If you are trying to determine why Your new GPO policy is not being applied as expected, one of first things you should do is examine the Resultant Set of Policy (RSoP) for the user and computer experiencing problems with policy settings on Your Windows Server 2008.
Using the Gpresult command-line utility, you can view RSoP.
Gpresult command provides details on the following:
- special settings applied for folder redirection, software installation, disk quota, IPSec, and scripts;
- last time Group Policy was applied;
- domain controller from which policy was applied and the security group memberships for the computer and user accounts;
- complete list of GPO that were applied and complete list of GPO that were not applied because of filters.
Gpresult has the following syntax:
gpresult /s [ComputerName] /user [Domain\UserName]
[ComputerName] – is the name of the computer that you want to log policy results for
[Domain\UserName] – domain user that you want to log policy results for
Lets for example view the RSoP for server named “TestServer1” and the user “testuser1” in the “test.lan” domain. In this case open command line on Your Windows server and type:
gpresult /s TestServer1 /user test.lan\testuser1
Also You can view more detailed output by using one of the two verbose options.
/v parameter turns on verbose output and results are displayed only for policy settings in effect
/z parameter turns on verbose output with settings for policy settings in effect and all other GPOs that have the policy set
In additionYou can create an HTML report using the /h parameter or an XML report using the /x parameter.
Have fun !
Posted by Thomas | Posted in Group policy, Windows 2003 | Posted on 29-06-2009
0
By default you cant do this in your Windows server 2003 based domain.
I found Microsoft article that will help you build custom group policy ADM templates and restrict access to USB, CD-ROM, Floppy Disk and LS-120 drivers.
Read it here
Enjoy
In this post i`ll show one of many ways how to connect your users to shared printer. For that open notepad in Windows server 2003 or Windows XP and type:
REM Add Printers
RunDll32.EXE printui.dll,PrintUIEntry /in /n \\sever\printername1
RunDll32.EXE printui.dll,PrintUIEntry /in /n \\sever\printername2
REM Set Default Printer
RunDll32.EXE printui.dll,PrintUIEntry /y /n \\server\printername2
EXIT
For example i have two shared printers on server named “Fileserver” and these printers are shared as “HPLJ1″ and “HPLJ2″. Also i want “HPLJ1″ as default printer for all users. I will type :
REM Add Printers
RunDll32.EXE printui.dll,PrintUIEntry /in /n \\Fileserver\HPLJ1
RunDll32.EXE printui.dll,PrintUIEntry /in /n \\Fileserver\HPLH2
REM Set Default Printer
RunDll32.EXE printui.dll,PrintUIEntry /y /n \\Fileserver\HPLJ1
EXIT
Save this file as Addprinter.bat and place it as login script via group policy or you can deploy it to your users in any other way you prefer.
As you know, by default, group policy is being refreshed every 90 min + random time up to 30 min on domain members. And this refresh will occur only if group policy settings were modified. In addition, every 960 min, security settings are being refreshed regardless of whether any changes to group policy were made. This post will show you how to modify time value for security settings refresh on you Windows server 2003 or Windows XP machine. To modify open registry editor and navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}
Double click on “MaxNoGPOListChangesInterval”, change base to Decimal and enter your new Data value in minutes.
This post will show you how to view Resultant Set of Policy information with gpresult command. To view policy information for user named “Testuser” open command line on your Windows server 2008 and type:
gpresult /user Testuser
If you want to see only computer related policy settings type:
gpresult /user Testuser /scope computer
If you want to list policy information on remote server named “Testserver” type:
gpresult /s Testserver /user Testuser /scope computer
More gpresult usage examples can be found here .
