Re: using secpol.msc on win2k3
- From: jerrydy <jerrydy@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 30 Sep 2006 10:00:01 -0700
Roger,
I did all this while logged on locally as Administrator. A couple more
clues. When I run explorer.exe, I am unable to access \\domain\sys.vol. But
when I change to say \\server.domain\sysvol, it works. Then when I try
\\domain\sysvol again, it works. Once I've done the above, I am able to use
the Domain Controller Security Settings snap in to change the Local Account
Policy and run gpupdate /force without any errors. But once I exit the DCSS
and rerun it, my changes disappear.
Btw, I don't know how to fix the error in DCDIAG below because every time I
change the security policy, the changes disappear when I run the snap in as I
already mentioned.
Here's my netdiag and dcdiag outputs:
......................................
Computer Name: MOSES
DNS Host Name: Moses.spls.local
System info : Microsoft Windows Server 2003 R2 (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 10, GenuineIntel
List of installed hotfixes :
KB833407
KB890046
KB893756
KB896358
KB896424
KB896428
KB898715
KB899587
KB899588
KB899589
KB899591
KB900725
KB901017
KB901214
KB902400
KB904706
KB905414
KB908519
KB908531
KB910437
KB911164
KB911280
KB911562
KB911567
KB911927
KB912919
KB914388
KB914389
KB917159
KB917344
KB917422
KB917537
KB917734
KB917953
KB918439
KB918899
KB920214
KB920670
KB920683
KB920685
KB921398
KB921883
KB922582
KB922616
KB925486
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : Moses
IP Address . . . . . . . . : 192.168.1.250
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.254
Dns Servers. . . . . . . . : 192.168.1.250
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenger Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Adapter : {3E8AA024-2BAA-46AD-8DF2-F967067F3315}
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : Moses
IP Address . . . . . . . . : 192.168.1.19
Subnet Mask. . . . . . . . : 255.255.255.255
Default Gateway. . . . . . :
Dns Servers. . . . . . . . :
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenger Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{CD6F8B76-10AD-4915-BE52-37DEA809877B}
NetBT_Tcpip_{3E8AA024-2BAA-46AD-8DF2-F967067F3315}
2 NetBt transports currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation
Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'192.168.1.250'.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{CD6F8B76-10AD-4915-BE52-37DEA809877B}
NetBT_Tcpip_{3E8AA024-2BAA-46AD-8DF2-F967067F3315}
The redir is bound to 2 NetBt transports.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{CD6F8B76-10AD-4915-BE52-37DEA809877B}
NetBT_Tcpip_{3E8AA024-2BAA-46AD-8DF2-F967067F3315}
The browser is bound to 2 NetBt transports.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
===== DCDIAG
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\MOSES
Starting test: Connectivity
......................... MOSES passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\MOSES
Starting test: Replications
......................... MOSES passed test Replications
Starting test: NCSecDesc
......................... MOSES passed test NCSecDesc
Starting test: NetLogons
* Warning BUILTIN\Administrators did not have the "Access this
computer
* from network" right.
[MOSES] An net use or LsaPolicy operation failed with error 1,
Incorrect function..
......................... MOSES failed test NetLogons
Starting test: Advertising
......................... MOSES passed test Advertising
Starting test: KnowsOfRoleHolders
......................... MOSES passed test KnowsOfRoleHolders
Starting test: RidManager
......................... MOSES passed test RidManager
Starting test: MachineAccount
......................... MOSES passed test MachineAccount
Starting test: Services
......................... MOSES passed test Services
Starting test: ObjectsReplicated
......................... MOSES passed test ObjectsReplicated
Starting test: frssysvol
......................... MOSES passed test frssysvol
Starting test: frsevent
......................... MOSES passed test frsevent
Starting test: kccevent
......................... MOSES passed test kccevent
Starting test: systemlog
......................... MOSES passed test systemlog
Starting test: VerifyReferences
......................... MOSES passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : spls
Starting test: CrossRefValidation
......................... spls passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... spls passed test CheckSDRefDom
Running enterprise tests on : spls.local
Starting test: Intersite
......................... spls.local passed test Intersite
Starting test: FsmoCheck
......................... spls.local passed test FsmoCheck
Here's
"Roger Abell [MVP]" wrote:
If we believe the message you are getting, then you probably need.
to try logging into the DC locally upon which the edit tool is focused
(PDC FSMO if at default) or if you are on a DC when this happens
then setting the tool focus to the DC you are on.. I assume that you
are trying this with a Domain Admins member.
If you are trying this while on a non-DC then follow above so the
edit will be local, not using network login rights.
If none of the above applies, we would need some prelim assessment
from such as netdiag and dcdiag.
- References:
- Re: using secpol.msc on win2k3
- From: Roger Abell [MVP]
- Re: using secpol.msc on win2k3
- From: jerrydy
- Re: using secpol.msc on win2k3
- From: Roger Abell [MVP]
- Re: using secpol.msc on win2k3
- Prev by Date: Cookie Prompts
- Next by Date: Re: Cookie Prompts
- Previous by thread: Re: using secpol.msc on win2k3
- Next by thread: Re: Modify Print Permission Level rights
- Index(es):
Relevant Pages
|
