I have sucessfully set up a Windows 2003 Server with AD, DNS, WINS, and DHCP. I have my workstations connecting to it, etc. Everything works fine except for when I try to make changes to the Default Domain Policy. Seems that any changes I make are not reflected upon the users that log on to the domain. I have set the Security Filtering to the group that the users belong to, as well as trying to add those groups to the delegations tab of the GPM. I have tried moving the users to different groups, and making them a part of certain Group Polocy Object. I am specifically trying to install software across the network and its not working...and I am almost sure I set that up properly but even if I didnt, a simple change of not showing the control panel is not being administered to the users either. If anyone can advise me as to what might be the problem and why no users or groups besides the Default Domain Controller Policy are being managed. The Default Domain Controller Policy is reflecting upon the administrator, however, any of the others are not.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Navigation
Install the app
How to install the app on iOS
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
More options
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Would anyone like to help me with GPO in Windows Server 2003?
- Thread starter skeebop
- Start date
The more GP's you have setup for a particular OU the longer its gonna take.
When you setup a GP and you making the changes in the User or Computer part of the GP. If you make a change to the user portion and want to apply it to and OU that contains computer objects, then you need to use a GP switch called "User Group Policy Loopback mode". There is also one for the Computer side "Computer Group Policy Loopback mode".
When you setup a GP and you making the changes in the User or Computer part of the GP. If you make a change to the user portion and want to apply it to and OU that contains computer objects, then you need to use a GP switch called "User Group Policy Loopback mode". There is also one for the Computer side "Computer Group Policy Loopback mode".
YeOldeStonecat
[H]F Junkie
- Joined
- Jul 19, 2004
- Messages
- 11,330
Slow log in makes me think there's a DNS issue first....
Is your DC set to use itself as the one and only DNS server in the TCP properties?
Are clients set to use the DC's IP address as their one and only DNS server?
Assuming all clients are Win2Kp or XPp? Showing themselves as registered in the DNS forward lookup zone? Or are there Win9X clients on the network....since I see you have that old WINS running too.
Is your DC set to use itself as the one and only DNS server in the TCP properties?
Are clients set to use the DC's IP address as their one and only DNS server?
Assuming all clients are Win2Kp or XPp? Showing themselves as registered in the DNS forward lookup zone? Or are there Win9X clients on the network....since I see you have that old WINS running too.
as a matter of fact, the DC is set to use itself and then its secondary is pointing to the router I have hooked up to the internet, although i do not use the router for dhcp purposes....only as a switch and gateway. The computer are set up to point to the DC for dns, and the router for the gateway. Is there anything you can say about the GPO problems im having?
There is a nifty feature of Winxp2k3 (This was a bug in Win2k DNS worked everytime but MS fixed it and it no longer resolves right on WinXP). It will not resolve DNS upon logon so it will sit there until it times out. Make sure all workstations are have a manual DNS entry poing it to the server this will help speed up logon, (make sure the server is also pointing at itself) You can also do this from a router enter the DNS servers manualy this will give you a reverse DNS to each machine thus saving you time by not modifying each workstations DNS entries (or a GPO will do it). Make sure you run gpudate /taget:computer /force or gpupdate /target:user /force every time you make changes to GPO. Oh it also help having Group Policy Console for win2k3, it comes with SBS 2k3 but it doesn't with any other server edition of 2k3.. To kick start the GPO log of and onto the server.
Man I must have been drunk when I made this post the spelling mistakes.
Man I must have been drunk when I made this post the spelling mistakes.
YeOldeStonecat
[H]F Junkie
- Joined
- Jul 19, 2004
- Messages
- 11,330
skeebop said:as a matter of fact, the DC is set to use itself and then its secondary is pointing to the router I have hooked up to the internet, although i do not use the router for dhcp purposes....only as a switch and gateway. The computer are set up to point to the DC for dns, and the router for the gateway. Is there anything you can say about the GPO problems im having?
Sheesh you dont' have to be snotty about it....as DNS in Win2K and XP networks where AD is involved is the key to a LOT of network functionality....and you mentioned slow domain logins...which improper DNS setup is a common cause of, I've seen this as being common in a lot of networks I go to troubleshoot, lots of people still set up 2K domains like they did NT 4.
Beaming out!
skeebop said:are you saying that when I make changes to the GPO from the DC server, i have to log off then log back on to have it be enforced to the workstations on their next logon?
Exactly, but you can force an update with gpupdate