Home > Archive > 70-210 > January 2003 > Group policy trouble....





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Group policy trouble....
hairy51

2003-01-27, 3:13 pm

i am having trouble implementing group policy on my home lab.

I have win2k server DC and win2k client.

Here is what i did:-

Created an OU
Added two users to the OU
In the OU's properties i selected Group Policy tab and created a new GP.
I edited this to 'hide the Internet explorer icon from the desktop'.

I then ensured that my two users had read and apply GP permissions for the policy, and also selected 'Block policy inheritence'

I also used the secedit/refreshpolicy command.

What else do i need to do? At the moment the IE icon is still present when i log in as one of these users?
tharg

2003-01-28, 2:25 am

What is the output of NSLOOKUP on the client?
StevoC

2003-01-28, 9:17 am

I have found that group policy can be effected (affected - still don't know the difference!! ) if your DNS is not set up correctly.

Just me 2¢.
hairy51

2003-01-28, 12:37 pm

NSLOOKUP:

Client:-

server: unknown
address: 192.168.0.2

***unknown can't find nslookup:non-existent domain


Server:

server: localhost
address: 127.0.0.1
tharg

2003-01-28, 3:09 pm

Looks like a DNS misconfiguration - did you maybe use the wizard (DCPROMO) to configure DNS?

The wizard misconfigures DNS (nice one MS!). It will create a root zone in DNS - in other words the server will think it is a root server (and there are only 13 of them...)

So, *possibly* a "root zone" that shouldn't be in DNS.

MS have an article on this:
http://support.microsoft.com/?kbid=291382

NSLOOKUP output should end up looking like this on client and server.

Default Server: server1.tookaytest.com
Address: 192.168.0.2

Check DNS for a "." zone - if it exists under forward lookup zones in DNS, delete it.

Next create a reverse lookup zone if you don't already have one.
hairy51

2003-01-28, 3:22 pm

i did use the DCPROMO command, and there was a "." forward lookup zone, i have now deleted this an created a reverse look up zone, but i am still getting the same nslookup reading....
hairy51

2003-01-28, 3:36 pm

SORTED!!!

nice one tharg, i wouldn't have known to remove the "." zone.

I discovered that the reason it still wouldn't work was that the client was configured to recieve DNS server address automatically, when i entered in the static address of the DNS server, everything worked fine.

The group policy that i originally set up is now fully operational!

thanks again
tharg

2003-01-28, 3:49 pm

Excellent!

Do you think MS should do a KB on
"Why DCPROMO messes up DNS"
Sponsored Links





Free Braindumps | MCSE braindumps software forum

Copyright 2003 - 2008 examnotes.net