×

Loading...
Ad by
  • 推荐 OXIO 加拿大高速网络,最低月费仅$40. 使用推荐码 RCR37MB 可获得一个月的免费服务
Ad by
  • 推荐 OXIO 加拿大高速网络,最低月费仅$40. 使用推荐码 RCR37MB 可获得一个月的免费服务

@Florida

Thank you for your reply, please come in to see my detail

akoei(停车**枫林晚)
1. I know that rule, so I didn't test some users with OU level, only users direct in the domain.
3. How about I create a copy of default domain controller policy, with different name, then applies the cloned policy, but disable the named "default domain controller policy"
4. There is no confict items in these two policies.
5. Thank you for this point, I have learned some from here. There are some userenv errors there, with event # 1000. The user is "SYSTEM", that is the one I am confusing: I tried diffrent domain user name to log in this computer, but the user is always "SYSTEM", is that means the GPO is implemented in the client computer with the "SYSTEM" user? How about I don't have the build-in "SYSTEM" user in my client computer?

Thank you for taking time to help me.
(#2469871@0)
Last Updated: 2005-8-25
This post has been archived. It cannot be replied.
Report

Replies, comments and Discussions:

  • 工作学习 / 专业技术讨论 / win2003域策略没法生效于域用户计算机的原因是什么? -akoei(停车**枫林晚); 2005-8-24 {381} (#2468789@0)
    大家知道域缺省组策略有两个,一个是域策略,一个是域控制器策略。我在二个策略内都为IE设了标题,是不同的。现在问题是:
    1。在DC上,只有域策略生效;如果把域策略去掉,按理域控制器策略该生效,结果域控制器策略没有起作用;
    2。若不在DC上,按理只要登录域的用户或计算机就应该执行域策略,结果域策略在除了DC外的计算机上都无效。

    有谁能解答一下?

    我用的是win ser 2003 standard,客户机为2000
    • Can you say your question in English? -zzbsb(friends); 2005-8-24 (#2468869@0)
      • 为什么? -akoei(停车**枫林晚); 2005-8-24 (#2468883@0)
        • Because at work, we speak those terms in English, it's hard to understand them in Chinese, at lease it's my feeling. -zzbsb(friends); 2005-8-25 (#2469719@0)
    • you really need more study on how computer applies Group Policies, especially the precedence of GPO application on different level -strongline(strongline); 2005-8-25 {843} (#2469680@0)
      1. default domain policy will apply to all users/computers in the domain but it will be overrided by GPOs that are linked to OU level, or will be filtered by permission/wmi filter
      2. default domain controller policy will apply to all DCs and it has higher priority than the default domain policy.
      3. if the default domain controller policy is not applying, your AD environment is not gonna work.
      4. if you set same settings in both default domain policy and domain controller policy,, and you see it effective only on DCs, i am pretty sure it comes from default domain controller policy, instead of domain policy
      5. check your application log on client side, if a group policy is not applying, you should see userenv 1000 errors
      6. there are too many factors can affect GP application, which is not possible covered by a forum like rolia
      • Thank you for your reply, please come in to see my detail -akoei(停车**枫林晚); 2005-8-25 {800} (#2469871@0)
        1. I know that rule, so I didn't test some users with OU level, only users direct in the domain.
        3. How about I create a copy of default domain controller policy, with different name, then applies the cloned policy, but disable the named "default domain controller policy"
        4. There is no confict items in these two policies.
        5. Thank you for this point, I have learned some from here. There are some userenv errors there, with event # 1000. The user is "SYSTEM", that is the one I am confusing: I tried diffrent domain user name to log in this computer, but the user is always "SYSTEM", is that means the GPO is implemented in the client computer with the "SYSTEM" user? How about I don't have the build-in "SYSTEM" user in my client computer?

        Thank you for taking time to help me.
        • see inside ==> -strongline(strongline); 2005-8-25 {871} (#2469931@0)
          you don't have to disable the default domain policy, and that is not recommended anyways. you can just creat whatever policy you like, and link it anywhere you like.

          paste the event id 1000 description so i can know about the cause. another tool you can use is RSop or gpresult.exe. run "gpresult.exe /v" and check what policy has been applied, what settings have been made.

          if you can't get a clue from event 1000, you may want to enable userenv debugging log, per http://support.microsoft.com/default.aspx?scid=kb;EN-US;221833.

          then search any thing you think is valueable in microsoft KB.

          Again, all these suggestion can serve as just a start point. there are too many things can cause GP application error, including DNS, connectivity, permission, FRS, DFS, AD replication, you name it.

          Visit my AD/Exchange blog at http://strongline.blogspot.com
          • solved! -akoei(停车**枫林晚); 2005-8-25 {190} (#2470554@0)
            According to the description of event log, I have figured it out. It because of DNS setting. DC is not DNS server, so add DC address to the list of DNS in client, everything is getting fine.

More Topics

  • 看大家讨论日语,俺也正在认真学习。其实语言问题应该是很快也很容易就解决的,可能比自动驾驶来的还快。TREK里面,全宇宙的人都在大脑里安装了UNIVERSAL TRANSLATOR,外星人之间相互交流无障碍。废话少说,看视频。。。加上个MIC和耳机,不同国家的人就可以无障碍交流。
  • 肉脸真有搞 IT 的?Linux 把俄国中国伊朗踢出去了好像肉脸 IT 没啥感觉似的
  • 请问web developer和software developer技术上有什么区别?
  • Elon Musk 带着川普总统奔向火星了。
  • 扔硬币的实验研究
    • 枫下论坛主坛工作学习专业技术讨论