server 2003 and xp - group policies

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Ok, so recently i'm playing round with server 2003 and xp pro.

I have M$ Virtual PC setup and have built a smal network of several Xp machines and a central server with active directory etc.

now, playing around with group policies, i have found that i cant seem to change some local policies on the XP machine, even logged in as "administrator" the account policies in gpedit.msc appear with a padlock symbol and wont let me change them.

these settings seem to override anything i set up on teh server so i need to disable them locally.

I have disabled all policies on the server and i'm trying to remove the password history setting, but that and others seem locked.


Any ideas?

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Are you logged on as a domain admin or the local admin account for the XP machine?

 

I've tried both

Administrator
Domain

Administrator
This machine

Johndoe - (a domain admin)
Domain

 

When you update the security settings on the domain controller, have you rebooted the client machines?

 

GPO's can be very tricky. Let's make a short resume:
When a machine logs on to a domain, it undergoes several GPO's (if present).
The first one it gets is the site policy. After that you have the domain policy and last the OU policy is read in. If some settings are 'conflicting', the latter policy wins.
So, if you say "the run command should not be visible" in the domain policy and you say" The run command should be visible" in the OU policy, it will be visible for all users in that OU.
Off course you also have the local policy, a sort of default setting.
Now remember there are some settings which are domain wide and can not be set on a OU level. Settings as password lenght and such.
Most likely these will show up as 'locked' in policies except in the domain policy itself.

Does this help?