Site Map

Contact Us

Advertise

About Us

Location: Mail List

Register | Login

Ads

Skyscraper

The GPTalk Mailing List

The GPTALK mailing list is where you can send and receive email related to Windows Group Policy. You must subscribe to the list to send and receive mail from the list. The purpose of the list is to provide a forum for asking and answering technical questions related to Group Policy. Any question is fair game as long as it is related to Windows Group Policy. The Archives for this list can be found on this page.

ManageEngine ADSelfService Plus

Self Reset Password

Self Unlock Account

Self Update AD Info

SelfService Password Reset Management

Download Free Trial

List Posts

Unanswered Active Topics

Forums >GPTalk >GPTalk Mailing List

Subject: RE: [gptalk] Computer Settings of Default Domain Policy do not apply to client accounts

You are not authorized to post a reply.

Author

Messages

dougdelaney User is Offline

User is Offline

Posts:43

01/22/2011 3:10 AM
Again, I would suggest you run that command as an Administrator, so that you get computer results. Doug Delaney Technology Consultant III Americas Regional Deliver Engineering HP Enterprise Services Telephone +1 248.365.9187 Mobile +1 248.210.4973 Email xxxxxxxxxxxxxxxx<mailtoxxxxxxxxxxxxxxxx> 985 W. Entrance Dr., 2A / Auburn Hills, MI 48326 [cid:image001.jpg@01CBB9B3.26543B10] From: Tom Verhein [mailto:xxxxxxxxxxxxxxxx] Sent: Friday, January 21, 2011 8:59 PM To: xxxxxxxxxxxxxxxx; Delaney, Doug Subject: Re: [gptalk] Computer Settings of Default Domain Policy do not apply to client accounts Darren, The syntax I used, which I typically use across all platforms, is Gpresult /v > textfile.txt I just tried it again and get the same results in that all I see is the User Settings and nothing about the Computer Settings. Anyways, thanks for explaining this for me and I will start to use GPMC as much as possible. Tom ________________________________ From: Darren Mar-Elia <xxxxxxxxxxxxxxxx> To: "xxxxxxxxxxxxxxxx" <xxxxxxxxxxxxxxxx>; "xxxxxxxxxxxxxxxx" <xxxxxxxxxxxxxxxx> Sent: Fri, January 21, 2011 7:02:49 PM Subject: RE: [gptalk] Computer Settings of Default Domain Policy do not apply to client accounts It could be an oddity in the different versions of gpresult. What syntax were you using for Win7? Frankly, I never use gpresult. I find that for this particular information, the GP Results report in GPMC is much more functional, regardless of target OS version and generally easier to read ☺. Darren From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Tom Verhein Sent: Friday, January 21, 2011 3:30 PM To: xxxxxxxxxxxxxxxx; xxxxxxxxxxxxxxxx Subject: Re: [gptalk] Computer Settings of Default Domain Policy do not apply to client accounts Darren, Thanks for the reply. Your suggestion worked in that the GPMC's GP Results wizard for Windows 7 shows me the Computer Settings applied, its settings which applied, and specifically that the Default Domain Policy applied and its specific settings. I cant say I've seen anything like this before. Have you? Thanks again for your help Darren! Tom ________________________________ From: Darren Mar-Elia <xxxxxxxxxxxxxxxx> To: Tom Verhein <xxxxxxxxxxxxxxxx>; "xxxxxxxxxxxxxxxx" <xxxxxxxxxxxxxxxx>; "xxxxxxxxxxxxxxxx" <xxxxxxxxxxxxxxxx> Sent: Fri, January 21, 2011 1:25:05 PM Subject: RE: [gptalk] Computer Settings of Default Domain Policy do not apply to client accounts Tom- Try running GPMC’s GP Results wizard for the Windows 7 machine. I suspect what you’re seeing is more an artifact of gpresult than of the actual policy processing going on at the machine. Darren From: Tom Verhein [mailto:xxxxxxxxxxxxxxxx] Sent: Wednesday, January 19, 2011 6:17 AM To: xxxxxxxxxxxxxxxx; Darren Mar-Elia; xxxxxxxxxxxxxxxx Subject: Re: [gptalk] Computer Settings of Default Domain Policy do not apply to client accounts Hello, Thanks for your response. Some further clarification on the issue. You can see by the GPResults below that the Default Domain Policy is not applied for the