Re: Machine policy when user logged onto local machine
From: Steven L Umbach (sumbach@ameritech.net)
Date: 03/29/03
- Next message: Martin: "Re: Assign Domain Security Policy/Manage remote computer"
- Previous message: Karl Levinson [x y] mvp: "Re: Can't logon to own computer"
- In reply to: Martin: "Re: Machine policy when user logged onto local machine"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Steven L Umbach" <sumbach@ameritech.net> Date: Sat, 29 Mar 2003 20:40:51 GMT
Could be, I have not experienced that. Try search for "dc list failure"
on Google or Microsoft/Technet for more info. I would also check dns zone to
see if client is regisrered there with correct ip address/host name mapping.
Be sure your dns zone is set to do dynamic updates (do not use secure only,
until problem is resolved). It might be worth a try to disjoin compter from
domain, delete it in Active Directory Users and Computers, and then rejoin
domain. That procedure if successful should apply domain policies to the
client machine. --- Steve
"Martin" <x@y.z> wrote in message
news:uG53fWi9CHA.1604@TK2MSFTNGP10.phx.gbl...
> No joy :-(
>
> I set Audit Logon Events policy, and re-opened the Local GPO. I still
don't
> see an effective setting column - just a security setting column.
>
> Re the other thread, I get a DC list test failure when I run netdiag on
the
> client. Do you think that's what's stuffing me?
>
> Cheers
> Martin
>
> "Steven L Umbach" <sumbach@ameritech.net> wrote in message
> news:kJmha.499$kd1.425394@newssrv26.news.prodigy.com...
> > No because the machine is still a member of the domain no matter
if
> > you log into the domain or local machine. If you can not see effective
> > settings, then it sounds like domain policy has never propagated to the
> > client. Try to change a setting on the local machine policy and do a
> > refresh. I have found out that sometimes gets things happening. ---
Steve
> >
> > "Martin" <x@y.z> wrote in message
> > news:#ZGs24h9CHA.824@TK2MSFTNGP11.phx.gbl...
> > > Hi again Steve,
> > >
> > > Interesting point about effective settings. I cannot see these
> anywhere.
> > > NB most of the time I'm logged in on a local machine account, not a
> domain
> > > account, would that account for no effective settings column?
> > >
> > > Thanks for the info on re secedit /refreshpolicy machine_policy
> /enforce.
> > I
> > > had just been rebooting the client to force it to take the new policy.
> > I'm
> > > still learning the Active Directory ropes.
> > >
> > > I've disabled the security policy for the moment until I've got a
better
> > > understanding of the other issues involved. I want to be able to logon
> to
> > > the client locally without getting event log errors.
> > >
> > > Thanks again
> > > Martin
> > >
> > >
> > > "Steven L Umbach" <sumbach@ameritech.net> wrote in message
> > > news:lAlha.475$kd1.407558@newssrv26.news.prodigy.com...
> > > > Hi Martin. As I mentioned in another post to you, I would use
> > > dcdiag
> > > > and netdiag to make sure dc and workstations are set up correctly.
The
> > > > domain policy should propagate to domain computers unless they are
> > located
> > > > in an OU that has an overriding policy. If you check local security
> > > policy
> > > > on a client machine, you should see local settings and effective
> > settings
> > > > for user rights and security options. If effective settings are
> > different
> > > > than local settings then policies from the domain are propagating
> > assuming
> > > > you have made any changes. Changes to domain policy will not be
> > reflected
> > > > immediately in client computers. Many changes can take up to two
hours
> > to
> > > > show up. After making a change on a dc run [secedit /refreshpolicy
> > > > machine_policy /enforce] on the dc. Wait a minute or so and reboot
> > domain
> > > > client. Group policies not propagating can be a result of physical
> > network
> > > > problems, firewalls, dns misconfiguration, breakdown in secure
> channel,
> > > > incompatable security options , problems with sysvol on dc, and
other
> > > issues
> > > > of course. --- Steve
> > > >
> > > > "Martin" <x@y.z> wrote in message
> > > > news:OR3hVNh9CHA.2040@TK2MSFTNGP10.phx.gbl...
> > > > > That's what I thought, but I seen no sign of the IPSec policy
having
> > > been
> > > > > applied. I get no warning when I open the IPSec policies on the
> local
> > > > > computer that the domain IPSec policy will override it. - Any
ideas
> > why
> > > > that
> > > > > would be?
> > > > >
> > > > > Thanks
> > > > > Martin
> > > > >
> > > > > "Steven L Umbach" <sumbach@ameritech.net> wrote in message
> > > > > news:Njjha.283$kd1.372334@newssrv26.news.prodigy.com...
> > > > > > Yes it will. Machine policy is applied before you even
log
> > > > n. ---
> > > > > > Steve
> > > > > >
> > > > > > "Martin" <x@y.z> wrote in message
> > > > > > news:OW2Phof9CHA.1612@TK2MSFTNGP11.phx.gbl...
> > > > > > > Hi,
> > > > > > >
> > > > > > > I know there are computer based policies and user based
> policies.
> > > > > > > I have an domain security IPSec policy, which I presume will
> work
> > > it's
> > > > > way
> > > > > > > down to a computer based policy rather than a user based
policy.
> > > > > > >
> > > > > > > My question is, if I log onto a computer that is in the
domain,
> > but
> > > I
> > > > > log
> > > > > > > onto it locally - ie. I don't log onto the domain, will that
> > > computer
> > > > > > still
> > > > > > > get computer based policies applied? Specifically should by
> domain
> > > > > > security
> > > > > > > IPSec policy apply - I see know sign that it is.
> > > > > > >
> > > > > > > Thanks
> > > > > > > Martin
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: Martin: "Re: Assign Domain Security Policy/Manage remote computer"
- Previous message: Karl Levinson [x y] mvp: "Re: Can't logon to own computer"
- In reply to: Martin: "Re: Machine policy when user logged onto local machine"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
