in my AD in test OU there are 2 restricted groups Administrators (mydomain\domain admins + localadmin) Power users (mydomain\domain users) John is a member of Domain users group before moving John's computer to this test OU John was a member of local admins group on this local machine and have some profile with some settings. after moving John's computer to this test OU and after rebooting of his computer John can see just clear new profile. John try to change some settings in profile, but after next logon he can see clear profile without any settings again. after removing John's comp from this test OU and including john's account in local admin group John can see his old profile again this error i can see only on computers with fat32 system drive (windows 2000 and windows xp) in my oponion, Jonh after logon gets GUEST rights, but a can't explain this... help me please to slove this problem
Is John's computer have the latest service packs applied? (Windows 2000 is at SP4 or Windows XP is at SP2) The reason that I ask is that there are some issues using a Restricted Groups GPO when the client workstation doesn't have the latest service pack applied.
critical situiation with security updates (some computers have win2000+sp2!!!) was the first reason to apply this policy (restricted groups), because all of my users have admin rights on their computers. so, latest SP's are not applied on most of my computers. and i think, that WSUS deployment must be the first step before applying restricted groups.. but i'm afraid that my users can decline all update notifications