user account because it has no User Config settings. This is acceptable and I am not concerned about this. I understand this is normal behavior. My concern is I do not see the Computer Settings apply for a domain user on a Windows 7 machine, but I do see the Computer Settings apply for the same domain user on a XP machine and for the domain Administrator. Why is this, and is this an error, configuration issue, or just normal behavior with Windows 7? What follows are 4 items: 1) GPresult for domain user, frizzo on Windows 7 machine, 2) Gpresult for domain user, frizzo on an XP machine, 3) Gpresult for domain Administrator on Windows 7 machine, 4) Default Domain Policy for the domain. Please observe that the Computer Settings appear in the Gpresult report for frizzo on the XP machine and Administrator on the Windows 7 machine, but Computer Settings do not appear on the Gpresult report for frizzo on the Windows 7 machine. Why is this? This is my concern. 1. 1) GPresult for domain user, frizzo on Windows 7 machine Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0 Copyright (C) Microsoft Corp. 1981-2001 Created On 1/19/2011 at 5:21:07 AM RSOP data for GPLAB\frizzo on W7 : Logging Mode ------------------------------------------------ OS Configuration: Member Workstation OS Version: 6.1.7600 Site Name: N/A Roaming Profile: N/A Local Profile: C:\Users\frizzo Connected over a slow link?: No USER SETTINGS -------------- CN=Frank Rizzo,OU=Human Resources Users,OU=Human Resources,DC=gplab,DC=local Last time Group Policy was applied: 1/19/2011 at 5:19:10 AM Group Policy was applied from: DC01.gplab.local Group Policy slow link threshold: 500 kbps Domain Name: GPLAB Domain Type: Windows 2000 Applied Group Policy Objects ----------------------------- ?Hide Mouse Pointers Option\Restore Screen Saver Option Prohibit Changing Sounds Hide Screen Saver Option The following GPOs were not applied because they were filtered out ------------------------------------------------------------------- Default Domain Policy Filtering: Not Applied (Empty) Local Group Policy Filtering: Not Applied (Empty) The user is a part of the following security groups --------------------------------------------------- Domain Users Everyone BUILTIN\Users NT AUTHORITY\INTERACTIVE CONSOLE LOGON NT AUTHORITY\Authenticated Users This Organization LOCAL Group Policy Creator Owners HR-OU-Admins Denied RODC Password Replication Group Medium Plus Mandatory Level The user has the following security privileges ---------------------------------------------- Resultant Set Of Policies for User ----------------------------------- Software Installations ---------------------- N/A Logon Scripts ------------- N/A Logoff Scripts -------------- N/A Public Key Policies ------------------- N/A Administrative Templates ------------------------ GPO: ?Hide Mouse Pointers Option\Restore Screen Saver Option KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage State: disabled GPO: ?Hide Mouse Pointers Option\Restore Screen Saver Option KeyName: Software\Policies\Microsoft\Windows\Personalization\NoChangingMousePointers Value: 1, 0, 0, 0 State: Enabled GPO: Prohibit Changing Sounds KeyName: Software\Policies\Microsoft\Windows\Personalization\NoChangingSoundScheme Value: 1, 0, 0, 0 State: Enabled Folder Redirection ------------------ N/A Internet Explorer Browser User Interface ---------------------------------------- N/A Internet Explorer Connection ---------------------------- N/A Internet Explorer URLs ---------------------- N/A Internet Explorer Security -------------------------- N/A Internet Explorer Programs -------------------------- N/A 2) Gpresult for domain user, frizzo on an XP machine, Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0 Copyright (C) Microsoft Corp. 1981-2001 Created On 1/19/2011 at 8:15:20 AM RSOP results for GPLAB\frizzo on XPPRO1 : Logging Mode ------------------------------------------------------- OS Type: Microsoft Windows XP Professional OS Configuration: Member Workstation OS Version: 