I have just set up a server at a local youth club, im fairly new to networking, although i do know alot considering i only started in july. I have set up ADDS on a windows Server 2008 R1 (vista) machine, i have loaded so far, 5 client PC's to the domain, all running Windows 7 Pro. I need to lock an account down, and i made a group policy outlining what i want blocked and whats ok to access, and ive added the users, and the computer to the GP so it should go through, but it isnt. All DNS settigns are correct, i can log in to the account but no restrictions have been applied. I tried using the "gpupdate /force" command in CMD, and that said the policies had updated successfully, but nothing has gone through. Ive logged out and logged in, plus restarts countless times but still nothing is going through and i need help with it. I should note that Windows Server 2008 R1 has a very different GP managament system to Windows Server 2008 R2. Thanks in Advance.

Recommended Answers

All 5 Replies

Did you run the GP modeling wizard on the server for thie user and workstation? What did results show. Are your changes applied?

Also, what 'restrictions' are you implementing?

I dont think so. All i did is create a GP, and told it which users and computers for it to apply to, expecting them to be applied when the user logs on or the PC restarts. The restrictions are so users cannot access control panel items, i need certain drives mapped on the server storage drive. Other little things like setting specific dekstop wallpapers, logon messages, not having access to system tools, eg task manager, N&S center, regedit that kinda stuff. Thanks for the quick reply.

Some things to note since you are new to AD. With regard to GPOs as you have seen they are made up of user and computer settings. The user settings apply to user objects and the computer settings apply to computer objects. So when you link the GPO to an OU there must be user and/or computer objects in that OU so that the user settings apply to the user objects and the computer settings apply to computer objects. Also note that objects in the default user and computers containers do not inherit the GPO settings.

Yea that does make sense, i have made custom users, not default, but i have left them in t6he default "Users" OU, rather than creating my own and linking the GPO to the other OU.

good news! I got it working! thanks for the tips guys:)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.