I'm having trouble getting group policies to work.

I've applied a group policy to a OU containing a number of users.

When I log on to the server, using one of the OU profiles, the GPO is applied - no problems.

However, when I log on to one of the workstations, the GPO doesn't apply.

I tried removing the user from the OU, and then recreating the user within the same OU. No luck.


Seems like it's applying the GPO locally only. However, the workstations allow that user to logon, and the GPO is set for the OU containing said users.

Thanks.

What OS are the workstations running? Are the workstations domain members?

The workstations are all Win2K Pro machines... all are members of the domain.

Maybe I need to associate the machines in some way with the particular OU and GPO? Right now they are in the computers OU in the domain.

&lt;P ID="edit"&gt;&lt;FONT class="small"&gt;&lt;EM&gt;Edited by 4runr on 09/17/06 16:35.&lt;/EM&gt;&lt;/FONT&gt;&lt;/P&gt;<P ID="edit"><FONT class="small">Edited by 4runr on 09/17/06 16:35.</FONT></P>

I just tried modifying the default domain GPO, and I had the same result. All policies work when logging on to the server but not on the workstations.

Problem 2: When I do a folder redirection to include the %username% attribute, it only takes part of the policy...

for example...

//server/folder/%username%/My Documents

becomes

//server/folder/

For whatever reason, it drops the last portion of the attribute.

I've been doing a bunch of reading on the net about this issue. Looks like there are some issues with DNS that have caused some problems for other user's GPOs.

We are connected to a linksys router, which in turn is connected to a DSL line. The server, and workstations get all of their IP and DNS info from the router.

Could this be the cause source of my problems?

Try to delete the cached user profile from the workstation before logging in. I have had cached settings foil my attempts to apply new policies. You would think that a local gpupdate /force could take care of it, but sometimes it doesn't. Maybe it is a messed up DNS, but this has been my solution in the past.

BTW, what is the OS of the domain contoller(s)?

Josh

Yet another site soon to be neglected:<font color=green>
<a target="_blank" href=http://www.zachmax.com>www.zachmax.com</a></font color=green>

There are two different types of GPOs, those for Computers and those for Users. The Computer GPOs cannot access %username% because the computer itself has no username, that is only for User GPOs. Also, the Computer GPO is applied before the user logs in.