . . . . . . . . . . . . : Unknown
>
> IP Routing Enabled. . . . . . . . : No
>
> WINS Proxy Enabled. . . . . . . . : No
>
> DNS Suffix Search List. . . . . . : Testdomain.local
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
>
> Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit
> Controller
>
> Physical Address. . . . . . . . . : 00-1D-09-0E-63-C7
>
> DHCP Enabled. . . . . . . . . . . : No
>
> IP Address. . . . . . . . . . . . : 192.168.0.87
>
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>
> Default Gateway . . . . . . . . . : 192.168.0.87
>
> DNS Servers . . . . . . . . . . . : 203.145.184.13
>
> 203.145.184.32
>
> Client config
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : admin
>
> Primary Dns Suffix . . . . . . . : Testdomain.local
>
> Node Type . . . . . . . . . . . . : Unknown
>
> IP Routing Enabled. . . . . . . . : No
>
> WINS Proxy Enabled. . . . . . . . : No
>
> DNS Suffix Search List. . . . . . : Testdomain.local
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
>
> Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit
> Controller
>
> Physical Address. . . . . . . . . : 00-1E-C9-2D-1B-01
>
> Dhcp Enabled. . . . . . . . . . . : No
>
> IP Address. . . . . . . . . . . . : 192.168.0.99
>
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>
> Default Gateway . . . . . . . . . : 192.168.0.1
>
> DNS Servers . . . . . . . . . . . : 203.145.184.13
>
> I checked that the client is not listed in forward lookup zone
> what can i do to add client (host name :admin) to add forward lookup
> zone
> http://forums.techarena.in
>
Re: Group policy is not working [message #332075 is a reply to message #332034] Tue, 01 December 2009 07:02 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello shivaj,

Forget to mention:
If the reconfiguration is done remove the 203.145.x.x fromt he forward lookup
zones, so that all machines are only lsited with there LAN ip address 192.168.x.x

After the changes run ipconfig /flushdns and ipconfig /registerdns and restart
the netlogon service on the server and reboot the client.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Server config
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : Testdomain.local
>
> Primary Dns Suffix . . . . . . . : Testdomain.local
>
> Node Type . . . . . . . . . . . . : Unknown
>
> IP Routing Enabled. . . . . . . . : No
>
> WINS Proxy Enabled. . . . . . . . : No
>
> DNS Suffix Search List. . . . . . : Testdomain.local
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
>
> Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit
> Controller
>
> Physical Address. . . . . . . . . : 00-1D-09-0E-63-C7
>
> DHCP Enabled. . . . . . . . . . . : No
>
> IP Address. . . . . . . . . . . . : 192.168.0.87
>
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>
> Default Gateway . . . . . . . . . : 192.168.0.87
>
> DNS Servers . . . . . . . . . . . : 203.145.184.13
>
> 203.145.184.32
>
> Client config
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : admin
>
> Primary Dns Suffix . . . . . . . : Testdomain.local
>
> Node Type . . . . . . . . . . . . : Unknown
>
> IP Routing Enabled. . . . . . . . : No
>
> WINS Proxy Enabled. . . . . . . . : No
>
> DNS Suffix Search List. . . . . . : Testdomain.local
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
>
> Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit
> Controller
>
> Physical Address. . . . . . . . . : 00-1E-C9-2D-1B-01
>
> Dhcp Enabled. . . . . . . . . . . : No
>
> IP Address. . . . . . . . . . . . : 192.168.0.99
>
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>
> Default Gateway . . . . . . . . . : 192.168.0.1
>
> DNS Servers . . . . . . . . . . . : 203.145.184.13
>
> I checked that the client is not listed in forward lookup zone
> what can i do to add client (host name :admin) to add forward lookup
> zone
> http://forums.techarena.in
>
Re: Group policy is not working [message #332096 is a reply to message #332034] Tue, 01 December 2009 07:37 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"shivaj" <shivaj.42ilzb@DoNotSpam.com> wrote in message
news:shivaj.42ilzb@DoNotSpam.com...
>
> Server config
>
>
>
> Windows IP Configuration
>
>
>
> Host Name . . . . . . . . . . . . : Testdomain.local
>
> Primary Dns Suffix . . . . . . . : Testdomain.local
>
> Node Type . . . . . . . . . . . . : Unknown
>
> IP Routing Enabled. . . . . . . . : No
>
> WINS Proxy Enabled. . . . . . . . : No
>
> DNS Suffix Search List. . . . . . : Testdomain.local
>
>
>
> Ethernet adapter Local Area Connection:
>
>
>
> Connection-specific DNS Suffix . :
>
> Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit
> Controller
>
> Physical Address. . . . . . . . . : 00-1D-09-0E-63-C7
>
> DHCP Enabled. . . . . . . . . . . : No
>
> IP Address. . . . . . . . . . . . : 192.168.0.87
>
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>
> Default Gateway . . . . . . . . . : 192.168.0.87
>
> DNS Servers . . . . . . . . . . . : 203.145.184.13
>
> 203.145.184.32
>
> Client config
>
>
> Windows IP Configuration
>
>
>
> Host Name . . . . . . . . . . . . : admin
>
> Primary Dns Suffix . . . . . . . : Testdomain.local
>
> Node Type . . . . . . . . . . . . : Unknown
>
> IP Routing Enabled. . . . . . . . : No
>
> WINS Proxy Enabled. . . . . . . . : No
>
> DNS Suffix Search List. . . . . . : Testdomain.local
>
>
>
> Ethernet adapter Local Area Connection:
>
>
>
> Connection-specific DNS Suffix . :
>
> Description . . . . . . . . . . . : Broadcom NetXtreme 57xx
> Gigabit Controller
>
> Physical Address. . . . . . . . . : 00-1E-C9-2D-1B-01
>
> Dhcp Enabled. . . . . . . . . . . : No
>
> IP Address. . . . . . . . . . . . : 192.168.0.99
>
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>
> Default Gateway . . . . . . . . . : 192.168.0.1
>
> DNS Servers . . . . . . . . . . . : 203.145.184.13
>
> I checked that the client is not listed in forward lookup zone
> what can i do to add client (host name :admin) to add forward lookup
> zone
>
>
> --
> shivaj
> ------------------------------------------------------------ ------------

