Re: DOMAIN SECURITY GROUP POLICY
From: jurbop (anonymous_at_discussions.microsoft.com)
Date: 09/15/04
- Next message: Steven L Umbach: "Re: DOMAIN SECURITY GROUP POLICY"
- Previous message: Steven L Umbach: "Re: Windows 2000 Pro"
- In reply to: Steven L Umbach: "Re: DOMAIN SECURITY GROUP POLICY"
- Next in thread: Steven L Umbach: "Re: DOMAIN SECURITY GROUP POLICY"
- Reply: Steven L Umbach: "Re: DOMAIN SECURITY GROUP POLICY"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 14 Sep 2004 20:54:50 -0700
I opened up Domain Security Policy in Administrator Tools,
but there was no policy I could activate/deactivate to
change the situation. I ran "net localgroup
administrators" and the comment stated that the
administrator has unrestricted control over the domain. I
am logged on as administrator, and I am a Domain Admin
member. The Domain Admins do have read and write
permissions, but when I access the Domain Properties, then
click the Group Policy tab, the Domain Security Group
Policy, EDIT option is still grayed out. When I open the
properties for this policy and click on the Security tab
to check the ACL, I get a message stating "You only have
permission to view the current security information on
Domain Security Group Policy". Again all tabs to allow me
to Add, Remove, or Apply (to make any changes) are grayed
out. There must be some way for me as an Admin to access
this policy and EDIT it. Thanks for your response.
>-----Original Message-----
>Try using Domain Security Policy in the administrator
tools to see if you can open
>it. Make sure you are logged on as an administrator as
that is often the problem. It
>is possible for the domain admins group to be removed
from the administrators group
>and possibly the built in administrator account was
renamed. Running "net user
>username" will show group membership and "net localgroup
administrators" will show
>members of the administrators group when run on the
domain controller. A user needs
>only read and write permissions to edit a GPO. --- Steve
>
>
>"Jurbop" <anonymous@discussions.microsoft.com> wrote in
message
>news:237301c49aa4$b5cab010$a501280a@phx.gbl...
>>I am preparing for the MCSE 2000 Security exam (70-214),
>> and one of the exercises I am to do is to Modify User
>> Rights. I run a single domain, and when I open up Active
>> Directory Users and Computers, right click the domain
>> name, click on properties, and click on the Group Policy
>> tab to access the "Domain Security Group Policy", I am
not
>> able to EDIT this policy (EDIT is grayed out). I click
on
>> the policy properties, then the Security tab, and
>> authorized entries are: Authenticated Users, Creator
>> Owner, Domain Admins, Enterprise Admins, and System.
None
>> of these entries has FULL CONTROL access. I am logged on
>> as Administrator, and I'm a member of the Domain Admin
>> group. Both Domain Admin and System have Red, Write, and
>> Create and Delete All Child Objects permissions, but no
>> Full Control. I've tried various things to try and gain
>> access which would allow me to EDIT this policy, but
have
>> not been able to. What can I do to obtain FULL CONTROL
for
>> this policy so I can EDIT it. Thank you.
>
>
>.
>
- Next message: Steven L Umbach: "Re: DOMAIN SECURITY GROUP POLICY"
- Previous message: Steven L Umbach: "Re: Windows 2000 Pro"
- In reply to: Steven L Umbach: "Re: DOMAIN SECURITY GROUP POLICY"
- Next in thread: Steven L Umbach: "Re: DOMAIN SECURITY GROUP POLICY"
- Reply: Steven L Umbach: "Re: DOMAIN SECURITY GROUP POLICY"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
