Group policies not being applied to machines running Windows 2000 SP4

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

tip from d., on one of the many mcse exams there could be a nasty little question about how to apply a gpo to windows 2000 clients using a wmi filter, even though we know windows 2000 clients don't support wmi filters. i won't give the answer, also not via email or pm, but i'm sure you'll figure it out.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

was this problem solved? im keen to learn more about this d!

 

The problem has not been solved, still working on it.

I have removed SP4 off the client machine and the policy still does not take affect so I can rule out the service pack being at fault.

 

if you have hit the trial and error give my suggestion a go.. put that workstation into a OU and link the GPO to it.. got nothing to lose... just my reputation!

 

My college had already tried that at the first step Zim.

I may give it another shot although I think D already pointed out that the no clock policy is a user policy.

Trial and error is the way forward at the moment and if I balls up the policies then so be it, teach them to not train me!

 

Have you tried the gpresult and gpotool utilities to see what they report?

 

The gpresult tool on my machine (XP) shows that I, as a user have the 'no clock' policy applied.

How would this utility be run on a windows 2000 machine.

 

You need to install the Windows 2000 Resource Kit tools. gpresult.exe is a part of it. I'm not positive, but I think that resource kit is now a free download. Could be wrong on that but it sticks in my head that it's free now.

 

Yeah sorry FF I realised that as soon as I clicked submit. Been looking for the resource kit online but not been able to download it as yet. It should be in our mass of Microsoft technet CD's lying around so I will have a look and post the results. Just looking at problems with MS No-vision at the moment though...

 

You can find an almost complete list of the downloadable 2000 RK tools from the link below.

http://www.petri.co.il/download_free_reskit_tools.htm

 

Here is an ftp site from MS with at least a partial selection of tools from the 2000 resource kit. It also has a selection of other tools that are downloadable too, but probably the only ones usable any more are the 2K tools.

ftp://ftp.microsoft.com/reskit/

 

check your dns settings make sure they are correct i had the same problem on my domain and when i did this the problem seemed to clear up.

Jack

 

hmm, that's odd. i just did a quick and dirty test during a short break, created a gpo to remove the clock, applied it to a test account, and lo! and behold, i get the same thing. clock is gone on xp, but remains on 2000. i'm too busy to look into it now, but it sure is strange.

[edit] i have a feeling it's not even a windows 2000 policy to begin with.

 

Do you mean that this policy is not designed for Windows 2000 Pro? Therefore it won't be applied to these machines and only the XP machines?

Just like to thank everyone with there help on this. I have been bloody thinking about this all night, and I have been playing football and training all night!

Back on it tomorrow morning

 

I was thinking the same thing reading through this thread. I am not running W2K Pro here at the moment but from memory I don't recall an option to disable the clock.

 

indeed. i hadn't thought of that earlier, because it's such a simple policy and one would think it would work in windows 2000 as well, but as it turns out, it doesn't.

 

Thank you very much for your help D, much appreciated

Edit: Would it be possible to run a comparison tool on a XP registry and a windows 2000 registry to see what is affected? Could this be then manually replicated on the 2000 registry to clone the XP registry? I think the tool is windiff.

I will try it in a test situation anyway but if anybody has any thoughts let me know.

Edit [2]: Exported the registry entries from an XP machine and imported them onto a Windows 2000 machine. This may no change to the clock. Probably the best option would be to manually remove the clock on the machines and then create a new policy to remove users access to the taskbar and control panel etc.

 

to answer your edit.

migrating xp registry to 2000 registry will not do you any good. if anything, it will get you into a lot of trouble. keep in mind that policies are actually distributed registry settings. if the hide clock option in xp was the same registry setting in 2000, the gpo would already have worked.

the xp registry setting to hide the clock is:
hkcu/software/microsoft/windows/currentversion/policies/explorer/
(dword value hideclock data 1)

i think, but would need further testing, that the 2000 registry setting to hide the clock is:
hkcu/software/microsoft/windows/currentversion/explorer/stuckrects2/
(binary value settings data 28 00 00 00 ff ff ff ff 0a 00 00 00 03 00 00 00 3f 00 00 00 1e 00 00 00 fe ff ff ff 3c 02 00 00 22 03 00 00 5a 02 00 00)

you can create a custom adm to deploy that registry setting. again, blindly copying xp registry settings to the 2000 registry is not the way to go.

 

D

I agree with you about importing registry settings not being a good idea, and in no way am I promoting this practise, this was just an experiment on a Windows 2000 machine that is in a test environment.

To finish off the post I thought I would explain what I have done. As the company is mainly XP with a few 2000 machines scattered around I decided to remove the clock manually and then lock down the taskbar.

Run gpedit.msc

[User Configuration\Administrative Templates\Start Menu & Taskbar]

Enable the following settings:

Disable changes to Taskbar and Start Menu Settings

This then prevents the user from being to show the clock again

It is a work around but the machines are leased and are due for return to be replaced by XP machines.

 

I have been watching this thread and glad you found a way around it!