Re: using secpol.msc on win2k3
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Fri, 29 Sep 2006 08:19:08 -0700
If we believe the message you are getting, then you probably need
to try logging into the DC locally upon which the edit tool is focused
(PDC FSMO if at default) or if you are on a DC when this happens
then setting the tool focus to the DC you are on.. I assume that you
are trying this with a Domain Admins member.
If you are trying this while on a non-DC then follow above so the
edit will be local, not using network login rights.
If none of the above applies, we would need some prelim assessment
from such as netdiag and dcdiag.
"jerrydy" <jerrydy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9F33AAD1-7683-4057-9AA2-466D34BE0350@xxxxxxxxxxxxxxxx
Per your instructions, I downloaded and installed the Group Policy
Management
Console. I went to Group Policy Management -> Forest -> Domains ->
domain.local -> Domain Controllers -> Default Domain Controller Policy ->
Settings -> Computer Configuration -> Window Settings -> Security
Settings ->
Local Policies/User Rights Assignment. Right clicked Access this computer
from the network -> Edit. I get the following error:
Failed to open the Group Policy Object. You may not have appropriate
rights.
Details: Logon failure: the user has not been granted the requested logon
type at this computer.
Almost the same error as before.
"Roger Abell [MVP]" wrote:
Well, you are really not using the most convenient tool
Oh, to answer you, on a domain controller you do use an AD based GPO,
not necessarily one of the two default GPOs though.
You should navigate via
www.microsoft.com/gp
to download GPMC and try (right click on to) editing the GPO from there.
"jerrydy" <jerrydy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2C94C88C-40B2-470C-87E2-A483ABB26785@xxxxxxxxxxxxxxxx
I have a domain controller running win2k3. I ran secpol.msc and under
Security Settings -> Local Policies -> User Rights Assignment -> Access
this
computer from the network Properties, I am unable to add any user or
group.
The checkbox for enabling this policy is not visible. I assume because
this
is a domain controller so I'm supposed to use "Domain Controller
Security
Policy" tool instead. Can anybody verify that.
Here's the problem that I encounter. When I use Domain Controller
Security
Policy, then go to Security Settings -> Local Policies -> User Rights
Assignment -> Access this computer from the network Properties and
define
the
policy setting by adding users or groups, I get the error that "An
extended
error has occurred. Failed to save
\\domain.local\sysvol\domain.local\Policies\{...}\Machine\Microsoft\Windows
NT\SecEdit\GptTmpl.inf".
Well, I did try to use Explorer and go to \\domain.local\sysvol and I
get
the error "\\domain.local\SYSVOL is not accessible. You might not have
permission to use this network resource...". If instead I use
\\server.domain.local\sysvol, then I'm able to drill down correctly.
Right now, the server has shared folders and none of the clients are
able
to
access them. The only thing I remember doing between now and the last
time
this was working was I updated the Domain Function Level and the Forest
Functional Level to Windows Server 2003. But I can't rollback so unless
I
solve this, none of the clients can do map the shared drives.
Any help would be appreciated! Thanks!
-Jerry
.
- Follow-Ups:
- Re: using secpol.msc on win2k3
- From: jerrydy
- Re: using secpol.msc on win2k3
- References:
- Re: using secpol.msc on win2k3
- From: Roger Abell [MVP]
- Re: using secpol.msc on win2k3
- From: jerrydy
- Re: using secpol.msc on win2k3
- Prev by Date: Re: Legitimate Updates?
- Next by Date: Re: Legitimate Updates?
- Previous by thread: Re: using secpol.msc on win2k3
- Next by thread: Re: using secpol.msc on win2k3
- Index(es):
Relevant Pages
|