5.1.2600 Domain Name: GPLAB Domain Type: Windows 2000 Site Name: Default-First-Site-Name Roaming Profile: Local Profile: C:\Documents and Settings\frizzo Connected over a slow link?: No COMPUTER SETTINGS ------------------ CN=XPPRO1,OU=Human Resources Computers,OU=Human Resources,DC=gplab,DC=local Last time Group Policy was applied: 1/19/2011 at 8:10:41 AM Group Policy was applied from: DC01.gplab.local Group Policy slow link threshold: 500 kbps Applied Group Policy Objects ----------------------------- Auto Launch Calc.exe Default Domain Policy Prohibit Changing Sounds The following GPOs were not applied because they were filtered out ------------------------------------------------------------------- Hide Screen Saver Option Filtering: Not Applied (Empty) Local Group Policy Filtering: Not Applied (Empty) The computer is a part of the following security groups: -------------------------------------------------------- BUILTIN\Administrators Everyone BUILTIN\Users XPPRO1$ Domain Computers NT AUTHORITY\NETWORK NT AUTHORITY\Authenticated Users Resultant Set Of Policies for Computer: ---------------------------------------- Software Installations ---------------------- N/A Startup Scripts --------------- N/A Shutdown Scripts ---------------- N/A Account Policies ---------------- GPO: Default Domain Policy Policy: MinimumPasswordAge Computer Setting: 1 GPO: Default Domain Policy Policy: PasswordHistorySize Computer Setting: 24 GPO: Default Domain Policy Policy: MinimumPasswordLength Computer Setting: 7 GPO: Default Domain Policy Policy: LockoutBadCount Computer Setting: N/A GPO: Default Domain Policy Policy: MaximumPasswordAge Computer Setting: 42 Audit Policy ------------ N/A User Rights ----------- N/A Security Options ---------------- GPO: Default Domain Policy Policy: RequireLogonToChangePassword Computer Setting: Not Enabled GPO: Default Domain Policy Policy: PasswordComplexity Computer Setting: Enabled GPO: Default Domain Policy Policy: ForceLogoffWhenHourExpire Computer Setting: Not Enabled GPO: Default Domain Policy Policy: LSAAnonymousNameLookup Computer Setting: Not Enabled GPO: Default Domain Policy Policy: ClearTextPassword Computer Setting: Not Enabled Event Log Settings ------------------ N/A Restricted Groups ----------------- N/A System Services --------------- N/A Registry Settings ----------------- N/A File System Settings -------------------- N/A Public Key Policies ------------------- N/A Administrative Templates ------------------------ GPO: Prohibit Changing Sounds Setting: Software\Policies\Microsoft\Windows\Group Policy\{3610eda5-77ef-11d2-8dc5-00c04fa31a66} State: Enabled GPO: Auto Launch Calc.exe Setting: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run State: Enabled GPO: Prohibit Changing Sounds Setting: Software\Policies\Microsoft\Windows\Group Policy\{3610eda5-77ef-11d2-8dc5-00c04fa31a66} State: Enabled GPO: Prohibit Changing Sounds Setting: Software\Policies\Microsoft\Windows\Group Policy\{3610eda5-77ef-11d2-8dc5-00c04fa31a66} State: Enabled USER SETTINGS -------------- CN=Frank Rizzo,OU=Human Resources Users,OU=Human Resources,DC=gplab,DC=local Last time Group Policy was applied: 1/19/2011 at 8:12:49 AM Group Policy was applied from: DC01.gplab.local Group Policy slow link threshold: 500 kbps Applied Group Policy Objects ----------------------------- ?Hide Mouse Pointers Option\Restore Screen Saver Option Prohibit Changing Sounds Hide Screen Saver Option Local Group Policy The following GPOs were not applied because they were filtered out ------------------------------------------------------------------- Default Domain Policy Filtering: Not Applied (Empty) The user is a part of the following security groups: ---------------------------------------------------- Domain Users Everyone BUILTIN\Users Group Policy Creator Owners HR-OU-Admins Denied RODC Password Replication Group LOCAL NT AUTHORITY\INTERACTIVE NT AUTHORITY\Authenticated Users Resultant Set Of Policies for User: ------------------------------------ Software Installations ---------------------- N/A Public Key Policies ------------------- N/A Administrative Templates ------------------------ GPO: Prohibit Changing Sounds Setting: Software\Policies\Microsoft\Windows\Personalization State: Enabled GPO: ?Hide Mouse Pointers Option\Restore Screen Saver Option Setting: Software\Microsoft\Windows\CurrentVersion\Policies\System State: disabled GPO: ?Hide Mouse Pointers Option\Restore Screen Saver Option Setting: Software\Policies\Microsoft\Windows\Personalization State: Enabled GPO: Local Group Policy Setting: Software\Microsoft\Windows\CurrentVersion\Policies\System State: Enabled Folder Redirection ------------------ N/A Internet Explorer Browser User Interface ---------------------------------------- N/A Internet Explorer Connection ---------------------------- N/A Internet Explorer URLs ---------------------- N/A Internet Explorer Security -------------------------- N/A Internet Explorer Programs -------------------------- N/A 3) Gpresult for domain Administrator on Windows 7 machine, Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0 Copyright (C) Microsoft Corp. 1981-2001 Created On 1/19/2011 at 5:42:09 AM RSOP data for GPLAB\Administrator on W7 : Logging Mode ------------------------------------------------------- OS Configuration: Member Workstation OS Version: 6.1.7600 Site Name: Default-First-Site-Name Roaming Profile: N/A Local Profile: C:\Users\Administrator Connected over a slow link?: No COMPUTER SETTINGS ------------------ CN=W7,CN=Computers,DC=gplab,DC=local Last time Group Policy was applied: 1/19/2011 at 5:17:50 AM Group Policy was applied from: DC01.gplab.local Group Policy slow link threshold: 500 kbps Domain Name: GPLAB Domain Type: Windows 2000 Applied Group Policy Objects ----------------------------- Default Domain Policy Prohibit Changing Sounds The following GPOs were not applied because they were filtered out ------------------------------------------------------------------- Hide Screen Saver Option Filtering: Not Applied (Empty) Local Group Policy Filtering: Not Applied (Empty) The computer is a part of the following security groups ------------------------------------------------------- BUILTIN\Administrators Everyone BUILTIN\Users NT AUTHORITY\NETWORK NT AUTHORITY\Authenticated Users This Organization W7$ Domain Computers System Mandatory Level Resultant Set Of Policies for Computer --------------------------------------- Software Installations ---------------------- N/A Startup Scripts --------------- N/A Shutdown Scripts ---------------- N/A Account Policies ---------------- GPO: Default Domain Policy Policy: MaximumPasswordAge Computer Setting: 42 GPO: Default Domain Policy Policy: MinimumPasswordAge Computer Setting: 1 GPO: Default Domain Policy Policy: LockoutBadCount Computer Setting: N/A GPO: Default Domain Policy Policy: PasswordHistorySize Computer Setting: 24 GPO: Default Domain Policy Policy: MinimumPasswordLength Computer Setting: 7 Audit Policy ------------ N/A User Rights ----------- N/A Security Options ---------------- GPO: Default Domain Policy Policy: PasswordComplexity Computer Setting: Enabled GPO: Default Domain Policy Policy: ClearTextPassword Computer Setting: Not Enabled GPO: Default Domain Policy Policy: ForceLogoffWhenHourExpire Computer Setting: Not Enabled GPO: Default Domain Policy Policy: RequireLogonToChangePassword Computer Setting: Not Enabled GPO: Default Domain Policy Policy: LSAAnonymousNameLookup Computer Setting: Not Enabled GPO: Default Domain Policy Policy: @wsecedit.dll,-59058 ValueName: MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash Computer Setting: 1 Event Log Settings ------------------ N/A Restricted Groups ----------------- N/A System Services --------------- N/A Registry Settings ----------------- N/A File System Settings -------------------- N/A Public Key Policies ------------------- N/A Administrative Templates ------------------------ GPO: Prohibit Changing Sounds KeyName: Software\Policies\Microsoft\Windows\Group