Group Policy not applying over Network to XP users

G

Guest

I have a small domain based Windows network. I’m running a Windows 2000
Advanced Server with XP Pro computers. I’m relatively new to Active Directory
and Group Policies…

I’ve modified the screen saver policies in the Default Domain Policy. I’m
planning on implementing more policies at a later date once I get to the
bottom of my problem:

The policy does not take effect when users log onto the XP Pro (SP1)
computers even after running gpupdate.exe.

When logging on locally at the Domain Controller with my 2 different domain
admin logons the policies take effect for both users accounts – ok.

I next tried logging onto one of the XP client machines with the first of
these Domain admin accounts. The default domain policy seemed to have
applied. I tried the second domain admin account but the policy had not been
applied. The only difference to these accounts being that the first has a
roaming profile configured.

It seems to me that the policy has been applied (when logging on locally) at
the DC then downloaded to the XP client PC with the roaming profile when
logging on as Domain Admin1 but when logging on as Domain Admin 2, not
configured for a roaming profile, the profile loads from the local pc and
therefore the changes in the default domain policy don’t apply.

I suspect any further changes to the default domain policy will not show
when logging onto XP as Domain Admin 1 unless I log on/off with this account
as the DC first forcing the changes to the profile.

Can anyone help?
 
C

Cary Shultz [A.D. MVP]

G

Guest

Thanks, I will enable this setting and get abck to you

I came across this setting myself a few days ago ... I'll get back to you
 
G

Guest

Thanks for your replies guys...

Yes I tried deleting the local account. I also added an additional policy
policy to the schema, restarted the DC and logged
on again at the XP machine. No policies took effect.

I next configured this 2nd Domain Admin account with a roaming profile (as
per domain admin 1), logged on, and seemed to have policies in effect, but
What I found was that the default domain policy applied at logon was out of
date.

The latest policy changes I'd made failed to apply to the logon.

It seems I get the policy that was present on the DC the last time I logged
onto it locally with the same account. I think its caching the policy and
it's being applied with the roaming profile.

Therefore Domain Admin 1 and Domain Admin 2 both now with roaming profiles
(that work) seem to have different policy applied.

In other words No Roaming profile and/or No local logon to DC before
attempting to log on over the network at XP means the policy will be "out of
date".

Additionally I reset the Fast Logon optimization setting on XP. As described
on technet - http://support.microsoft.com/?id=305293 - it slows the logon
process but still the policies have not been applied.

I hope this is enough information. I've tried to keep it simple. I hope I
've explained myself correctly....Thanks in advance...

Dicky
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Importing users with CSVDE when password policy is set 2
Group Policy 7
What's happening ? Group Policy problem 9
Authentication issue preventing Group Policy from applying to user 6
Excluding accounts from default domain policy 1
Password Policy 1
default domain policy, password policy 2
Local admin privileges gone haywire 1

Top