Domain Group Policy

Update Anti-virus via Domain group Policy?
Can someone help me please, I'm using Windows 2003 DNS and I have 10 clients which are not connected in the internet, anti-virus installed.my question is, is there a way that I can update antivirus from the server using a Group Policy every time the clients log in?

Hmm, if the network support software/or the DNS supports that, or you can install an enterprise version of your anti-virus, and if your the administrator, all changes will be made to all client's PCs and clients can't change it. Group Policy, perhaps.

How to apply a Group Policy Object to a user or a group?
I have recently established a domain network based on Win Server 2003. I declared 5 users, but I can't apply them any policy. I have also made policies on the Default Domain Policy and the Default Domain Controllers Policy. But they can't be associated to any user or group and are applied just on the server machine and the administrator user. My users can log in even when the server is off.

Hello Behdad, you cannot apply group policies directly to users or groups, they have to be linked to the ou or domain or the site that contains them. Since you have made changes to default domain policy, this policy applies to all users ans computers in the domain. you can check whether the policy is applying or not by going to your event viewers application log and find events called as "userenv". these will tell you if GP is applying or not. You will also need to know a lot more before you can fully understand how group policies work. Join our networking forum at http://www.mcsehub.com and you can ask any questions related to MCSE, or other networking topics. Group policy is covered in detail in MCSE. See u at the fourm!!

Group Policy when the domain goes down.?
I'm new at creating a domain, but I figured it out and even set up group policies and they work fine. My question is this. In the event the domain server goes down, for whatever reason, how is it that the clients still seem to reflect the correct policy settings? Is the policy from the domain cached somewhere on the client?

GPO's are cached on the client, to protect them in the event of this. GPO is configured to check each client on the network every 45 minutes to 24 hours depending on the number of clients that are connected to the server in Active Directory Users and Computers. If a computer is left on, during this period, the user will be able to continue working (as long as the DC is not set to authenticate the password after the client is unlocked or resumed from standby) To see what policies the GPO's have cached on the machine, right click on my computer, click on properties, and then click on Advanced and then on user profiles. Should any of these profiles be changed to Cached, then you will have the issue of not being able to logon if the workstation does not pass the GPO Audit.

Can I implement group policy of domain in linux client?


yes you can, a domain server under linux OS is much more secure actually, and much more convinient to push policies on the domain

I am trying to create a Group Policy Object to add a Domain Admin group to all PC's in my network.?
I am new to this whole Active Directory and GPO's world so i really need some assistance. Earlier today i was trying to remote into a computer and was denied access mainly because my Domain Admins group was not part of the administrators. So i was wanting to create a GPO that would add Domain Admins to the local admin group account on all the PC's that are on my network. I dont know if this is even possible, but if you can tell me how or atleast point me in some sort of direction i would greatly appreciate it. I have a network, i have active directory, and we use Windows Server 2003. Every PC has Windows XP on it. . I also have a group account in AD in which every administrator is a part of. This group is what i add to each and every machine to make sure when an admin logs into it, he has the rights needed. However some PC's have escaped without that group being added to them, so i am unable to remote in to them. So i was wondering if i could create a GPO that would add this AD Group to each PC under the Group Admins.

First off, do you have a server? What level is your network Windows 2000 Mixed, Windows 2003? Have you set up a domain? Do you use Active Directory? In Windows 2003 Server Domains, permissions are granted to Domain Local Groups. Global and universal Groups are added to Domain Local Groups to apply permissions. Cheers

How do I export and import windows group policy settings?
Does anyone know how I can export and import group policy settings (local - domain level), for example if I want to back it up.

You can export the individual lists by going to Actions - Export List.. This MS page talks about importing them afterward. http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sce_assignpolicy2.mspx?mfr=true

How can I clear out Group Policy on my laptop?
My laptop was on the Domain at school, and so Group Policy took over some settings (like forcing me to use a non-existant proxy). How can I clear that out?

This is a really easy one. Go to C:/winnt(xp) windows(2000)/system32/ and delete or rename the group policy folder to group policy.ppp or something equally ridiculous. That ought to take care of the policies after a reboot. Have a good one.

how to restrict users for using desktop in domain?
how to restrict users for using desktop or saving any thing (folers Etc..) on desktop in domain group policy.

you can restict via Group policies Maiba3481

how can i configure group policy in win 2003 domain controller & how can i configure win xp clients also?


Once you have the OU's defined you simply right click the OU and select properties. Here you select the group policy tab and can create new policies here. The other option is to run MMC and install the group policy editor. If you do that then the group policy tab in AD will warn you that it has been installed and you should edit all policies that way. As for configuration of XP clients that is what the policies do when the computer is added to the OU.

in windows 2000 on a domain DNS settings won't allow me to have internet and group policy at the same time
I've got many useful answers here on yahoo answers from you guys. Thank You. My windows 2000 network is working except one thing. When I log in the domain from the workstation I want windows to load the custom group policy settings that I created in active directory. I can do that easily IF I repeat IF I set the DNS IP address in tcp/ip settings to the one that I'm running on the server. I'm also using internet sharing on the server and I'd like to access the internet from the workstation. BUTTTTT it only works if I change the DNS settings to my router's ip address. So I either have gpo applied OR have internet because each feature requires it's own DNS setting. How can I have both? I have to have GPO applied so I can restrict the user's environment and I have to have internet on the workstations. I have 2 NIC in the server by the way and I enabled the internet sharing on the NIC that is connected to the router that is the internet (if this info help). Thank you for your help you guys.

u need to move internet connection sharing off of ur domain controller,, thats just not right at all; security and config wise. Ideally the DC should be the DC and not to much more,, possibly running DNS/DHCP in some minimalist configs but NAT/Internet connection sharing no I don' t even think thats available on the domain controller servers in windows. and anything u want to access the internet needs to be pointed at ur default gateway. If u know to point the server to the router to access the internet what are u sharing the internet for? i just don't get that one. Who configured this network? Ok GPO's are set on the domain controller and are attached to active directory container objects like OU's or groups,, in fact from what ur explaining it sounds more like ur in a work group model than a domain and if thats the case u can't apply GPO's to others PC's only to urs ,, if u r in a domain environment,, someone has seriously confused ur set up Id be so fired if my users could either access internet or have GPO's enforced,, heh try running gpresult from the command line of a PC that 'should be a policy client' and see what u get,,, if u don't see any of ur resultant policies then u know nothing has been configured.