GPO's not taking effect on DC's

**TheReasonIFail** · March 10, 2009

We decided to lock down our domain controllers through the use of a GPO in the Domain Controllers OU but no matter what we've tried, the DC's will not take those settings.

If we make the same exact changes to the local group policy, it works flawlessly.

The domain GPO is enabled and enforced.

Anyone have any ideas?

**Tripredacus** · March 10, 2009

Perhaps adding the User accounts that the DCs use? Of course you did add your Domain Controllers into that group right? And are you enforcing known vs. unknown computers?

**stones** · March 11, 2009

In your GPO editor, what is the policy name you are changing?

**TheReasonIFail** · March 11, 2009

Trip, I've added the correct users and even added the domain controllers themselves to the group, no dice.

Stones, I created a new GPO called "DC_GPO_Lockdown".

**iamtheky** · March 12, 2009

the DC's will not take those settings.

are you adding a new adm file to the gp with just that small section or are you replacing the entire exisitng structure?

Editing or creation of Group Policy Objects (GPO) is always done from the GPO copy found in the PDC Emulator's SYSVOL share, unless configured not to do so by the administrator.

http://www.petri.co.il/understanding_fsmo_roles_in_ad.htm

edit: '......entire existing adm' + quote and ref in case that helps

Edited March 12, 2009 by iamtheky

Sign In

GPO's not taking effect on DC's

Recommended Posts

TheReasonIFail

Link to comment

Share on other sites

Tripredacus

Link to comment

Share on other sites

stones

Link to comment

Share on other sites

TheReasonIFail

Link to comment

Share on other sites

iamtheky

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Activity

Browse