Jump to content

Overriding Local XP settings

Wizzykin

By Wizzykin
in Windows 2000/2003/NT4

 Share

Recommended Posts

Wizzykin

Wizzykin

Posted
Posted

Here's my deal. I got Server 2003 so that I could mess around with it and basically learn a bunch at home. I'm in college right now for this sort of stuff - but we haven't really learned this yet...

anyway - here's the problem.

Some changes I make on the 2003 machine have no effect on the XP machine.

They're on different computers. I've added the XP Pro machine to the 2003 domain...

now - here's an example.

I want to make it so users can change the system time...

when i go to the "Domain Security Settings" and enable it for "Everyone" (or even specifically put in the user name I'm using to log on with), it doesn't even effect the XP machine. Instead, i have to go to the local XP settings (with an administrator log on) and change the local policy setting there - then users can change the system time.

Is there some way to over ride that? It doesn't make sense to me that there would be an option on the 2003 server if it's not going to override the XP machine's local settings.

Link to comment
Share on other sites

allen2

allen2

Posted
Posted

If you're speaking about a GPO on the 2003, it should work after doing a gpupdate on the XP and/or a reboot.

Other than that, all security settings about time i can see would affect the 2003.

Link to comment
Share on other sites
nitroshift

nitroshift

Posted
Posted

Make sure that you log into the domain with the xp machine and that the user account is set in the server machine. In rest, any changes made in the GPO on the server will affect the way the xp machine will behave.

Link to comment
Share on other sites
Wizzykin

Wizzykin

Posted
  • Author
Posted

I am :\ not working

I tried making a new OU - then added the user to that... I made a policy in there even with "Everyone" allowed to change system time...

logged on to the XP machine with the user name from that unit and it still doesn't let me change the time.

Is it possible that if it's not a roaming profile - it won't work?

I just tried something else and no luck. I went to the user screen and clicked the "make user change password at next login" thing - and then went to log on with the XP machine and didn't have to change my password... perhaps something's not working properly?

Link to comment
Share on other sites
fizban2

fizban2

Posted
Posted

it sounds like you are not logging into the domain or are not connected to the domain, make sure that you are logginging into the domain and not the local machine, at the logon screen hit the options button to display where the machine is logging into, this should be set to the Domain you create on the server 2003 machine

Link to comment
Share on other sites
stickzilla

stickzilla

Posted
Posted

As an addendum to what Fizban said -

To make sure you are receiving your GPOs, once you have logged in, go to your command prompt and enter

gpresult

it will then display what GPOs are applied as well as other information that will let you know if you are properly talking with your DC or not

Link to comment
Share on other sites
fizban2

fizban2

Posted
Posted
As an addendum to what Fizban said -

To make sure you are receiving your GPOs, once you have logged in, go to your command prompt and enter

gpresult

it will then display what GPOs are applied as well as other information that will let you know if you are properly talking with your DC or not

:) thanks stick, forgot about that

Link to comment
Share on other sites
Wizzykin

Wizzykin

Posted
  • Author
Posted

Kind of figured out what happened. It's not a roaming profile - so the first time I logged on, I was ok - but after that it seemed it wasn't connecting to the server, but it loading ok because the profile was stored locally on the machine.

I tried making a new name and can't connect to the server with it to save my life... freaking thing.

I uninstalled AD and reinstalled it... then I joined the domain with the computer again... XP restarted and now I can't log on with the login because the domain apparently isn't available... still trying to figure out what the hell the problem is with it :\

why it would add itself to the domain in the first place, then say the domain isn't available after the restart is beyond me.

Link to comment
Share on other sites
nitroshift

nitroshift

Posted
Posted (edited)

This is what you have to do (your server must be running at all times while doing this):

1. In the AD create the user logon name of the XP machine.

2. Set whatever policies you want in GPO.

3. Log into the XP machine as administrator (or another user with administrative rights).

4. Under My Computer ---> Properties ---> Computer Name ---> Change, set the domain you created in the

server.

5. Restart the XP machine when prompted.

6. After reboot, when you are presented with the "Press Ctrl+Alt+Del" popup click on "options" and choose the

domain to log onto, not the local machine and instead of administrator type the user name that you have set

in the AD.

This would be pretty much all you need to do. You may also need to make sure that the cables connecting the 2 pc's are ok and they are in the same IP class / subnet mask.

Regards,

nitro

Edited by nitroshift
Link to comment
Share on other sites
Wizzykin

Wizzykin

Posted
  • Author
Posted

It finally connected... it seems like it's just a crapshoot.

Basically I just kept trying to join the domain and it kept failing... then finally it worked... now it seems fine.

So - I've got a roaming profile going. But it seems to still not be taking in some of the options.

It took in the new password settings fine (I changed them to test it out) - but other things still just won't work - like allowing the user to change system time...

I type gpresult and I get:

Getting the SID information...

Info: The Policy Object Does Not Exist

Not sure what that means... Some policies take place - like I said, the password policy changes worked.

Link to comment
Share on other sites
Wizzykin

Wizzykin

Posted
  • Author
Posted

This is confusing me. Perhaps I'm not applying policies right?

I created a new user name. I set the profile path to \\server\profiles\jmadden

I logged onto the XP machine with the name, made some changes, and logged back off. It created the folder to my 2003 machine and saved it... So, I know I logged onto the domain properly.

However - when i do that gpresult thing (after doing gpupdate), I always get that "Policy Object Does Not Exist"

I tried the same thing on the server machine and I got a ton of information... but it always fails on the XP machine.

I made the user name and changed nothing but the profile path - i left the generic "users" membership thing it does.

Then i went to start->programs->admin tools->domain security policy

then I changed stuff around in there. The password stuff works - since it has to read that to log on, I suppose (I made the user have to change their password, and the restrictions worked)...

I also went to the users/computers screen and right clicked on mytestdomain then his properties and edited the generic group policy "default domain policy". Now - those changes worked on the 2003 machine - but still didn't effect the XP machine at all when I logged on.

I'm trying to set things to learn - but it's not going so well ;) haha

I want to allow the user to set the system time, not be able to change their desktop wallpaper, etc... I can set the settings - and they work locally on the 2003 machine - but not when I log onto the XP machine. Although, I made a new name - so I know i'm logging onto the domain fine, because there wouldn't be a profile locally for it to log on with.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...