Re: Applying Custom Security Templates with GPOs
From: cswarr (anonymous_at_discussions.microsoft.com)
Date: 01/27/04
- Next message: Marco: "Re: Anti Packet Sniffer Software"
- Previous message: Marco: "Re: Security Update KB832483"
- In reply to: Steven L Umbach: "Re: Applying Custom Security Templates with GPOs"
- Next in thread: Steven Umbach: "Re: Applying Custom Security Templates with GPOs"
- Reply: Steven Umbach: "Re: Applying Custom Security Templates with GPOs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 27 Jan 2004 12:43:37 -0800
The template (and, therefore, policy) is not being
applied. I ran Sec Config and Analysis and the computer
settings don't match the Database settings. I'm guessing
it's some GP application problem. I enforced the policy
yesterday, rebooted one of the machines that should have
the policy applied to it, and executed
secedit /refreshpolicy machine_policy, but no luck. The
OU that these machines are in is blocking inheritance, but
I applied the GPO with the template on the OU itself and
enforced it. I also made sure it has higher precedence
and that the computer objects have the proper security
privliges to apply the GPO (read and Apply GP). Not sure
what else to do....
>-----Original Message-----
>Verify that the import worked by checking the actual
settings by using
>"edit" or looking at the "settings" for the GPO using
GPMC. Make sure the
>servers reside in a container within the scope on
influence of the GPO - for
>example if this GPO was configured for an Organizational
Unit, then the
>servers need to reside in that OU or possibly a sub OU.
Verify that the new
>GPO is linked to the new container and that computer
policy is enabled for
>it. Other than that it can take some time. Running
secedit /refreshpolicy
>machine_policy enforce on the domain controller where you
created the GPO
>and then doing the same on the servers or rebooting them
can speed up
>propagation. I would only use secedit or reboot one
server until I was sure
>that policy was propagating and it is not some other
problem. Of course dns
>has to be configured correctly on all domain member
computers in that they
>point only to AD domain controllers as their preferred
dns servers. --
>Steve
>
>http://support.microsoft.com/default.aspx?
scid=kb;KO;227302
>
>"cswarr" <anonymous@discussions.microsoft.com> wrote in
message
>news:4da801c3e450$9e12e1a0$a601280a@phx.gbl...
>> I am trying to apply a custom security template to a
group
>> of servers. I have created the template and imported it
>> into a new GPO. The settings in the template don't seem
>> to be filtering down to the servers. I even turned on
the
>> No Override (or Enforce in GPMC) to try to force the
>> policy with the template down. My environment is all
>> Win2k Servers. Any ideas?
>
>
>.
>
- Next message: Marco: "Re: Anti Packet Sniffer Software"
- Previous message: Marco: "Re: Security Update KB832483"
- In reply to: Steven L Umbach: "Re: Applying Custom Security Templates with GPOs"
- Next in thread: Steven Umbach: "Re: Applying Custom Security Templates with GPOs"
- Reply: Steven Umbach: "Re: Applying Custom Security Templates with GPOs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
