Question : Group Ploicy not deploying for an OU

I have a laptop that is situated underneath a television that is used a media server to play films, music, and show pictures, and go on the internet  thats pretty much it.  It is a domain PC thats connected to a Win2003 server via ethernet, which is set up as the file server and a domain controller.  Ive set up a user with the sole purpose of logging in to this laptop, and Im trying to set up a policy on this user and workstation that will control what the user can do, and force display settings, such as screen res of 800x600, increase desktop icon size, remove the Appearance tab from the display settings, and getting rid of annoyances such as desktop cleanup wizard and set program access and defaults.  My problem is that I cannot get the policy to deploy then the user logs in.  For example, some settings that I would expect to be greyed out are not.

I realise I could just do these manually on the laptop, but Im going down the group policy route to help me learn about GPO deployment.  I am very new to group policy so there may be something very simple Ive left out.

So here goes.  Ive set up an OU called Teledu as shown in my attachment AD.jpg.  In there Ive placed the user Bwyd Ci and the workstation Teledu.  In Group Policy Manager (as shown in GPM.jpg), I have set up a policy called Polisi Teledu, which is linked to the Teledu OU.  In Security filtering I have added the user Bwyd Ci.

Can you suggest something that may be wrong with this, or something that I might have forgotten to do?

Does it matter what privilages the user has locally?  Ive given the user local admin rights, because there are some things that I want the user to be able to do that needs admin rights.

Thanks for your help.

Answer : Group Ploicy not deploying for an OU

Ok, there are some pretty standard steps in troubleshooting the applying of GPOs.

The first is to run a "gpresult" (without quotes) from a command prompt when logged on as the user, and also to the computer in question.

Look through this info, and ensure that your GPO (if it contains BOTH user and computer settings) is listed as being applied under the User Configuration and Computer Configuration section of the output text from the command. This will give you a clear indication if there is a problem applying the GPO to either AD object.

Bare in mind that for Computer objects, the security filtering in the GPO must include the computer account, or a group that the comp account is a member of (and it must have the read and apply gpo rights!).

My first guess would simply be that as the others have stated, the policy hasn't refreshed (though a restart of the machine would be the best route, as it forces a foreground refresh cycle, which SOME policy settings require (such as folder redirection and log on scripts).

If not that, then I'll be the gpresult command shows that there is a problem, and should give you a clue as to what's causing.

Try the above, and report back what you find, with screenshots if possible or necessary.

Many thanks,

Pete
Random Solutions  
 
programming4us programming4us