Re: Machine policy when user logged onto local machine

From: Martin (x@y.z)
Date: 03/29/03 

From: "Martin" <x@y.z>
Date: Sat, 29 Mar 2003 19:01:34 -0000

No joy :-(

I set Audit Logon Events policy, and re-opened the Local GPO. I still don't
see an effective setting column - just a security setting column.

Re the other thread, I get a DC list test failure when I run netdiag on the
client. Do you think that's what's stuffing me?

Cheers
Martin

"Steven L Umbach" <sumbach@ameritech.net> wrote in message
news:kJmha.499$kd1.425394@newssrv26.news.prodigy.com...
> No because the machine is still a member of the domain no matter if
> you log into the domain or local machine. If you can not see effective
> settings, then it sounds like domain policy has never propagated to the
> client. Try to change a setting on the local machine policy and do a
> refresh. I have found out that sometimes gets things happening. --- Steve
>
> "Martin" <x@y.z> wrote in message
> news:#ZGs24h9CHA.824@TK2MSFTNGP11.phx.gbl...
> > Hi again Steve,
> >
> > Interesting point about effective settings. I cannot see these
anywhere.
> > NB most of the time I'm logged in on a local machine account, not a
domain
> > account, would that account for no effective settings column?
> >
> > Thanks for the info on re secedit /refreshpolicy machine_policy
/enforce.
> I
> > had just been rebooting the client to force it to take the new policy.
> I'm
> > still learning the Active Directory ropes.
> >
> > I've disabled the security policy for the moment until I've got a better
> > understanding of the other issues involved. I want to be able to logon
to
> > the client locally without getting event log errors.
> >
> > Thanks again
> > Martin
> >
> >
> > "Steven L Umbach" <sumbach@ameritech.net> wrote in message
> > news:lAlha.475$kd1.407558@newssrv26.news.prodigy.com...
> > > Hi Martin. As I mentioned in another post to you, I would use
> > dcdiag
> > > and netdiag to make sure dc and workstations are set up correctly. The
> > > domain policy should propagate to domain computers unless they are
> located
> > > in an OU that has an overriding policy. If you check local security
> > policy
> > > on a client machine, you should see local settings and effective
> settings
> > > for user rights and security options. If effective settings are
> different
> > > than local settings then policies from the domain are propagating
> assuming
> > > you have made any changes. Changes to domain policy will not be
> reflected
> > > immediately in client computers. Many changes can take up to two hours
> to
> > > show up. After making a change on a dc run [secedit /refreshpolicy
> > > machine_policy /enforce] on the dc. Wait a minute or so and reboot
> domain
> > > client. Group policies not propagating can be a result of physical
> network
> > > problems, firewalls, dns misconfiguration, breakdown in secure
channel,
> > > incompatable security options , problems with sysvol on dc, and other
> > issues
> > > of course. --- Steve
> > >
> > > "Martin" <x@y.z> wrote in message
> > > news:OR3hVNh9CHA.2040@TK2MSFTNGP10.phx.gbl...
> > > > That's what I thought, but I seen no sign of the IPSec policy having
> > been
> > > > applied. I get no warning when I open the IPSec policies on the
local
> > > > computer that the domain IPSec policy will override it. - Any ideas
> why
> > > that
> > > > would be?
> > > >
> > > > Thanks
> > > > Martin
> > > >
> > > > "Steven L Umbach" <sumbach@ameritech.net> wrote in message
> > > > news:Njjha.283$kd1.372334@newssrv26.news.prodigy.com...
> > > > > Yes it will. Machine policy is applied before you even log
> > > n. ---
> > > > > Steve
> > > > >
> > > > > "Martin" <x@y.z> wrote in message
> > > > > news:OW2Phof9CHA.1612@TK2MSFTNGP11.phx.gbl...
> > > > > > Hi,
> > > > > >
> > > > > > I know there are computer based policies and user based
policies.
> > > > > > I have an domain security IPSec policy, which I presume will
work
> > it's
> > > > way
> > > > > > down to a computer based policy rather than a user based policy.
> > > > > >
> > > > > > My question is, if I log onto a computer that is in the domain,
> but
> > I
> > > > log
> > > > > > onto it locally - ie. I don't log onto the domain, will that
> > computer
> > > > > still
> > > > > > get computer based policies applied? Specifically should by
domain
> > > > > security
> > > > > > IPSec policy apply - I see know sign that it is.
> > > > > >
> > > > > > Thanks
> > > > > > Martin
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Local Security Policy problem
    ... There is no more column for effective settings like in W2K. ... the setting description will look different [like a couple grey computers] if there ... is a higher level policy overriding the local policy. ...
    (microsoft.public.security)
  • Re: Password Policy - Effective Settings
    ... For domain users you can only configure password policy at the domain level. ... You can however configure different settings to a domain computer and it ... Then run the netdiag support tool on the problem server to make sure it is ... > Local Settings and Effective Settings are different. ...
    (microsoft.public.win2000.security)
  • Re: GPO Replication to DMZ
    ... The OU configured settings will override domain settings ... and become Local Security Policy effective settings except for password/account ... > state that the local policy object will only become ...
    (microsoft.public.win2000.security)
  • Re: scripted logon
    ... Why can't you launch all the scripts from a Group Policy based Logon script. ... Here's the policy settings (I sure hope word wrap doesn't mess it up too ... Windows Components/Windows Installer ...
    (microsoft.public.windows.terminal_services)
  • Re: GPO Update Problem (SYSVOL access via UNC)
    ... Server Security and Auditing Policy ... This list only includes links in the domain of the GPO. ... The settings in this GPO can only apply to the following groups, users, ...
    (microsoft.public.win2000.group_policy)