Re: WMI missing security settings
- From: "Jeffrey Tan[MSFT]" <jetan@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 24 Apr 2008 11:27:53 +0800
Hi JH,
Thanks for your feedback.
Oh, it seems that our internal support tool missed this reply again.
Yes, I believe the RSoP_x WMI settings will only account for the group
security policy instead of the local policy. Yes, the SECEDIT command-line
tool should be used to modify the Group Policy immediately. See the KB
below:
"Using SECEDIT to Force a Group Policy Refresh Immediately"
http://support.microsoft.com/kb/227302
Thanks.
Best regards,
Jeffrey Tan
Microsoft Online Community Support
=========================================
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx
This posting is provided "AS IS" with no warranties, and confers no rights.
"JH" <jh_ng@xxxxxxxxxxxxxxxx> wrote in message
news:enjT7%23KpIHA.4904@xxxxxxxxxxxxxxxxxxxxxxx
Jeffery,
Thanks for the reply. If I understand you correctly, all RSoP_x WMI
settings do not
consider local settings? If this is the case, secedit should be the right
way of retrieving and
modifying these values? Or are there any other ways of doing this?
The link was also helpful.
"Jeffrey Tan[MSFT]" <jetan@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23qFAX1EpIHA.2208@xxxxxxxxxxxxxxxxxxxxxxx
The statement "this setting is not work on local GPO" in my last mail is
not very exactly. Technically speaking, the items under "Security
Settings"
node in "Local Group Policy Editor" (Run "gpedit.msc") is not a real part
of Local GPO. It's just a combined UI to set "Local Group Policy" and
"Local
Security Settings" together. You can see the different between UI of
setting them in domain GPO and "local GPO". This is the UI for setting
domain GPO
(Please note the "Define this policy setting" check box): (see attached
gp1.jpg)
This is the UI for setting "Local GPO" (It only has 2 states of "Enabled"
and "Disabled" but cannot be "Not configured"): (see attached gp2.jpg)
So that's the reason of security settings are not reflected in RSoP even
you set them in local GPO. The settings are effective, but not belong to
any "Group Policy Object". It's a little complicate. Design as this is
because the local policy and domain group policy are totally different
things in win2k, and we migrate them together in win2k3.
About the different outputs between MMC/WMI/secedit, you can refer to
this KB article: http://support.microsoft.com/kb/257922/en-us
.
- Follow-Ups:
- Re: WMI missing security settings
- From: JH
- Re: WMI missing security settings
- References:
- WMI missing security settings
- From: JH
- RE: WMI missing security settings
- From: "Jeffrey Tan[MSFT]"
- Re: WMI missing security settings
- From: JH
- Re: WMI missing security settings
- From: "Jeffrey Tan[MSFT]"
- Re: WMI missing security settings
- From: JH
- Re: WMI missing security settings
- From: JH
- WMI missing security settings
- Prev by Date: Re: EFS Registry Key Different on Different Machines
- Next by Date: how to get the CA signature from Certificates
- Previous by thread: Re: WMI missing security settings
- Next by thread: Re: WMI missing security settings
- Index(es):
Relevant Pages
|
|
