I assume you mean this the other way round?? The computer policy is being
applied but user policy isn't? Either that, or you added the user to the OU
not the computer?
If you wish to apply computer settings and user settings you need to have
both the computer accounts and user accounts in the OU to which you have
linked the GPO. Or, you will need to use Loopback policy processing.
Some points for you to remember/ realise:
Policy processing happens when the computer starts (computer) and when the
user logs on (user). The default refresh is then 90 minutes; however if the
policy has not changed, that is it's ID hasn't incremented, this policy wont
be applied again unless you force it with the secedit /enforce command.
Policy is applied in the following order: Local, Site, Domain, OU. The
closest wins by default.
Security policy, such as Kerberos and password policy can only be applied
once per domain and only applies to DCs and can only be applied at the
domain level.
In order to successfully process policy, you need to be pointing to the
internal DNS server, be a member of the domain in which the GPO resides, and
have the NetBIOS over TCP/IP Helper service running. You also require read
permissions to the SYSVOL folder (this should happen by default, but can be
broken with group membership changes, etc.).
Check to make sure that both objects are in the correct OU, that you are
pointing to the correct DNS server (usually your DC) and reboot. Check that
Authenticated Users have the apply policy permission on the GPO's DACL. If
you believe policy still hasn't applied, check the event logs.
Also, run the following from the command prompt:
C:\>gpresult /v
This will tell you if computer and user settings are being applied, and what
part of the policy they are being applied from.
--
Paul Williams
_________________________________________
http://www.msresource.net
Join us in our new forums!
http://forums.msresource.net
_________________________________________
I'm getting ready to switch from a workgroup to a domain.
All workstations are Windows XP Pro and the domain
controller will be Windows 2000. I created a small test
environment with a single user in an OU I created and
then I applied a Group Policy to the OU. I joined one
workstation to the test domain. I added the resulting
computer account to the OU I created. The user
configuration of the group policy is applied but the
computer configuration is not. I also tried using the
default domain group policy but the computer
configuration still is not being applied. Any ideas why?
