RE: Group policy help needed!!!
From: Rob McShinsky (Rob_at_McShinsky.com)
Date: 12/14/04
- Previous message: Jordan Wiseman: "RE: iisadmpwd/UPN"
- In reply to: Burak Bayoglu: "RE: Group policy help needed!!!"
- Next in thread: Ken Hoover: "Re: Group policy help needed!!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <bayoglu@uekae.tubitak.gov.tr>, <laurarobinson@verizon.net>, "'Peter Rodger'" <prodger2008@yahoo.com>, <focus-ms@securityfocus.com> Date: Tue, 14 Dec 2004 15:52:22 -0500
Some simple gotchas with Application of GPO's
1. Make sure an administrator other than your self did not setup a deny
group. True if you setup a policy to apply to all systems within an OU, the
should get it, but if there is a group of servers within the OU you are
applying to that you want to not get the server, common practice is to put
these into a group and deny apply policy to them.
2. Sorry if this is too simple, but I have had this happen before. You
apply the policy to Authenticated Users instead of Domain Computers or to
the specific group of computer objects.
-----Original Message-----
From: Burak Bayoglu [mailto:bayoglu@uekae.tubitak.gov.tr]
Sent: Friday, December 10, 2004 5:46 AM
To: laurarobinson@verizon.net; 'Peter Rodger'; focus-ms@securityfocus.com
Subject: RE: Group policy help needed!!!
It is *technically* true that any server in the corresponding OU should
receive the group policy but I saw many many examples where some group
policy settings are not successfully applied *for some reason* altough it
should. It is certain that if everything is OK group policy is successfully
applied to all servers but it may be interrupted by a plenty of technical
reasons that we mostly meet in large enterprise systems.( replication
problems, time synchronzation, DNS problems, connectivity etc.) As Laura
says, " Any server that is **supposed** to receive a policy should receive
the policy.". Unfortunately we can only
**suppose** that all the servers will apply the policy in the time interval
we expect in a large and distributed domain.
B.B.
-----Original Message-----
From: Laura A. Robinson [mailto:laurarobinson@verizon.net]
Sent: Friday, December 10, 2004 5:21 AM
To: bayoglu@uekae.tubitak.gov.tr; 'Peter Rodger'; focus-ms@securityfocus.com
Subject: RE: Group policy help needed!!!
> It is an expected result that not all the servers in the
> domain successfully apply the policy in a w2k active
> directory domain.
No, it isn't. Any server that is supposed to receive a policy
*should* receive the policy.
Laura
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Jordan Wiseman: "RE: iisadmpwd/UPN"
- In reply to: Burak Bayoglu: "RE: Group policy help needed!!!"
- Next in thread: Ken Hoover: "Re: Group policy help needed!!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