Policy\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}\NoSlowLink Value: 0, 0, 0, 0 State: Enabled GPO: Prohibit Changing Sounds KeyName: Software\Policies\Microsoft\Windows\Group Policy\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}\NoGPOListChanges Value: 1, 0, 0, 0 State: Enabled GPO: Prohibit Changing Sounds KeyName: Software\Policies\Microsoft\Windows\Group Policy\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}\NoBackgroundPolicy Value: 0, 0, 0, 0 State: Enabled USER SETTINGS -------------- CN=Administrator,CN=Users,DC=gplab,DC=local Last time Group Policy was applied: 1/19/2011 at 5:40:30 AM Group Policy was applied from: DC01.gplab.local Group Policy slow link threshold: 500 kbps Domain Name: GPLAB Domain Type: Windows 2000 Applied Group Policy Objects ----------------------------- Prohibit Changing Sounds Hide Screen Saver Option The following GPOs were not applied because they were filtered out ------------------------------------------------------------------- Default Domain Policy Filtering: Not Applied (Empty) Local Group Policy Filtering: Not Applied (Empty) The user is a part of the following security groups --------------------------------------------------- Domain Users Everyone BUILTIN\Users BUILTIN\Administrators NT AUTHORITY\INTERACTIVE CONSOLE LOGON NT AUTHORITY\Authenticated Users This Organization LOCAL Group Policy Creator Owners Domain Admins Enterprise Admins Schema Admins Denied RODC Password Replication Group High Mandatory Level The user has the following security privileges ---------------------------------------------- Bypass traverse checking Shut down the system Remove computer from docking station Increase a process working set Change the time zone Manage auditing and security log Back up files and directories Restore files and directories Change the system time Force shutdown from a remote system Take ownership of files or other objects Debug programs Modify firmware environment values Profile system performance Profile single process Increase scheduling priority Load and unload device drivers Create a pagefile Adjust memory quotas for a process Perform volume maintenance tasks Impersonate a client after authentication Create global objects Create symbolic links Resultant Set Of Policies for User ----------------------------------- Software Installations ---------------------- N/A Logon Scripts ------------- N/A Logoff Scripts -------------- N/A Public Key Policies ------------------- N/A Administrative Templates ------------------------ GPO: Hide Screen Saver Option KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage Value: 1, 0, 0, 0 State: Enabled GPO: Prohibit Changing Sounds KeyName: Software\Policies\Microsoft\Windows\Personalization\NoChangingSoundScheme Value: 1, 0, 0, 0 State: Enabled Folder Redirection ------------------ N/A Internet Explorer Browser User Interface ---------------------------------------- N/A Internet Explorer Connection ---------------------------- N/A Internet Explorer URLs ---------------------- N/A Internet Explorer Security -------------------------- N/A Internet Explorer Programs -------------------------- N/A 4) Default Domain Policy for the domain Default Domain Policy Data collected on: 1/19/2011 8:22:23 AM hide all Generalhide<http://social.technet.microsoft.com/Forums/en/winserverGP/thread/> Detailshide<http://social.technet.microsoft.com/Forums/en/winserverGP/thread/> Domain gplab.local Owner GPLAB\Domain Admins Created 12/25/2010 1:41:20 PM Modified 1/15/2011 6:25:14 PM User Revisions 0 (AD), 0 (sysvol) Computer Revisions 3 (AD), 3 (sysvol) Unique ID {31B2F340-016D-11D2-945F-00C04FB984F9} GPO Status Enabled Linkshide<http://social.technet.microsoft.com/Forums/en/winserverGP/thread/> Location Enforced Link Status Path gplab No Enabled gplab.local This list only includes links in the domain of the GPO. Security Filteringhide<http://social.technet.microsoft.com/Forums/en/winserverGP/thread/> The settings in this GPO can only apply to the following groups, users, and computers: Name NT