I see why GPOs are not working including why the client machines are not in
the zone. I can't even see how the domain controller is in the zone, because
you are asking to register into the ISP's DNS server. I am surprised you are
not getting other errors, such as Netlogon, DNS registration errors, and
others, etc.

The 203.145.184.32 and other 203.x.x.x address is your ISP's DNS. The ISP's
DNS does not know where your domain controllers are, therefore how are the
machines supposed to "find" the domain controller to retrieve GPOs, as well
as other security and domain related information?

Please follow Meinolf's advise to fix it.

Also, the server shows that the IP address of the server AND the gateway is
itself?
> IP Address. . . . . . . . . . . . : 192.168.0.87
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.0.87

The client machine (admin) shows 192.168.0.1 as the gateway. Please change
the gateway on the server to this IP.

Ace
Re: Group policy is not working [message #333096 is a reply to message #328853] Wed, 02 December 2009 02:59 Go to previous messageGo to next message
shivaj  is currently offline shivaj  United States
Messages: 16
Registered: November 2009
Junior Member
Thanks Meinolf Weber and Ace Fekay now its working fine .........


--
shivaj
------------------------------------------------------------ ------------
shivaj's Profile: http://forums.techarena.in/members/151956.htm
View this thread: http://forums.techarena.in/active-directory/1275608.htm

http://forums.techarena.in
Re: Group policy is not working [message #333133 is a reply to message #333096] Wed, 02 December 2009 04:24 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello shivaj,

Nice to hear, you're welcome.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Thanks Meinolf Weber and Ace Fekay now its working fine .........
>
> http://forums.techarena.in
>
Re: Group policy is not working [message #333264 is a reply to message #333096] Wed, 02 December 2009 07:35 Go to previous message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"shivaj" <shivaj.42kb3b@DoNotSpam.com> wrote in message
news:shivaj.42kb3b@DoNotSpam.com...
>
> Thanks Meinolf Weber and Ace Fekay now its working fine .........
>
>
> --
> shivaj

Good to hear! You are welcome as well!

Ace
Previous Topic:Hide Special folders
Next Topic:Legal Note
Goto Forum:
  


Current Time: Thu Jan 18 20:43:11 MST 2018

Total time taken to generate the page: 0.03561 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software