thingy
09-11-2004, 10:16 AM
I think I need a refresher in Active Directory.
Now that I'm finally convinced all our software works with Windows XP SP2 and that damned firewall of its, I've decided I'm finally going to allow this update to be released. I've set up an internal liveupdate server that as far as I can tell works, but I want to configure all the client machines to get the updates from it using GPO's. I also want a specific configuration for the firewall as its default settings will stop us being able to remote control the client machines.
The last time I did any GPO manipulation was a few months ago. I make a change, within 15 minutes it's taken effect on both internal DC's (these were login script changes). However, these new GPO's I've created for firewall configuration and internal liveupdate settings haven't taken affect at all.
I've set up the GPO in ADS under the IT OU (got I love TLA's). The permissions look ok to me, all users can read it, authenticated users and my own account are set to apply it. There's no conflicting GPO's at higher levels (there ARE no GPO's at higher levels, unless we haven't been informed), yet both of my machines are still using the manual settings I've put in - the options that should be greyed out due to the GPO aren't.
Here's what the cause of the problem most likely is, but I'm unsure as to where to look first. One of our DC's is a Windows 2000 Server, the other is 2003. The 2003 one was upgraded only a week or two ago, they tried to upgrade the other a few days prior to that but it failed so it still 2000 until they get a chance to come back and look at it. This is being done by the infrastructure team in HK and NY, so I'd prefer to leave it to them should they have any settings they'd prefer.
So, we've got one DC that failed to update to 2003, one that is now 2003, and since this change, despite it looking like I've implimented a GPO properly it doesn't seem to be applying itself to machines/users. Where do I start looking to resolve this? I have 3 weeks until my holidays, this is just one of many back-end jobs I'd like done before then.
Now that I'm finally convinced all our software works with Windows XP SP2 and that damned firewall of its, I've decided I'm finally going to allow this update to be released. I've set up an internal liveupdate server that as far as I can tell works, but I want to configure all the client machines to get the updates from it using GPO's. I also want a specific configuration for the firewall as its default settings will stop us being able to remote control the client machines.
The last time I did any GPO manipulation was a few months ago. I make a change, within 15 minutes it's taken effect on both internal DC's (these were login script changes). However, these new GPO's I've created for firewall configuration and internal liveupdate settings haven't taken affect at all.
I've set up the GPO in ADS under the IT OU (got I love TLA's). The permissions look ok to me, all users can read it, authenticated users and my own account are set to apply it. There's no conflicting GPO's at higher levels (there ARE no GPO's at higher levels, unless we haven't been informed), yet both of my machines are still using the manual settings I've put in - the options that should be greyed out due to the GPO aren't.
Here's what the cause of the problem most likely is, but I'm unsure as to where to look first. One of our DC's is a Windows 2000 Server, the other is 2003. The 2003 one was upgraded only a week or two ago, they tried to upgrade the other a few days prior to that but it failed so it still 2000 until they get a chance to come back and look at it. This is being done by the infrastructure team in HK and NY, so I'd prefer to leave it to them should they have any settings they'd prefer.
So, we've got one DC that failed to update to 2003, one that is now 2003, and since this change, despite it looking like I've implimented a GPO properly it doesn't seem to be applying itself to machines/users. Where do I start looking to resolve this? I have 3 weeks until my holidays, this is just one of many back-end jobs I'd like done before then.