Active Directory policies not pushing - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 04-02-2006, 10:22 AM   #1 (permalink)
Monster Techie
 
Join Date: Dec 2003
Posts: 1,084
Send a message via Yahoo to IBMan
Default Active Directory policies not pushing

So i've got my active directory setup and working, just built a new client image for my laptop last night, before i built it I had just plain old xp pro, no sp, now i have windows xp sp2. When i go to gpedit.msc it shows as policies predefined but they are not doing anything, one policy is do not require ctrl alt del at logon, and it shows as being configured but i still have to push ctrl alt del at logon, this was not an issue before sp2, also i have it delete my cached profile at logoff but it doesn't delete it it just makes renamed copies of each.

if anyone knows anything i can check to see wtf's going on.
__________________

__________________
Server:
AMD Athlon 4000+ @ 2.4 GHz
4096 MB RAM
40 GB HDD
Dual Mirrored 500 GB HDDs
DVD-ROM Drive
Windows Server 2003 x64 R2 SP2
IBMan is offline  
Old 04-02-2006, 11:29 AM   #2 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

is the client connected to the domain?
__________________

__________________
Osiris is offline  
Old 04-02-2006, 12:11 PM   #3 (permalink)
Monster Techie
 
Join Date: Dec 2003
Posts: 1,084
Send a message via Yahoo to IBMan
Default

yep
__________________
Server:
AMD Athlon 4000+ @ 2.4 GHz
4096 MB RAM
40 GB HDD
Dual Mirrored 500 GB HDDs
DVD-ROM Drive
Windows Server 2003 x64 R2 SP2
IBMan is offline  
Old 04-02-2006, 12:19 PM   #4 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

do you have a kixtart?
__________________
Osiris is offline  
Old 04-02-2006, 12:23 PM   #5 (permalink)
Law
Wizard Techie
 
Law's Avatar
 
Join Date: Aug 2005
Location: the data closet
Posts: 4,200
Default

Check AD user and computer, what I would do is create an OU, then put the computer in there. Then create the no ctrl+alt+del policy, making sure it's on the bottom of the default local policy. On the server you can run gpresult in the command prompt to see which policy is applied first. You may also have to force this policy because it takes about 90min to update, thats when you do gpedit /force on the server and XP machine.

On another note, you don't have to create another OU, you can put this policy on the Domain level so that it will affect all computer and user, but I rather create OU then change anything on the domain level.
Law is offline  
Old 04-02-2006, 12:26 PM   #6 (permalink)
Law
Wizard Techie
 
Law's Avatar
 
Join Date: Aug 2005
Location: the data closet
Posts: 4,200
Default

Sorry forgot to edit, the no ctrl-alt del much be after the default policy, when you run gpresult. Was going so fast trying to help you and forgot to use my head.
Law is offline  
Old 04-02-2006, 12:52 PM   #7 (permalink)
Monster Techie
 
Join Date: Dec 2003
Posts: 1,084
Send a message via Yahoo to IBMan
Default

I can't remember exactlty how I had my policies setup, but it worked, i did a gpupdate and gpupdate /force on the server, then the client, both were forced to logoff and then the policy was pushed to the client. However I'm confused as to why I had to refresh the policy on the server, I have it scheduled to reboot every day at 2:00 am, which actually should have refreshed the policy itself shouldn't it?
__________________
Server:
AMD Athlon 4000+ @ 2.4 GHz
4096 MB RAM
40 GB HDD
Dual Mirrored 500 GB HDDs
DVD-ROM Drive
Windows Server 2003 x64 R2 SP2
IBMan is offline  
Old 04-02-2006, 01:25 PM   #8 (permalink)
Law
Wizard Techie
 
Law's Avatar
 
Join Date: Aug 2005
Location: the data closet
Posts: 4,200
Default

I have no idea, I tried this and I had to force the policy. Same goes for "Do not display the last user name". I guess it has something to do with the OU if the computer is in it and the user is not while the user is login. But I can't tell you for sure.
Law is offline  
Old 04-02-2006, 04:18 PM   #9 (permalink)
Monster Techie
 
Join Date: Dec 2003
Posts: 1,084
Send a message via Yahoo to IBMan
Default

ok cool, thanks for help, as long as it's fixed now i don't have to worry
__________________

__________________
Server:
AMD Athlon 4000+ @ 2.4 GHz
4096 MB RAM
40 GB HDD
Dual Mirrored 500 GB HDDs
DVD-ROM Drive
Windows Server 2003 x64 R2 SP2
IBMan is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 05:01 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.