Re: Applying Custom Security Templates with GPOs

From: Steven L Umbach (n9rou_at_comcast.net)
Date: 01/27/04


Date: Mon, 26 Jan 2004 23:54:23 GMT

Verify that the import worked by checking the actual settings by using
"edit" or looking at the "settings" for the GPO using GPMC. Make sure the
servers reside in a container within the scope on influence of the GPO - for
example if this GPO was configured for an Organizational Unit, then the
servers need to reside in that OU or possibly a sub OU. Verify that the new
GPO is linked to the new container and that computer policy is enabled for
it. Other than that it can take some time. Running secedit /refreshpolicy
machine_policy enforce on the domain controller where you created the GPO
and then doing the same on the servers or rebooting them can speed up
propagation. I would only use secedit or reboot one server until I was sure
that policy was propagating and it is not some other problem. Of course dns
has to be configured correctly on all domain member computers in that they
point only to AD domain controllers as their preferred dns servers. --
Steve

http://support.microsoft.com/default.aspx?scid=kb;KO;227302

"cswarr" <anonymous@discussions.microsoft.com> wrote in message
news:4da801c3e450$9e12e1a0$a601280a@phx.gbl...
> I am trying to apply a custom security template to a group
> of servers. I have created the template and imported it
> into a new GPO. The settings in the template don't seem
> to be filtering down to the servers. I even turned on the
> No Override (or Enforce in GPMC) to try to force the
> policy with the template down. My environment is all
> Win2k Servers. Any ideas?



Relevant Pages

  • Re: Group Policy Firewall Exception Problem
    ... the domain ends up with two sets of firewall settings. ... I have set up about a dozen or more Windows 2003, R2 servers on our AD ... and those OUs had a common GPO linked to them. ...
    (microsoft.public.windows.group_policy)
  • Re: restricted groups frustration!
    ... Have you run GPMC Results wizard against one of the intended target servers to ensure they are actually processing that GPO and getting that particular setting. ... you could then enable security policy logging on one of the target servers to see what's up. ... If this is not the desired RSOP, you'll most likely want to create a new gpo with these settings in it and security filter it to 'Domain Computers', which avoids domain controllers. ...
    (microsoft.public.windows.server.active_directory)
  • RE: Loopback Policy Not Taking Effect
    ... The fact that the *user* settings from the ... Lockdown GPO (which is linked to the OU containing the Terminal ... So I rebooted both of my Terminal Servers in hopes that the ... - I went to GP Management and Created a Loopback Policy as well ...
    (microsoft.public.windows.terminal_services)
  • Re: Applying Custom Security Templates with GPOs
    ... The template (and, therefore, policy) is not being ... privliges to apply the GPO. ... >servers need to reside in that OU or possibly a sub OU. ...
    (microsoft.public.win2000.security)
  • Re: IE settings not being applied to win2k clients
    ... We are experiencing the same problem with GPO settings not applying to Win2k ... > but the win2k boxes (and servers) never apply the proper zone settings. ...
    (microsoft.public.windows.group_policy)