This article was previously published under Q246108
This article has been archived. It is offered "as is" and will no longer be updated.
A client computer running Windows 2000 may not apply group policies that are assigned to it at the site, domain, or organizational unit (OU) level.
This behavior can occur if a DNS server address is not correctly configured in the client computer's Internet Protocol (IP) properties.
To resolve this issue:
Right-click My Network Places, and then click Properties.
Right-click Local Area Connection, and then click Properties.
Double-click Internet Protocol (TCP/IP).
ClickUse the following DNS server addresses, and then type the correct DNS server address or addresses.
NOTE: If you do not have permission to adjust this setting, an administrator needs to correct the setting or verify the Dynamic Host Configuration Protocol (DHCP) scope that is granting the DNS server addresses. An administrator should verify that the DHCP scope contains the correct DNS server address or addresses.
This behavior is by design.
You can use Gpresult.exe (a tool included in the Microsoft Windows 2000 Resource Kit) to troubleshoot group policy issues. If you run this tool from a command line at the client computer for a user who does not receive the computer's policies, look for entries similar to the following example:
The user is a member of the following security groups: LookupAccountSid failed with 1789 \Everyone Builtin\Users
LookupAccountSid failed with 1789 LookupAccountSid failed with 1789 \LOCAL NTAuthority\Interactive NT Authority\Authenticated Users