Active Directory policies not pushing

Status
Not open for further replies.

IBMan

Daemon Poster
Messages
1,084
So i've got my active directory setup and working, just built a new client image for my laptop last night, before i built it I had just plain old xp pro, no sp, now i have windows xp sp2. When i go to gpedit.msc it shows as policies predefined but they are not doing anything, one policy is do not require ctrl alt del at logon, and it shows as being configured but i still have to push ctrl alt del at logon, this was not an issue before sp2, also i have it delete my cached profile at logoff but it doesn't delete it it just makes renamed copies of each.

if anyone knows anything i can check to see wtf's going on.
 
Check AD user and computer, what I would do is create an OU, then put the computer in there. Then create the no ctrl+alt+del policy, making sure it's on the bottom of the default local policy. On the server you can run gpresult in the command prompt to see which policy is applied first. You may also have to force this policy because it takes about 90min to update, thats when you do gpedit /force on the server and XP machine.

On another note, you don't have to create another OU, you can put this policy on the Domain level so that it will affect all computer and user, but I rather create OU then change anything on the domain level.
 
Sorry forgot to edit, the no ctrl-alt del much be after the default policy, when you run gpresult. Was going so fast trying to help you and forgot to use my head.
 
I can't remember exactlty how I had my policies setup, but it worked, i did a gpupdate and gpupdate /force on the server, then the client, both were forced to logoff and then the policy was pushed to the client. However I'm confused as to why I had to refresh the policy on the server, I have it scheduled to reboot every day at 2:00 am, which actually should have refreshed the policy itself shouldn't it?
 
I have no idea, I tried this and I had to force the policy. Same goes for "Do not display the last user name". I guess it has something to do with the OU if the computer is in it and the user is not while the user is login. But I can't tell you for sure.
 
ok cool, thanks for help, as long as it's fixed now i don't have to worry
 
Status
Not open for further replies.
Back
Top Bottom