Answered by:
Window 7 RSAT, 2003 server/2008, GPO's not applying to Win7 clients

-
Hello Guys,
I have a problem with the GPO is not applying to Win7 Clients as you know my Primary domain controller is windows 2008 and my secondary domain is windows 2003 server Sp2 R2 and the domain level is windows server 2003
I have installed the RSAT for windows 7 in one machine to control the GPO but my problem is some of the policy is not applying like if i create a policy for computer management which is contain the security like " Account lockout ,password policy,audit..etc is not applying anymore so could you please help me to solve this issue
Appreciate your fast response .
Regards ,
Ali
Question
Answers
-
The default setting is yes.
But you could override it as follow:
How to prevent domain Group Policies from applying to certain user or computer accounts
https://support.microsoft.com/en-us/kb/816100
FrenchITGuy.com
- Edited by Giritharan Karu Thursday, September 15, 2016 10:10 AM
- Proposed as answer by AlvwanMicrosoft contingent staff, Moderator Monday, September 26, 2016 2:55 AM
- Marked as answer by Ali Alsayegh Wednesday, September 28, 2016 8:31 AM
All replies
-
-
-
-
-
Hi ,
I have tried some security policy is applied Like :
interactive logon: Do not display last user name Enabled
Interactive logon: Do not require CTRL+ALT+DEL Enabledother policy like account policy /lockout is not applied why ?? is there any missing !?
-
Run rsop.msc to check the applied policies on the client computer:
https://support.microsoft.com/en-us/kb/312321
And have a look on the event log for any gpo related errors.
FrenchITGuy.com
-
Hi ,
I just found the solution in the below link
https://social.technet.microsoft.com/Forums/windowsserver/en-US/cd51876d-8636-49ac-b584-1176c538def6/account-lockout-policies-are-not-working?forum=winserverGP
so could you explain me i have create a new GPO only for password to apply in some of OU but in above link say it must create in the domain default policy to applied. so my question is if i create another policy and i link in whole domain it will effect also ? means if i remove the " default domain policy" and create another one and link it it should be work ?
-
The default domain policy cannot be deleted but can be unlinked. But my advice is, don’t unlink the default domain policy. There are some default security settings that you’ll need for the good functionality of the domain.
You could create another GPO on the root of the domain and configure the account lockout policy if you want.
FrenchITGuy.com
-
-
The default setting is yes.
But you could override it as follow:
How to prevent domain Group Policies from applying to certain user or computer accounts
https://support.microsoft.com/en-us/kb/816100
FrenchITGuy.com
- Edited by Giritharan Karu Thursday, September 15, 2016 10:10 AM
- Proposed as answer by AlvwanMicrosoft contingent staff, Moderator Monday, September 26, 2016 2:55 AM
- Marked as answer by Ali Alsayegh Wednesday, September 28, 2016 8:31 AM