Windows Server 2008 R2 Thread, Group policies not working? in Technical; Hi,
I'm not sure what's going on but we have group policies that don't seem to be running or we ...
8th October 2012, 04:25 PM #1
- Rep Power
Group policies not working?
I'm not sure what's going on but we have group policies that don't seem to be running or we have people getting around them.
In the college we have restricted what students can do and have blocked access to things liek the control panel, display settings, wallpapers etc. yet we seem to have some students who have their own background and today I saw someone with the control panel open and freely chaging settings.
We had a problem with Halo and Minecraft being played across the networl so I created a hash rule for the game and disabled the running of exe files from USB sticks to put an end to it. Neither worked and we ended up using Impero which stopped it dead!
We are running server 2008R2 and Windows 7 Pro desktops. Is there a way to block these students or are GPO's just a waste of time?
Thanks to brittonc from:
russdev (8th October 2012)
IDG Tech News
8th October 2012, 05:19 PM #2
Policy restrictions work just fine for us. Is a matter of fact, a lot of the workarounds the kids managed to figure out under Windows XP stopped working in 7. Can you post a screen shot of the of the settings tab of your GPO with all the options expanded? RSOP is also a good utility for seeing if the policies are being applied properly on student machines. GPresult as the command line will let you know if they're being filtered as well.
9th October 2012, 01:56 PM #3
- Rep Power
I've attached the screen shots of the GPO's for students. This was created by a 3rd party (Northgate) and I have just made a few small additions or changes as needed but they don't seem to be doing what they are supposed to.
Any advice would be great!
11th October 2012, 03:22 PM #4
Two more things to check on the GPO itself under the scope tab:
- Security Filtering
- WMI Filtering
Make sure both of these are as listed.
One more thing to do is run RSOP to see if the policies are actually applying. You're going to have to find a system that is logged in and having the issues and run RSOP against it. From your own workstation open RSOP.MSC, at the top of the tree in the left side right-click and select change query. From there you can type in the machine name and it'll give you the option to run the query as the user who is logged in. Once it completes you'll be able to drill through all the applied user settings.
11th October 2012, 03:34 PM #5
You can get impero to lock a workstation if the network cable is unplugged (if that's what they're doing) you could allways use Mandatory profiles that should stop this dead.
Thanks to chazzy2501 from:
russdev (11th October 2012)
11th October 2012, 04:58 PM #6
We've had this a little recently - locked down with GPO, then Super Mandatory profiles. Sometimes the kids will log on with Power User (not full admin) rights and no network drives other than their home. Thankfully they've let us know! I suspected it's an issue with the pensionable ages of our two DCs on this domain (7 and 10 years old!) so I have the replacement kit already in, and I've been working on speeding up the existing kit for now. There's nothing in the event logs at all though, so just going on hunches as yet.
14th November 2012, 04:39 PM #7
I just blocked most things from students home folders and just made safe folders within a shared drive if anything needs to be saved which might get flagged by the filters. No need for complex hash rules, just set path rules.
By Kaustubh in forum Windows Server 2000/2003
Last Post: 1st March 2011, 08:53 PM
By DaveP in forum How do you do....it?
Last Post: 30th April 2010, 11:32 AM
By manick in forum Windows
Last Post: 2nd November 2006, 05:19 PM
By edie209 in forum Windows
Last Post: 27th September 2006, 08:48 PM
Last Post: 7th July 2006, 05:19 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)