AUTHORITY\Authenticated Users WMI Filteringhide<http://social.technet.microsoft.com/Forums/en/winserverGP/thread/> WMI Filter Name None Description Not applicable Delegationhide<http://social.technet.microsoft.com/Forums/en/winserverGP/thread/> These groups and users have the specified permission for this GPO Name Allowed Permissions Inherited NT AUTHORITY\Authenticated Users Read (from Security Filtering) No NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Read No NT AUTHORITY\SYSTEM Edit settings, delete, modify security No Computer Configuration (Enabled)hide<http://social.technet.microsoft.com/Forums/en/winserverGP/thread/> Policieshide<http://social.technet.microsoft.com/Forums/en/winserverGP/thread/> Windows Settingshide<http://social.technet.microsoft.com/Forums/en/winserverGP/thread/> Security Settingshide<http://social.technet.microsoft.com/Forums/en/winserverGP/thread/> Account Policies/Password Policyhide<http://social.technet.microsoft.com/Forums/en/winserverGP/thread/> Policy Setting Enforce password history 24 passwords remembered Maximum password age 42 days Minimum password age 1 days Minimum password length 7 characters Password must meet complexity requirements Enabled Store passwords using reversible encryption Disabled Account Policies/Account Lockout Policyhide<http://social.technet.microsoft.com/Forums/en/winserverGP/thread/> Policy Setting Account lockout threshold 0 invalid logon attempts Account Policies/Kerberos Policyhide<http://social.technet.microsoft.com/Forums/en/winserverGP/thread/> Policy Setting Enforce user logon restrictions Enabled Maximum lifetime for service ticket 600 minutes Maximum lifetime for user ticket 10 hours Maximum lifetime for user ticket renewal 7 days Maximum tolerance for computer clock synchronization 5 minutes Local Policies/Security Optionshide<http://social.technet.microsoft.com/Forums/en/winserverGP/thread/> Network Accesshide<http://social.technet.microsoft.com/Forums/en/winserverGP/thread/> Policy Setting Network access: Allow anonymous SID/Name translation Disabled Network Securityhide<http://social.technet.microsoft.com/Forums/en/winserverGP/thread/> Policy Setting Network security: Do not store LAN Manager hash value on next password change Enabled Network security: Force logoff when logon hours expire Disabled Public Key Policies/Encrypting File Systemhide<http://social.technet.microsoft.com/Forums/en/winserverGP/thread/> Certificateshide<http://social.technet.microsoft.com/Forums/en/winserverGP/thread/> Issued To Issued By Expiration Date Intended Purposes Administrator Administrator 1/14/2014 6:25:14 PM File Recovery For additional information about individual settings, launch Group Policy Object Editor. Public Key Policies/Trusted Root Certification Authoritieshide<http://social.technet.microsoft.com/Forums/en/winserverGP/thread/> Propertieshide<http://social.technet.microsoft.com/Forums/en/winserverGP/thread/> Policy Setting Allow users to select new root certification authorities (CAs) to trust Enabled Client computers can trust the following certificate stores Third-Party Root Certification Authorities and Enterprise Root Certification Authorities To perform certificate-based authentication of users and computers, CAs must meet the following criteria Registered in Active Directory only User Configuration (Enabled)hide<http://social.technet.microsoft.com/Forums/en/winserverGP/thread/> No settings defined. Thanks for the help! ________________________________ From: Darren Mar-Elia <xxxxxxxxxxxxxxxx> To: "xxxxxxxxxxxxxxxx" <xxxxxxxxxxxxxxxx> Sent: Tue, January 18, 2011 10:17:59 PM Subject: RE: [gptalk] Computer Settings of Default Domain Policy do not apply to client accounts Tom- I’m a bit confused by your description that, Computer settings do not apply “when a user logs-on”. They (Computer Settings) normally only apply to the computer, regardless of what user is logged in. Can you be more specific about what you’re expecting to happen? Thanks! Darren From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Tom