Question : Group Ploicy not deploying for an OU

I have a laptop that is situated underneath a television that is used a media server to play films, music, and show pictures, and go on the internet thats pretty much it. It is a domain PC thats connected to a Win2003 server via ethernet, which is set up as the file server and a domain controller. Ive set up a user with the sole purpose of logging in to this laptop, and Im trying to set up a policy on this user and workstation that will control what the user can do, and force display settings, such as screen res of 800x600, increase desktop icon size, remove the Appearance tab from the display settings, and getting rid of annoyances such as desktop cleanup wizard and set program access and defaults. My problem is that I cannot get the policy to deploy then the user logs in. For example, some settings that I would expect to be greyed out are not.

I realise I could just do these manually on the laptop, but Im going down the group policy route to help me learn about GPO deployment. I am very new to group policy so there may be something very simple Ive left out.

So here goes. Ive set up an OU called Teledu as shown in my attachment AD.jpg. In there Ive placed the user Bwyd Ci and the workstation Teledu. In Group Policy Manager (as shown in GPM.jpg), I have set up a policy called Polisi Teledu, which is linked to the Teledu OU. In Security filtering I have added the user Bwyd Ci.

Can you suggest something that may be wrong with this, or something that I might have forgotten to do?

Does it matter what privilages the user has locally? Ive given the user local admin rights, because there are some things that I want the user to be able to do that needs admin rights.

Thanks for your help.

Answer : Group Ploicy not deploying for an OU

Ok, there are some pretty standard steps in troubleshooting the applying of GPOs.

The first is to run a "gpresult" (without quotes) from a command prompt when logged on as the user, and also to the computer in question.

Look through this info, and ensure that your GPO (if it contains BOTH user and computer settings) is listed as being applied under the User Configuration and Computer Configuration section of the output text from the command. This will give you a clear indication if there is a problem applying the GPO to either AD object.

Bare in mind that for Computer objects, the security filtering in the GPO must include the computer account, or a group that the comp account is a member of (and it must have the read and apply gpo rights!).

My first guess would simply be that as the others have stated, the policy hasn't refreshed (though a restart of the machine would be the best route, as it forces a foreground refresh cycle, which SOME policy settings require (such as folder redirection and log on scripts).

If not that, then I'll be the gpresult command shows that there is a problem, and should give you a clue as to what's causing.

Try the above, and report back what you find, with screenshots if possible or necessary.

Many thanks,

Pete

Random Solutions

Operations Manager Top 10 Memory Consumers

encryption not supported on client

How to change Windows 7 pre-login background image

Free Busy information not available to 2007 Outlook clients

Transaction log shipping from SQL 2000 to 2005 - Issue with Database upgrade required

Link Tables by Date Range in MS Access

Save unbound combobox column value in Access 2007

"Pop Chart" style position changes - how to calculate in Excel

Move Files in a .bat file not working but did earlier in the day on windows server 2003

How do I supress the add new record icon at the bottom of subdata sheets?