Can someone help me. I created a new policy recently to give some students access to the local drive, as I'd hidden the 'my computer icon' from the desktop. But when I edited the new policy I noticed that many policies that were in a previous policy I created aren't even showing up in the new policy. Including the option to enable/disable the 'my computer' icon from the desktop. Here's what I did: Start > Programs > Administrative Tools > Active Directory Users and Computers. In my domain I have a OU(Organizational Unit) called Students. I right clicked on that and chose properties. From there I selected the Group Policy Tab and then clicked 'new' to create a new policy which I called Student Policy. I clicked edit to edit my Student Policy and it opened up a console with all the settings that I could change. Under User Settings > Administrative Templates > Desktop. There are two settings 'Remove My Computer Icon from Desktop' and 'Remove Recycle Bin Icon from Desktop'. Now when I created another OU called Local Drive Access and created a new Group Policy called 'local access'. I clicked edit on the local access policy and went back to User Settings > Administrative Templates > Desktop. But to my suprise the 'Remove My Computer Icon from Desktop' and 'Remove Recycle Bin Icon from Desktop' weren't there. So my Student Policy has these two settings f but no other policy I create has them listed. What has happened?

Hello Alan, Complicated situation!!! It's look like your one policy is preventing you from doing what you want to do Remember!! Domain policy overrides Ou policy or could be even site policy. Since icons weren't there Student Ou overriding Local Access Ou.If you dont want that enable Block inheritance option on Local Access Ou. I hope it works. Ps: When you created the Gpo, who did you logged in as...

Thanks for the quick reply. I the default domain GPO isn't configured so it can't be that. And I had Block Inheritance enabled on the Local Drive Access OU but that didn't have any effect. I'm logged onto the server machine as Administrator if thats any help. The strange thing is though only my Student Policy GPO has the options available for removing My Computer from the Desktop. e.g When I edit my Student Policy: On the left column I see the tree looking like this: +Computer Configuration -User Configuration + Software Settings + Windows Settings - Administrative Templates + Windows Components Start Menu and Taskbar - Desktop Active Desktop Active Directory + Control Panel Shared Folders + Network + System and on the Right I have the contents of the desktop folder which looks like this: P----Setting Active Desktop Active Directory Hide&Disable all Desktop Icons -- Disabled Remove My Documents Icon -------- Disabled Remove My Computer Icon --------- Enabled Remove Recycle Bin Icon --------- Disabled Remove Properties from My Doc --- Enabled etc etc.... Now lets say I create a new Policy or view another one besides Student Policy, if I browse to the Desktop folder I only see this: Po----Setting Active Desktop Active Directory Hide&Disable all Desktop Icons - NotConfig Remove My Documents Icon ------- NotConfig Remove Properties from My Doc -- NotConfig etc etc.... As you can see the Remove 'My Computer Icon' and 'Remove Recycle Bin' policies have completely disappeared from the list. So why does my student polices GPO have these polices but no other GPO I have or create.

Q: Is there anybody using same domain with admin accounts? Q:Is ur domain connected to site or is it a child domain? A:Somehow someone or Dif. Gpo is overriding yours.

A couple comments and a few questions. First of all Addictive, domain policies do not overwrite OU Policies. The order of application for OUs is local policies first, then Site, Domain and OU policies. The OU policy settings will 'win' if there is a conflict with policies applied before it. This assumes no No Override or Blocking options are set. Alan, how are you looking at and setting up these policies? Are you using an XP client machine to connect to the w2k machine? The reason I ask is that if you are using an XP machine with the XP Admin Pak, you will see the options you describe. They are not available in Win2k. XP and Windows 2003 have additional policy settings that are not available in w2k. Just a thought.

My Apologies... Thanx 4 the correction. Got confused with password and account policies. Has been a long time, not played with AD. Still no answer to problem tho.. Like to know how one gpo is in effect but not the others,which currently exist or newly created. Addictive