Group Policy NOT taking affect

[Guest]

Im using Windows 2003 Active directory on Windows server 2003. So heres a
short story

1 pc 1 server (testing purposes)
Joined by a modem/router
Both have static ip addresses
checked windows update and installed ALL updates
ran DCPROMO and created my domain
active directory reports no errors
checked event log 5 errors reported
Disabled EFS on pc that will be used to login to the domain
joined to domain
Created GP
ran gpupdate
ran gpresult - shows "local group policy filtering not applied"
logged onto domain with my pc and still no affect
checked event log - 1 error error is:

Event Type: Error
Event Source: SclgNtfy
Event Category: None
Event ID: 1002
Date: 29/01/2005
Time: 20:28:37
User: N/A

Computer: TestPc1
Description:
Default group policy object cannot be created. Error 80070005 to open GPO
Domain EFS Recovery Policy in domain LDAP://DC=MsClient,DC=local.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

disabled EFS under the GP policy i created - no errors

GP STILL does not take effect

read article from MS website and did the following:

1. Start Registry Editor (Regedt32.exe).
2. Locate and click the following key in the registry:
System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
3. If this key is not present, create the key. To do so: a. Click the
following key in the registry:
System\CurrentControlSet\Control\Lsa\Kerberos
b. On the Edit menu, click Add Key.
c. Create a Parameters key.
d. Click the new Parameters key.

4. On the Edit menu, click Add Value, and then add the following registry
value:
Value name: MaxTokenSize
Data type: REG_DWORD
Radix: Decimal
Value data: 65535
5. Quit Registry Editor.

refreshed and restarted both machines and guess what - GP STILL NOT
WORKING!!!!!!!!!!!!

Anyone got any idea how to sort this out? Your help would be appreciated as
ive been working on this for 3-4 days without any result.

Thank you

Jamie

 

[Guest]

Anyone got any idea?

 

[Jimmy Andersson [MVP]]

Make sure that the user or computer object that it should affect have both
Read and Apply rights. Also, make sure that the object is within the OU that
you applied the GPO, or is at least below it in the hierarchy, and that you
don't use block inheritance between the GPO and the object.

Regards,
/Jimmy

 

[Guest]

Thanks Jimmy
When you say "Make sure that the user or computer object that it should
affect have both Read and Apply rights."
cold you explain how i coudl check (to ensure im doing it correctly) please.

The OU is created by right clicking the domain so im assuming that shoudl be
correct and there are no ticks in boxes referring to "block inheritance"

And when you say object what object are you referring to?

Many thanks

Jamie

 

[Jimmy Andersson [MVP]]

Right-click the OU, Click the GPO tab. Select the GPO you want to look at
and klick Properties. In the properties window you'll see the Permission
(might be named Security) tab and you'll see the current permissions.

Regards,
/Jimmy

 

[Guest]

I tried that and it didnt work - any more ideas?

Thanks

 

[Jimmy Andersson [MVP]]

Sorry if you posted this info already, but I can't read the whole thread
from here.

Do you use GPMC?
Also, I'm not sure IIRC, but you might need to enable advanced view in the
MMC snap-in.

Regards,
/Jimmy