Re: Machine policy when user logged onto local machine

From: Martin (x@y.z)
Date: 03/29/03

• Next message: Martin: "Re: Assign Domain Security Policy/Manage remote computer"
• Previous message: Frank: "I can't Log On to Windows (w2k pro login)"
• In reply to: Steven L Umbach: "Re: Machine policy when user logged onto local machine"
• Next in thread: Steven L Umbach: "Re: Machine policy when user logged onto local machine"
• Reply: Steven L Umbach: "Re: Machine policy when user logged onto local machine"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Martin" <x@y.z>
Date: Sat, 29 Mar 2003 18:08:30 -0000

Hi again Steve,

Interesting point about effective settings. I cannot see these anywhere.
NB most of the time I'm logged in on a local machine account, not a domain
account, would that account for no effective settings column?

Thanks for the info on re secedit /refreshpolicy machine_policy /enforce. I
had just been rebooting the client to force it to take the new policy. I'm
still learning the Active Directory ropes.

I've disabled the security policy for the moment until I've got a better
understanding of the other issues involved. I want to be able to logon to
the client locally without getting event log errors.

Thanks again
Martin

"Steven L Umbach" <sumbach@ameritech.net> wrote in message
news:lAlha.475$kd1.407558@newssrv26.news.prodigy.com...
> Hi Martin. As I mentioned in another post to you, I would use
dcdiag
> and netdiag to make sure dc and workstations are set up correctly. The
> domain policy should propagate to domain computers unless they are located
> in an OU that has an overriding policy. If you check local security
policy
> on a client machine, you should see local settings and effective settings
> for user rights and security options. If effective settings are different
> than local settings then policies from the domain are propagating assuming
> you have made any changes. Changes to domain policy will not be reflected
> immediately in client computers. Many changes can take up to two hours to
> show up. After making a change on a dc run [secedit /refreshpolicy
> machine_policy /enforce] on the dc. Wait a minute or so and reboot domain
> client. Group policies not propagating can be a result of physical network
> problems, firewalls, dns misconfiguration, breakdown in secure channel,
> incompatable security options , problems with sysvol on dc, and other
issues
> of course. --- Steve
>
> "Martin" <x@y.z> wrote in message
> news:OR3hVNh9CHA.2040@TK2MSFTNGP10.phx.gbl...
> > That's what I thought, but I seen no sign of the IPSec policy having
been
> > applied. I get no warning when I open the IPSec policies on the local
> > computer that the domain IPSec policy will override it. - Any ideas why
> that
> > would be?
> >
> > Thanks
> > Martin
> >
> > "Steven L Umbach" <sumbach@ameritech.net> wrote in message
> > news:Njjha.283$kd1.372334@newssrv26.news.prodigy.com...
> > > Yes it will. Machine policy is applied before you even log
> n. ---
> > > Steve
> > >
> > > "Martin" <x@y.z> wrote in message
> > > news:OW2Phof9CHA.1612@TK2MSFTNGP11.phx.gbl...
> > > > Hi,
> > > >
> > > > I know there are computer based policies and user based policies.
> > > > I have an domain security IPSec policy, which I presume will work
it's
> > way
> > > > down to a computer based policy rather than a user based policy.
> > > >
> > > > My question is, if I log onto a computer that is in the domain, but
I
> > log
> > > > onto it locally - ie. I don't log onto the domain, will that
computer
> > > still
> > > > get computer based policies applied? Specifically should by domain
> > > security
> > > > IPSec policy apply - I see know sign that it is.
> > > >
> > > > Thanks
> > > > Martin
> > > >
> > > >
> > >
> > >
> >
> >
>
>

• Next message: Martin: "Re: Assign Domain Security Policy/Manage remote computer"
• Previous message: Frank: "I can't Log On to Windows (w2k pro login)"
• In reply to: Steven L Umbach: "Re: Machine policy when user logged onto local machine"
• Next in thread: Steven L Umbach: "Re: Machine policy when user logged onto local machine"
• Reply: Steven L Umbach: "Re: Machine policy when user logged onto local machine"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: GPO causing client security logs to fill? ... a virus in play. ... settings to be applied on your client workstations. ... Group Policy is a complex and often misunderstood beast. ... I modified the account ... (microsoft.public.windows.server.sbs) Re: GPO causing client security logs to fill? ... Unlink the Default Domain Controller Policy (As it was not previously ... settings to be applied on your client workstations. ... I modified the account ... So basically, the Account lockout threshold, account lockout ... (microsoft.public.windows.server.sbs) Re: GPO causing client security logs to fill? ... Possibly delete the Default Domoan Controller Policy (As it did not ... issues as it was about recoverying from a virus which appears to ... with client logon failures. ... I modified the account ... (microsoft.public.windows.server.sbs) Re: Win2K - Account Lockout Policy ... A W2K client should be able to view the local security policy. ... settings for the policy should come down from the domain controller. ... >> that the account get locked out after 1 incorrect attempt, ... (comp.os.ms-windows.nt.admin.security) Re: Win2K - Account Lockout Policy ... A W2K client should be able to view the local security policy. ... settings for the policy should come down from the domain controller. ... >> that the account get locked out after 1 incorrect attempt, ... (microsoft.public.win2000.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint