Group policy is not working

[shivaj]

Hi

i am using 2003 server and i applied new group policy to disable control panel
and linked to OU but its not working on client

Is there any security group i need to set for this.
and i removed authenticate user from security and added domain user
but still not working

Hello shivaj,

Are the user accounts located in the OU where the GPO is linked to? Because
the setting belongs to the user configuration part it has only effect on
the user accounts.

Check with gpresult /v or rsop.msc logged on as the user to see if the setting
is applied.

Also the automatic GPO refresh time is between 90-120 minutes, so you have
to run gpupdate on the client machine to refresh the GPO immediately.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi
>
> i am using 2003 server and i applied new group policy to disable
> control panel
> and linked to OU but its not working on client
> Is there any security group i need to set for this.
> and i removed authenticate user from security and added domain user
> but still not working
> http://forums.techarena.in
>

[shivaj]

yes its linked to ou where i want that policy


security filtering
The setting in the gpo can only apply to the following group, user , computer

(in that i added)
administrator
domain admin
remoter desktop user

but its not working is there any thing i need to do to affect this gpo to the user

and the user is traniee member of following group


domain user
remotedesktop user

what do to next

Hello shivaj,

As asked before:

Did you check with gpresult /v or rsop.msc logged on as the user to see if
the setting is applied?

Did you run gpupdate /force on the machine?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> yes its linked to ou where i want that policy
>
> security filtering
> The setting in the gpo can only apply to the following group, user ,
> computer
> (in that i added)
> administrator
> domain admin
> remoter desktop user
> but its not working is there any thing i need to do to affect this gpo
> to the user
>
> and the user is traniee member of following group
>
> domain user remotedesktop user
>
> what do to next
>
> http://forums.techarena.in
>

[shivaj]

Rsop result

the data is invalid. Likely causes are data is corrupt Or data has been deleted

gpupdate /force (update is completed)

"shivaj" <shivaj.42gojd@DoNotSpam.com> wrote in message
news:shivaj.42gojd@DoNotSpam.com...
>
> Rsop result
>
> the data is invalid. Likely causes are data is corrupt Or data has been
> deleted
>
> gpupdate /force (update is completed)
>
>
> --
> shivaj

Shivaj,

Please provide an ipconfig /all from the server and from a client that this
is not working on. This will help evaluate your config if there are any
mis-configuration issues that are contributing to the problem.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

[shivaj]

Server config



Windows IP Configuration



Host Name . . . . . . . . . . . . : Testdomain.local

Primary Dns Suffix . . . . . . . : Testdomain.local

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Testdomain.local



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-1D-09-0E-63-C7

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.0.87

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.87

DNS Servers . . . . . . . . . . . : 203.145.184.13

203.145.184.32

Client config


Windows IP Configuration



Host Name . . . . . . . . . . . . : admin

Primary Dns Suffix . . . . . . . : Testdomain.local

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Testdomain.local



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-1E-C9-2D-1B-01

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.0.99

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 203.145.184.13

I checked that the client is not listed in forward lookup zone
what can i do to add client (host name :admin) to add forward lookup zone

This event is taken from client

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Date: 12/1/2009
Time: 4:36:24 PM
User: NT AUTHORITY\SYSTEM
Computer: ADMIN
Description:
Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Hello shivaj,

Remove the 203.145.184.13 and 203.145.184.32 from the NICs and configure
them as FORWARDERS under the DNS server properties in the DNS management
console instead on the DC/DNS server.

Domain internal use only the domain DNS server on all NICs, nothing else
so on the client the x.x.x.87 as DNS server.

Also the server should not use itself as the default gateway, configure the
router ip address.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Server config
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : Testdomain.local
>
> Primary Dns Suffix . . . . . . . : Testdomain.local
>
> Node Type . . . . . . . . . . . . : Unknown
>
> IP Routing Enabled. . . . . . . . : No
>
> WINS Proxy Enabled. . . . . . . . : No
>
> DNS Suffix Search List. . . . . . : Testdomain.local
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
>
> Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit
> Controller
>
> Physical Address. . . . . . . . . : 00-1D-09-0E-63-C7
>
> DHCP Enabled. . . . . . . . . . . : No
>
> IP Address. . . . . . . . . . . . : 192.168.0.87
>
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>
> Default Gateway . . . . . . . . . : 192.168.0.87
>
> DNS Servers . . . . . . . . . . . : 203.145.184.13
>
> 203.145.184.32
>
> Client config
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : admin
>
> Primary Dns Suffix . . . . . . . : Testdomain.local
>
> Node Type . . . . . . . . . . . . : Unknown
>
> IP Routing Enabled. . . . . . . . : No
>
> WINS Proxy Enabled. . . . . . . . : No
>
> DNS Suffix Search List. . . . . . : Testdomain.local
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
>
> Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit
> Controller
>
> Physical Address. . . . . . . . . : 00-1E-C9-2D-1B-01
>
> Dhcp Enabled. . . . . . . . . . . : No
>
> IP Address. . . . . . . . . . . . : 192.168.0.99
>
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>
> Default Gateway . . . . . . . . . : 192.168.0.1
>
> DNS Servers . . . . . . . . . . . : 203.145.184.13
>
> I checked that the client is not listed in forward lookup zone
> what can i do to add client (host name :admin) to add forward lookup
> zone
> http://forums.techarena.in
>

Hello shivaj,

Forget to mention:
If the reconfiguration is done remove the 203.145.x.x fromt he forward lookup
zones, so that all machines are only lsited with there LAN ip address 192.168.x.x

After the changes run ipconfig /flushdns and ipconfig /registerdns and restart
the netlogon service on the server and reboot the client.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Server config
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : Testdomain.local
>
> Primary Dns Suffix . . . . . . . : Testdomain.local
>
> Node Type . . . . . . . . . . . . : Unknown
>
> IP Routing Enabled. . . . . . . . : No
>
> WINS Proxy Enabled. . . . . . . . : No
>
> DNS Suffix Search List. . . . . . : Testdomain.local
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
>
> Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit
> Controller
>
> Physical Address. . . . . . . . . : 00-1D-09-0E-63-C7
>
> DHCP Enabled. . . . . . . . . . . : No
>
> IP Address. . . . . . . . . . . . : 192.168.0.87
>
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>
> Default Gateway . . . . . . . . . : 192.168.0.87
>
> DNS Servers . . . . . . . . . . . : 203.145.184.13
>
> 203.145.184.32
>
> Client config
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : admin
>
> Primary Dns Suffix . . . . . . . : Testdomain.local
>
> Node Type . . . . . . . . . . . . : Unknown
>
> IP Routing Enabled. . . . . . . . : No
>
> WINS Proxy Enabled. . . . . . . . : No
>
> DNS Suffix Search List. . . . . . : Testdomain.local
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
>
> Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit
> Controller
>
> Physical Address. . . . . . . . . : 00-1E-C9-2D-1B-01
>
> Dhcp Enabled. . . . . . . . . . . : No
>
> IP Address. . . . . . . . . . . . : 192.168.0.99
>
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>
> Default Gateway . . . . . . . . . : 192.168.0.1
>
> DNS Servers . . . . . . . . . . . : 203.145.184.13
>
> I checked that the client is not listed in forward lookup zone
> what can i do to add client (host name :admin) to add forward lookup
> zone
> http://forums.techarena.in
>

