domain controllers policy (not working)

R

Robert K

Thank you for any suggestions...

I have 2 test systems:
1) Win2K Advanced Server as a domain controller
2) Win2K Pro client, connected to domain

On the domain controller, I can see 3 types of policies:
- default domain policy
- default domain controllers policy
- local computer policy

For a test, I modified all three policies and each type of the policy has a
different bitmap background specified,
and the client PC gets the default domain policy settings from the server
because the appropriate bitmap shows as the PC's background.

The problem is, that on the domain controller computer, the Default Domain
Controllers Policy is ignored and Default Domain Policy settings are
applied.

What configuration should I modify on the domain controller so that:
1) Default Domain Policy applies to all my Win2K PCs in the domain
2) Default Domain Controllers Policy applies to my domain controller?

FYI, I checked in the Active Directory Users and Computers, and my domain
controller is listed in the Domain Controllers container. I click Domain
Controllers Properties, Group Policy tab and the Default Domain Controllers
Policy is listed there (as the only one). I tried No Override option and
Block Policy Inheritance but nothing seems to work. I am already learning
this stuff, so I would appreciate if someone could help me pinpoint the
reason it's not working.

Thanks again,
Robert
 
S

Steven Umbach

I believe you configured a user configuration setting which applies to users and
not computers [which are affected by computer configuration]. I bet your users
reside in the default domain container and not in the domain controller
container, so the domain policy will apply to the user no matter what computer
he logs onto unless loopback processing is applied to the container that a
computer is in which is not a default configuration. Gpresult can help you
determine where policy is being applied from for a user or computer. -- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;321709
 
R

Robert K

Yes, I have configured a 'user configuration', and you are right, that was
the problem why the 'computer configuration' part of the policies worked the
way I wanted, but the 'user configuration' part did not. However, I did
research about the loopback feature, as you suggested, and I have enabled it
in the 'default domain policy' on the domain controller [Default Domain
Policy | Computer Configuration | Administrative Templates | System | Group
Policy | User Group Policy loopback processing mode: Enabled] and it's doing
exactly what I wished for.

Thank you, Steven, for answering my post and for providing me with an
excellent answer!

Regards,
Robert


Steven Umbach said:
I believe you configured a user configuration setting which applies to users and
not computers [which are affected by computer configuration]. I bet your users
reside in the default domain container and not in the domain controller
container, so the domain policy will apply to the user no matter what computer
he logs onto unless loopback processing is applied to the container that a
computer is in which is not a default configuration. Gpresult can help you
determine where policy is being applied from for a user or computer. -- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;321709

Robert K said:
Thank you for any suggestions...

I have 2 test systems:
1) Win2K Advanced Server as a domain controller
2) Win2K Pro client, connected to domain

On the domain controller, I can see 3 types of policies:
- default domain policy
- default domain controllers policy
- local computer policy

For a test, I modified all three policies and each type of the policy has a
different bitmap background specified,
and the client PC gets the default domain policy settings from the server
because the appropriate bitmap shows as the PC's background.

The problem is, that on the domain controller computer, the Default Domain
Controllers Policy is ignored and Default Domain Policy settings are
applied.

What configuration should I modify on the domain controller so that:
1) Default Domain Policy applies to all my Win2K PCs in the domain
2) Default Domain Controllers Policy applies to my domain controller?

FYI, I checked in the Active Directory Users and Computers, and my domain
controller is listed in the Domain Controllers container. I click Domain
Controllers Properties, Group Policy tab and the Default Domain Controllers
Policy is listed there (as the only one). I tried No Override option and
Block Policy Inheritance but nothing seems to work. I am already learning
this stuff, so I would appreciate if someone could help me pinpoint the
reason it's not working.

Thanks again,
Robert
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top