RE: Group policy help needed!!!

From: Laura A. Robinson (larobins_at_bellatlantic.net)
Date: 12/10/04

  • Next message: Laura A. Robinson: "RE: Group policy help needed!!!" 
    To: "'Peter Rodger'" <prodger2008@yahoo.com>, <focus-ms@securityfocus.com>
Date: Thu, 9 Dec 2004 20:53:56 -0500

    I'm assuming that the following are true?

    1. You linked the policy to the Servers OU.
    2. The computer settings in the policy are not disabled (bring up the
    properties of the policy itself to check this).
    3. The servers have Read and Apply Group Policy permissions to the policy
    (bring up the properties of the policy and check the security tab- by
    default, Authenticated Users (which includes your servers) should have these
    permissions, but it's something to check.
    4. You're not seeing errors in the event logs on the DCs or on the servers
    in the Servers OU that pertain to Group Policy processing.
    5. You can match the GP configuration GUIDs (in Active Directory)with GP
    template GUIDs (in Sysvol) on each DC, meaning that the policy has
    replicated to all of your DCs.

    If all of these are true, I can provide other ideas, but these should be
    your initial sanity checks.

    Laura

    > -----Original Message-----
    > From: Peter Rodger [mailto:prodger2008@yahoo.com]
    > Sent: Thursday, December 09, 2004 11:16 AM
    > To: focus-ms@securityfocus.com
    > Subject: Group policy help needed!!!
    >
    > Hi, all
    >
    > I pushed out audit policy and event log policy through group
    > policy to all our servers (70). All server in the Servers OU.
    > None of them got policy. I ran secedit many times.
    >
    > Can anyone point me why and the right direction?
    >
    > We are in windows 2K and XP environment.
    >
    > Thanks,
    >
    > Peter
    >
    >
    >
    > __________________________________
    > Do you Yahoo!?
    > Yahoo! Mail - 250MB free storage. Do more. Manage less.
    > http://info.mail.yahoo.com/mail_250
    >
    > --------------------------------------------------------------
    > -------------
    > --------------------------------------------------------------
    > -------------
    >

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Laura A. Robinson: "RE: Group policy help needed!!!"

    Relevant Pages

    • Re: Prevent Domain Users from logging on to specific PCs w/ Group Policies
      ... This user right is defined in the Default Domain Controller Group Policy object and in the local security policy of workstations and servers. ...
      (microsoft.public.windows.server.security)
    • Re: Unable to Block Inheritance on Group Policy
      ... This posting is provided "AS IS" with no warranties, ... have a group policy named Login that is at the user level that maps ... named Servers that I want to block the inheritance of the group ...
      (microsoft.public.windows.server.active_directory)
    • Re: Last logon User [WILDPACKET]
      ... I created on OU called Member Servers and within it I created 2 OUs called ... Applied the policy to the Member Servers OU and the policy seems only ... > instance put the servers in an Organizational Unit with a Group Policy ...
      (microsoft.public.windows.group_policy)
    • Re: Account Lockout threshold
      ... All are window 2000 advanced servers with Service pack 3, ... Domain Contoller Security Policy - Account lockout threshold ...
      (microsoft.public.security)
    • Re: Security templates and IUSR account log on locally
      ... the Enterprise security template for Member Servers breaks IIS6 anon ... the guideline is to apply the member servers baseline policy and then the ... web servers policy. ... You may also want to revisit the download for the W2k3 Security Guide as ...
      (microsoft.public.inetserver.iis.security)