I'm having some problems with a newly installed Server 2008 R2 box.
I've created my Domain and users and all the computers are up and connected.
Everyone can login and share folders, no problems here.
I've now edited the Default Domain Policy, with a couple of changes to the security. (Don't save last logged in username) and a couple of other basic ones. – I will create a new policy for more advanced GPO stuff.
Anyhow – this is not applying to our machines. They are all XP, I've tried running gpupdate /force – on both server and PCs, logged in as a user and logged in as the administrator.
Best Answer
First ... DON'T SCREW AROUND WITH THESE THINGS IN PRODUCTION. Group Policy does not always work the way you think it will work. The very last thing you want to do as a rookie is change the Default Domain policy! Create a test OU and test user, put the computer and user in the test OU, and experiment there.
Second, I will ask the obvious ...
1- Is the Group Policy Object actually linked to an OU at or above where the computers and/or users reside?
2- Is there any security filtering or WMI filtering activated on the policy? You can see this on the "scope" tab when you highlight the policy.
3- Is the GPO status "Enabled"? You can see the status on the "Details" tab. It is generally best, particularly for those less experienced with GPO, to not try and tune the "user settings disabled" and/or "computer settings disabled" options and just enable the policy.
Third, in the Group Policy Management console, there is a "Group Policy Modeling Wizard" applet (under the Action menu) that will show specifically what is applied and what isn't based on the user and computer. Run it, select the user and computer, and see what happens.
Finally, if the wizard shows that the policy should be applied, try restarting the computer. Policy changes sometimes take a reboot to apply, and gpupdate /force doesn't always force.
Good luck. You are entering the world of advanced Windows network wizardry!