Yes, that could be part of the problem. One other thing to look for: GPOs should "really" be applied using groups. OUs were originally intended to delegate administration of domain objects. They were not really meant to be used for applying GPOs, although it is possible. Make sure the policy is not applied at a group level. If it is, make sure the objects are in the group(s).
<rambling> A GPO should be applied to a group, then the domain object should be added to that group. Then, the policy will be inherited. For example, in our situation, we have employees, students and instructors. We have an OU for students and an OU for instructors/employees. Each OU has its own GPO applied to it. The policy determines what permissions a user may have on a computer, as well as a few other things. But wait! What happens when a person is both a student and an employee? This can very well happen, and does all the time. So, in which OU do we place the user account? There is no "correct" location. However, if we would just have a single OU for "users", then, we can apply any number of group-based GPOs, as Microsoft intended, and our problems are solved. The only thing left is to determine the priority of the GPOs. In our case, the instructors/employees GPO should override a student GPO. </rambling> Sorry if this went a bit off-tangent, but this is yet another consideration. M!ke -----Original Message----- From: Dana [mailto:[EMAIL PROTECTED] Sent: Friday, September 02, 2005 7:01 PM To: CF-Community Subject: Re: server 2003 puzzler Oh yeah, forgot about ownership. Not that this is mentioned in the book, harumph. In fact, these are all good points that I will be sure to mention, since it looks as though it's going to be Tuesday when I hand this in. I was wondering, since this GPO is attached to an OU that contains only user objects, yet applies to the *computer* configuration, is this part of the problem? Bear in mind that one of the other questions here requires knowing that policies involving antivirus software are not affected by Block Policy Inheritance, and it may help to explain why I am looking for something sneaky. Dana ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:5:172483 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/5 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:5 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
