Re: Machine policy when user logged onto local machine
From: Steven L Umbach (sumbach@ameritech.net)
Date: 03/29/03
- Next message: Martin: "Re: Assign Domain Security Policy/Manage remote computer"
- Previous message: Kyle Lai: "Re: Deloder worm has resurfaced. Watch your privacy!"
- In reply to: Martin: "Re: Machine policy when user logged onto local machine"
- Next in thread: Martin: "Re: Machine policy when user logged onto local machine"
- Reply: Martin: "Re: Machine policy when user logged onto local machine"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Steven L Umbach" <sumbach@ameritech.net> Date: Sat, 29 Mar 2003 18:27:29 GMT
Hi Martin. As I mentioned in another post to you, I would use dcdiag
and netdiag to make sure dc and workstations are set up correctly. The
domain policy should propagate to domain computers unless they are located
in an OU that has an overriding policy. If you check local security policy
on a client machine, you should see local settings and effective settings
for user rights and security options. If effective settings are different
than local settings then policies from the domain are propagating assuming
you have made any changes. Changes to domain policy will not be reflected
immediately in client computers. Many changes can take up to two hours to
show up. After making a change on a dc run [secedit /refreshpolicy
machine_policy /enforce] on the dc. Wait a minute or so and reboot domain
client. Group policies not propagating can be a result of physical network
problems, firewalls, dns misconfiguration, breakdown in secure channel,
incompatable security options , problems with sysvol on dc, and other issues
of course. --- Steve
"Martin" <x@y.z> wrote in message
news:OR3hVNh9CHA.2040@TK2MSFTNGP10.phx.gbl...
> That's what I thought, but I seen no sign of the IPSec policy having been
> applied. I get no warning when I open the IPSec policies on the local
> computer that the domain IPSec policy will override it. - Any ideas why
that
> would be?
>
> Thanks
> Martin
>
> "Steven L Umbach" <sumbach@ameritech.net> wrote in message
> news:Njjha.283$kd1.372334@newssrv26.news.prodigy.com...
> > Yes it will. Machine policy is applied before you even log
n. ---
> > Steve
> >
> > "Martin" <x@y.z> wrote in message
> > news:OW2Phof9CHA.1612@TK2MSFTNGP11.phx.gbl...
> > > Hi,
> > >
> > > I know there are computer based policies and user based policies.
> > > I have an domain security IPSec policy, which I presume will work it's
> way
> > > down to a computer based policy rather than a user based policy.
> > >
> > > My question is, if I log onto a computer that is in the domain, but I
> log
> > > onto it locally - ie. I don't log onto the domain, will that computer
> > still
> > > get computer based policies applied? Specifically should by domain
> > security
> > > IPSec policy apply - I see know sign that it is.
> > >
> > > Thanks
> > > Martin
> > >
> > >
> >
> >
>
>
- Next message: Martin: "Re: Assign Domain Security Policy/Manage remote computer"
- Previous message: Kyle Lai: "Re: Deloder worm has resurfaced. Watch your privacy!"
- In reply to: Martin: "Re: Machine policy when user logged onto local machine"
- Next in thread: Martin: "Re: Machine policy when user logged onto local machine"
- Reply: Martin: "Re: Machine policy when user logged onto local machine"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