"shivaj" <shivaj.42ilzb@DoNotSpam.com> wrote in message
news:shivaj.42ilzb@DoNotSpam.com...
>
> Server config
>
>
>
> Windows IP Configuration
>
>
>
> Host Name . . . . . . . . . . . . : Testdomain.local
>
> Primary Dns Suffix . . . . . . . : Testdomain.local
>
> Node Type . . . . . . . . . . . . : Unknown
>
> IP Routing Enabled. . . . . . . . : No
>
> WINS Proxy Enabled. . . . . . . . : No
>
> DNS Suffix Search List. . . . . . : Testdomain.local
>
>
>
> Ethernet adapter Local Area Connection:
>
>
>
> Connection-specific DNS Suffix . :
>
> Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit
> Controller
>
> Physical Address. . . . . . . . . : 00-1D-09-0E-63-C7
>
> DHCP Enabled. . . . . . . . . . . : No
>
> IP Address. . . . . . . . . . . . : 192.168.0.87
>
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>
> Default Gateway . . . . . . . . . : 192.168.0.87
>
> DNS Servers . . . . . . . . . . . : 203.145.184.13
>
> 203.145.184.32
>
> Client config
>
>
> Windows IP Configuration
>
>
>
> Host Name . . . . . . . . . . . . : admin
>
> Primary Dns Suffix . . . . . . . : Testdomain.local
>
> Node Type . . . . . . . . . . . . : Unknown
>
> IP Routing Enabled. . . . . . . . : No
>
> WINS Proxy Enabled. . . . . . . . : No
>
> DNS Suffix Search List. . . . . . : Testdomain.local
>
>
>
> Ethernet adapter Local Area Connection:
>
>
>
> Connection-specific DNS Suffix . :
>
> Description . . . . . . . . . . . : Broadcom NetXtreme 57xx
> Gigabit Controller
>
> Physical Address. . . . . . . . . : 00-1E-C9-2D-1B-01
>
> Dhcp Enabled. . . . . . . . . . . : No
>
> IP Address. . . . . . . . . . . . : 192.168.0.99
>
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>
> Default Gateway . . . . . . . . . : 192.168.0.1
>
> DNS Servers . . . . . . . . . . . : 203.145.184.13
>
> I checked that the client is not listed in forward lookup zone
> what can i do to add client (host name :admin) to add forward lookup
> zone
>
>
> --
> shivaj
> ------------------------------------------------------------------------

I see why GPOs are not working including why the client machines are not in
the zone. I can't even see how the domain controller is in the zone, because
you are asking to register into the ISP's DNS server. I am surprised you are
not getting other errors, such as Netlogon, DNS registration errors, and
others, etc.

The 203.145.184.32 and other 203.x.x.x address is your ISP's DNS. The ISP's
DNS does not know where your domain controllers are, therefore how are the
machines supposed to "find" the domain controller to retrieve GPOs, as well
as other security and domain related information?

Please follow Meinolf's advise to fix it.

Also, the server shows that the IP address of the server AND the gateway is
itself?
> IP Address. . . . . . . . . . . . : 192.168.0.87
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.0.87

The client machine (admin) shows 192.168.0.1 as the gateway. Please change
the gateway on the server to this IP.

Ace

[shivaj]

Thanks Meinolf Weber and Ace Fekay now its working fine .........

Hello shivaj,

Nice to hear, you're welcome.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Thanks Meinolf Weber and Ace Fekay now its working fine .........
>
> http://forums.techarena.in
>

"shivaj" <shivaj.42kb3b@DoNotSpam.com> wrote in message
news:shivaj.42kb3b@DoNotSpam.com...
>
> Thanks Meinolf Weber and Ace Fekay now its working fine .........
>
>
> --
> shivaj

Good to hear! You are welcome as well!

Ace

[tanoli]

Dear all,

I am having some problem with my group policy. I am trying to implement a policy to a group but whatever the changes I make to the policy, they don't take effect. I am using the following way. Can you please tell me where I am wrong.

1. I have created a new group and added a few users to it.
2. I right clicked the group and selected properties.
3. I clicked on the group policy tab.
4. Selected New
5. Clicked edit.
6. Then Administrative Templates under user configuration
7. Applied a few changes, like disabling Add/remove programs from the Control Panel etc.
8. Closed the opened tree and clicked ok.
9. Went to run and typed "gpupdate"
10. then logged in to another computer with the username that was in the same group, but whatever I blocked in the policy are appearing there again.

Can you please help me with that, I am using windows server 2003.


Regards,
Waqas.

[Candace]

It is right that with the advent of Active Directory services management method of users and computers in a domain has changed mostly. There are more New tools that have been created to support this new management tools, which have also evolved even between Windows 2000 Server and Windows 2003 Server. I will recommend you to use GPMC. It is a new MMC that helps to give you a centralize management tasks and administration of group policies in a single console. Try this tool and check back.
Download GPMC