Policies not applied

G

Guest

Windows 2000 server with Active Directory, WIndows XP workstations with SP2.

Polices are not applied to the workstations if the Active Directory User
does not have an account on the local machine. The user can log into active
directory, has the correct rights on the server, gets his correct profile,
but restrictions put in place in Group Policies are not applied. The user
therefore can access the C: drive of his local computer and do all kinds of
damaging stuff. (this is in a school type environment)

If I add an account to the local machine for the Active Directory User
(user.activedirectory) the policy is applied. Must I manually add all of our
users to all of the machines in order to prevent them from accessing the
local computer and messing them up?

As a seperate issue, is there a way to force users to log into Active
Directory at startup and not give them the choice of logging into the local
machine?

Thanks,

Tim Sanders, BSEET, CNE
 
O

Oli Restorick [MVP]

Hi Tim

You should never need to add local accounts to the machines. This is a bad
idea.

Have you checked the event logs on each machine? I'd guess that you have a
bunch of messages from UserEnv. At a guess, your DNS settings are not
correct. Would you be able to post "ipconfig /all" outputs from a
workstation and your domain controllers so we can check them? Your
workstations should be pointing only to your internal DNS servers for their
DNS and nowhere else.

As far as loggin in to only one domain, this is not possible (without
rewriting your own GINA, which is a non-starter). Having said that, your
users should never have any credentials with which to log in to anything but
their own domain account, so what's the problem?

Hope this helps

Oli
 
G

Guest

Thanks!!!!

The workstations were all set to get DNS from the server, but the server NIC
was set to get DNS from the outside. I reset it to get DNS from itself and
everything works as advertised.

Thanks,

Tim Sanders, BSEET, CNE
 
O

Oli Restorick [MVP]

Great stuff!


Tim Sanders said:
Thanks!!!!

The workstations were all set to get DNS from the server, but the server
NIC
was set to get DNS from the outside. I reset it to get DNS from itself
and
everything works as advertised.

Thanks,

Tim Sanders, BSEET, CNE
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Active Directory User Policies over VPN 1
Group Policy Problems on new xp pro machine w/ SP3 1
Effective Policy 1
password local policy in domain 2
The Server machine does not allow the login of active directory user 1
profile recovery 3
Make an Active Directory User an Local Administrtor 3
Windows XP Logon script location 3

Top