I have a multi-site domain running mixed 2003/2008 servers. My domain is configured for 2003.
I have a No Internet policy that the old consultants used to use for terminal server users. I'm trying to apply this policy to OU Acme/OT Altegra containing a small group of User Objects that need to have IE redirect all traffic to 127.0.0.1. This is a simple method of keeping factory workers from browsing the web on Gauge machines so I'm not looking for anything fancy here.
When I apply my GPO to the OU containing my objects I get all the GPO's above the container but not the one linked to it. Group Policy shows that the GPO is linked, enabled, enforced and getting the highest priority. No matter what I do or look up in books or online I can't figure out why it's not inheriting when it seems to be so simple.
This is the output from a gpreult/R after rebooting the computer.
RSOP data for <domain name>\ot-altegra09 on OT-ALTEGRANEW : Logging Mode
-------------------------------------------------------------------
OS Version: 6.1.7601
Site Name: N/A
Roaming Profile: N/A
Local Profile: C:\Users\ot-altegra09
Connected over a slow link?: No
USER SETTINGS
--------------
CN=OT Altegra 09,OU=OT-Altegra,OU=Acme_Users,DC=<domain name>,DC=local
Last time Group Policy was applied: 3/6/2013 at 2:50:27 PM
Group Policy was applied from: server.<domain name>
Group Policy slow link threshold: 500 kbps
Domain Name: <domain name>
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
<domain name>_Remote <- I don't see any reason why
No Internet would get skipped here.
Default Domain Policy
-------------------------------------------------------------------
Test
Filtering: Not Applied (Empty)
Filtering: Not Applied (Empty)
The user is a part of the following security groups
---------------------------------------------------
Domain Users
Everyone
Remote Desktop Users
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
OT Altegra Users
Medium Mandatory Level
This is a screenshot covering my layout for my GPO. As far as I see it this new one and the test are configured the same way as the other ones. **NOTE the pic below is a screenshot of my AD layout on the left, compared to the GPO layout on the
right. The users in the middle are the ones in the container. I even tried putting the computer accounts in OT-Altegra with no change.