Q: Hey guys this is my setup at work:
1 Domain Controller Application server
1 server
10 Customer PCs
all connected via a Linksys 4port VPN + 24-port switch.
So no client PCs, firewalls, because there has not been enabled to use yet Here is a sample .
GPO: Administrative Templates
User Configuration
-u003e-Desktop
u003e u003e-Active Desktop
3. Under the “Active Desktop” I changed these options:
Active Desktop Wallpapers – turned on and set the unc
path the wallpaper, only bitmapped bmp.
Allow Wallpaper – enabled
Enable Active Desktop – enable
Disable All Items – enable
Prohibit changes – enable
4. Then I went to:
User Configuration
-u003e-Templates
Administrative Control u003e u003e Display
Disable Panel
-changing wallpaper – enable
When I log on with an administrator account in the actual DS or AS, I see the changes. But when I login with a client machine, I see no changes!
Re:The blue exclamation means you have the block inheritence flag set at the domain level. This will prevent settings from GPOs at the parent level from applying. This shouldn't be causing any problems, since the parent level to the domain is the site, and there are no site policies by default.
Start with some basic troubleshooting on the clients. Check the application logs on the clients for userenv errors, netlogon errors, winlogon errors, etc. If group policy is applying successfully on a machine, you should see a 1704 informational event. Do the clients have DNS correctly configured?
Again, you are making changes in the user portion of a GPO, meaning it will only apply to user accounts. Since you are applying at the top of the domain, it doesn't really matter. But if you were applying it to an OU further down the hierarchy, that OU would need to contain the user accounts that you want to apply the changes to. Or if you were making changes in the computer section of a GPO, the OU would need to contain the workstations you want to apply it to.
Group Policy is a fundemental part of managing an Active Directory environment. Since you appear to be doing this for work, I highly suggest you get one of the easy to learn, but informative books on AD and Server 2003 in general, such as Mastering Windows Server 2003 by Mark Minasi. It will teach you the basics of how GPOs work, how precedence works when they are applied, and how to manage them.
Re:This is what I currently do to implement a GPO:
I drag the policy from "Group Policy Objects" into "MyDomain.com". It then asks Do you want to link this GPO to the Domain? At which point I say Yes and it is under MyDomain.com.
That is what I do yet no workstation machine gets the new policy applied when a user logs into the domain from their machine.
Re:Hey guys, I was given this advice before but not sure what that means to "apply it to an OUT containing user accounts not workstations."
When I go to gpmc.msc (Group Policy Mgt) I see the following;
Group Policy Management
+Forest: MyDomain.com
+Domains > MyDomain.com (with a blue exclamation point?)
>Default Domain Policy
>Desktop Change Policy (i created)
> Domain Controllers
>Default Domain Controllers Policy
> Group Policy Objects
>Default Domain Policy
>Desktop Change Policy (i created)
>Default Domain Controllers Policy
> WMI Filters
+Sites
+Group Policy Modeling
Group Policy Results
Re:Since it's a user policy, you need to apply it to an OU containing the user accounts, not an OU containing workstations (unless you want to use loopback processing).
Re:Did you apply it to the OU that contains your workstations?
0 Comments.