×

Loading...
Ad by
  • 技多不压身,工到自然成:安省技工证书特训班,点击咨询报名!
Ad by
  • 技多不压身,工到自然成:安省技工证书特训班,点击咨询报名!

@Calgary

Thank you for your reply, please come in to see my detail

akoei(停车**枫林晚)
1. I know that rule, so I didn't test some users with OU level, only users direct in the domain.
3. How about I create a copy of default domain controller policy, with different name, then applies the cloned policy, but disable the named "default domain controller policy"
4. There is no confict items in these two policies.
5. Thank you for this point, I have learned some from here. There are some userenv errors there, with event # 1000. The user is "SYSTEM", that is the one I am confusing: I tried diffrent domain user name to log in this computer, but the user is always "SYSTEM", is that means the GPO is implemented in the client computer with the "SYSTEM" user? How about I don't have the build-in "SYSTEM" user in my client computer?

Thank you for taking time to help me.
(#2469871@0)
Last Updated: 2005-8-25
This post has been archived. It cannot be replied.
Report

Replies, comments and Discussions:

  • 工作学习 / 专业技术讨论 / win2003域策略没法生效于域用户计算机的原因是什么? -akoei(停车**枫林晚); 2005-8-24 {381} (#2468789@0)
    大家知道域缺省组策略有两个,一个是域策略,一个是域控制器策略。我在二个策略内都为IE设了标题,是不同的。现在问题是:
    1。在DC上,只有域策略生效;如果把域策略去掉,按理域控制器策略该生效,结果域控制器策略没有起作用;
    2。若不在DC上,按理只要登录域的用户或计算机就应该执行域策略,结果域策略在除了DC外的计算机上都无效。

    有谁能解答一下?

    我用的是win ser 2003 standard,客户机为2000
    • Can you say your question in English? -zzbsb(friends); 2005-8-24 (#2468869@0)
      • 为什么? -akoei(停车**枫林晚); 2005-8-24 (#2468883@0)
        • Because at work, we speak those terms in English, it's hard to understand them in Chinese, at lease it's my feeling. -zzbsb(friends); 2005-8-25 (#2469719@0)
    • you really need more study on how computer applies Group Policies, especially the precedence of GPO application on different level -strongline(strongline); 2005-8-25 {843} (#2469680@0)
      1. default domain policy will apply to all users/computers in the domain but it will be overrided by GPOs that are linked to OU level, or will be filtered by permission/wmi filter
      2. default domain controller policy will apply to all DCs and it has higher priority than the default domain policy.
      3. if the default domain controller policy is not applying, your AD environment is not gonna work.
      4. if you set same settings in both default domain policy and domain controller policy,, and you see it effective only on DCs, i am pretty sure it comes from default domain controller policy, instead of domain policy
      5. check your application log on client side, if a group policy is not applying, you should see userenv 1000 errors
      6. there are too many factors can affect GP application, which is not possible covered by a forum like rolia
      • Thank you for your reply, please come in to see my detail -akoei(停车**枫林晚); 2005-8-25 {800} (#2469871@0)
        1. I know that rule, so I didn't test some users with OU level, only users direct in the domain.
        3. How about I create a copy of default domain controller policy, with different name, then applies the cloned policy, but disable the named "default domain controller policy"
        4. There is no confict items in these two policies.
        5. Thank you for this point, I have learned some from here. There are some userenv errors there, with event # 1000. The user is "SYSTEM", that is the one I am confusing: I tried diffrent domain user name to log in this computer, but the user is always "SYSTEM", is that means the GPO is implemented in the client computer with the "SYSTEM" user? How about I don't have the build-in "SYSTEM" user in my client computer?

        Thank you for taking time to help me.
        • see inside ==> -strongline(strongline); 2005-8-25 {871} (#2469931@0)
          you don't have to disable the default domain policy, and that is not recommended anyways. you can just creat whatever policy you like, and link it anywhere you like.

          paste the event id 1000 description so i can know about the cause. another tool you can use is RSop or gpresult.exe. run "gpresult.exe /v" and check what policy has been applied, what settings have been made.

          if you can't get a clue from event 1000, you may want to enable userenv debugging log, per http://support.microsoft.com/default.aspx?scid=kb;EN-US;221833.

          then search any thing you think is valueable in microsoft KB.

          Again, all these suggestion can serve as just a start point. there are too many things can cause GP application error, including DNS, connectivity, permission, FRS, DFS, AD replication, you name it.

          Visit my AD/Exchange blog at http://strongline.blogspot.com
          • solved! -akoei(停车**枫林晚); 2005-8-25 {190} (#2470554@0)
            According to the description of event log, I have figured it out. It because of DNS setting. DC is not DNS server, so add DC address to the list of DNS in client, everything is getting fine.

More Topics

  • 老程序员第一次用copilot的一点点体会
  • 现在社区游泳池招救生员巡逻,过一会还要不停的点人头,这工作是否很快就被AI代替了,装一个摄像头后面是AI处理系统,这样只招一个等着救人就行了,人头沉下水一定时间立马强光照射,还可以分析水下人的状况来判断是否溺水等
  • 新冠疫苗引发心肌炎? 最新研究这样看
  • 这道几何题有解吗?
  • SAM 2 Demo
    • 枫下论坛主坛工作学习专业技术讨论