Re: using secpol.msc on win2k3
- From: jerrydy <jerrydy@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 28 Sep 2006 23:38:02 -0700
Per your instructions, I downloaded and installed the Group Policy Management
Console. I went to Group Policy Management -> Forest -> Domains ->
domain.local -> Domain Controllers -> Default Domain Controller Policy ->
Settings -> Computer Configuration -> Window Settings -> Security Settings ->
Local Policies/User Rights Assignment. Right clicked Access this computer
from the network -> Edit. I get the following error:
Failed to open the Group Policy Object. You may not have appropriate rights.
Details: Logon failure: the user has not been granted the requested logon
type at this computer.
Almost the same error as before.
"Roger Abell [MVP]" wrote:
Well, you are really not using the most convenient tool.
Oh, to answer you, on a domain controller you do use an AD based GPO,
not necessarily one of the two default GPOs though.
You should navigate via
www.microsoft.com/gp
to download GPMC and try (right click on to) editing the GPO from there.
"jerrydy" <jerrydy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2C94C88C-40B2-470C-87E2-A483ABB26785@xxxxxxxxxxxxxxxx
I have a domain controller running win2k3. I ran secpol.msc and under
Security Settings -> Local Policies -> User Rights Assignment -> Access
this
computer from the network Properties, I am unable to add any user or
group.
The checkbox for enabling this policy is not visible. I assume because
this
is a domain controller so I'm supposed to use "Domain Controller Security
Policy" tool instead. Can anybody verify that.
Here's the problem that I encounter. When I use Domain Controller Security
Policy, then go to Security Settings -> Local Policies -> User Rights
Assignment -> Access this computer from the network Properties and define
the
policy setting by adding users or groups, I get the error that "An
extended
error has occurred. Failed to save
\\domain.local\sysvol\domain.local\Policies\{...}\Machine\Microsoft\Windows
NT\SecEdit\GptTmpl.inf".
Well, I did try to use Explorer and go to \\domain.local\sysvol and I get
the error "\\domain.local\SYSVOL is not accessible. You might not have
permission to use this network resource...". If instead I use
\\server.domain.local\sysvol, then I'm able to drill down correctly.
Right now, the server has shared folders and none of the clients are able
to
access them. The only thing I remember doing between now and the last time
this was working was I updated the Domain Function Level and the Forest
Functional Level to Windows Server 2003. But I can't rollback so unless I
solve this, none of the clients can do map the shared drives.
Any help would be appreciated! Thanks!
-Jerry
- Follow-Ups:
- Re: using secpol.msc on win2k3
- From: Roger Abell [MVP]
- Re: using secpol.msc on win2k3
- References:
- Re: using secpol.msc on win2k3
- From: Roger Abell [MVP]
- Re: using secpol.msc on win2k3
- Prev by Date: Re: using secpol.msc on win2k3
- Next by Date: Re: Modify Print Permission Level rights
- Previous by thread: Re: using secpol.msc on win2k3
- Next by thread: Re: using secpol.msc on win2k3
- Index(es):
Relevant Pages
|