Verhein Sent: Tuesday, January 18, 2011 7:06 PM To: xxxxxxxxxxxxxxxx Subject: [gptalk] Computer Settings of Default Domain Policy do not apply to client accounts In my Server 2008 R2 domain, I have a Server 2008 R2 Domain Controller with 3 Windows 7 workstations and 1 XP workstation. DNS resides on the Domain Controller and all 4 workstations joined the domain with no issue. Under my Human Resources OU, I have an OU called Human Resources Users and another OU called Human Resources Computers. My workstations reside in the Computers OU and the users reside in the Users OU. When a domain user logs-on to any Windows 7 machine, the Computer Settings of the Default Domain Policy do not apply, however they do apply when a domain user logs-on to the XP machine. When a domain administrator account logs on to the Windows 7 machine, the Computer Settings of the Default Domain Policy apply as well. What follows is the Gpresult /v from the logon of a domain User. Any suggestions on why this is happening? Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0 Copyright (C) Microsoft Corp. 1981-2001 Created On 1/18/2011 at 5:01:11 PM RSOP data for GPLAB\frizzo on W7 : Logging Mode ------------------------------------------------ OS Configuration: Member Workstation OS Version: 6.1.7600 Site Name: N/A Roaming Profile: N/A Local Profile: C:\Users\frizzo Connected over a slow link?: No USER SETTINGS -------------- CN=Frank Rizzo,OU=Human Resources Users,OU=Human Resources,DC=gplab,DC=local Last time Group Policy was applied: 1/18/2011 at 5:00:10 PM Group Policy was applied from: DC01.gplab.local Group Policy slow link threshold: 500 kbps Domain Name: GPLAB Domain Type: Windows 2000 Applied Group Policy Objects ----------------------------- ?Hide Mouse Pointers Option\Restore Screen Saver Option Prohibit Changing Sounds Hide Screen Saver Option The following GPOs were not applied because they were filtered out ------------------------------------------------------------------- Default Domain Policy Filtering: Not Applied (Empty) Local Group Policy Filtering: Not Applied (Empty) The user is a part of the following security groups --------------------------------------------------- Domain Users Everyone BUILTIN\Users NT AUTHORITY\INTERACTIVE CONSOLE LOGON NT AUTHORITY\Authenticated Users This Organization LOCAL Group Policy Creator Owners HR-OU-Admins Denied RODC Password Replication Group Medium Plus Mandatory Level The user has the following security privileges ---------------------------------------------- Resultant Set Of Policies for User ----------------------------------- Software Installations ---------------------- N/A Logon Scripts ------------- N/A Logoff Scripts -------------- N/A Public Key Policies ------------------- N/A Administrative Templates ------------------------ GPO: ?Hide Mouse Pointers Option\Restore Screen Saver Option KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage State: disabled GPO: ?Hide Mouse Pointers Option\Restore Screen Saver Option KeyName: Software\Policies\Microsoft\Windows\Personalization\NoChangingMousePointers Value: 1, 0, 0, 0 State: Enabled GPO: Prohibit Changing Sounds KeyName: Software\Policies\Microsoft\Windows\Personalization\NoChangingSoundScheme Value: 1, 0, 0, 0 State: Enabled Folder Redirection ------------------ N/A Internet Explorer Browser User Interface ---------------------------------------- N/A Internet Explorer Connection ---------------------------- N/A Internet Explorer URLs ---------------------- N/A Internet Explorer Security -------------------------- N/A Internet Explorer Programs -------------------------- N/A

You are not authorized to post a reply.

Forums >GPTalk >GPTalk Mailing List > RE: [gptalk] Computer Settings of Default Domain Policy do not apply to client accounts

ActiveForums 3.7

Members

	Membership:
	Latest:carmicklec
	New Today:1
	New Yesterday:1
	Overall:1399

	People Online:
	Visitors:0
	Members:0
	Total:0

Online Now:

Ads

Copyright 2009 by GPOGUY.COM
Terms Of Use