RE: Group policy help needed!!!

From: Naranjo Mateos, Alfonso Pascual (AlfonsoP.Naranjo_at_getronics.com)
Date: 12/15/04

  • Next message: Burak Bayoglu: "RE: services running in windows domain (winXP clients)" 
    Date: Wed, 15 Dec 2004 11:06:48 +0100
To: "Ken Hoover" <ken.hoover@yale.edu>, "Peter Rodger" <prodger2008@yahoo.com>

            Is there any firewall between servers and dc´s? What the event viewer says? Are they all the ports opened between (you can check meanwhile you execute the secedit command with a "netstat -a 2" to check if any port is blocked or SYN_SENT)?
            gl

    -----Original Message-----
    From: Ken Hoover [mailto:ken.hoover@yale.edu]
    Sent: martes, 14 de diciembre de 2004 21:39
    To: Peter Rodger
    Cc: focus-ms@securityfocus.com
    Subject: Re: Group policy help needed!!!

       Make sure that the clients can successfully ping a domain controller because the clients will do this as a test to verify connectivity before attempting to update group policy. If the ping fails for any reason (even though other traffic flows freely) then group policy will not be updated on the client.

       We discovered this after we tried blocking ICMP ping last year.

                                                    - Ken Hoover

    Peter Rodger wrote:
    > Hi, all
    >
    > I pushed out audit policy and event log policy through group policy to
    > all our servers (70). All server in the Servers OU.
    > None of them got policy. I ran secedit many times.
    >
    > Can anyone point me why and the right direction?
    >
    > We are in windows 2K and XP environment.
    >
    > Thanks,
    >
    > Peter
    >
    > 

    --
Kenneth J. Hoover
Systems Programmer
Yale University ITS AM&T x2-1260
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
  • Next message: Burak Bayoglu: "RE: services running in windows domain (winXP clients)"

    Relevant Pages

    • Re: Prevent Domain Users from logging on to specific PCs w/ Group Policies
      ... This user right is defined in the Default Domain Controller Group Policy object and in the local security policy of workstations and servers. ...
      (microsoft.public.windows.server.security)
    • Re: Intermittant GPO failure to apply
      ... If you have backup your group policy before, you can restore it from the ... 244474 How to force Kerberos to use TCP instead of UDP in Windows Server ... Microsoft CSS Online Newsgroup Support ...
      (microsoft.public.windows.server.sbs)
    • Re: Set GPO for specific user group
      ... Click on the domain name in Group Policy Management, select the GPO and then click the arrow to the left to move it to the top of the list ... Filtering: Denied ...
      (microsoft.public.windows.server.sbs)
    • RE: Remote Assistance not working
      ... I have tried these settings you recommend with no results. ... I have yet to get the offer remote assistance to work when launched from the ... The Group Policy on the computer of the novice user must be configured ... Start the Microsoft Management Console Group Policy snap-in. ...
      (microsoft.public.windows.server.sbs)
    • RE: Group Policy Connundrum - Stick with it, its confusing!!!
      ... Group Policy Connundrum - Stick with it, ... Small Business Server Internet Connection Firewall ... Import the current Content Ratings Settings: ...
      (Security-Basics)