Re: Exchange OWA 2003 Trusted Root Certificate
From: Smurfman (Smurfman_at_discussions.microsoft.com)
Date: 02/17/05
- Next message: Steven L Umbach: "Re: NTLMv2 / Windows 2000 Pro bug fix"
- Previous message: Steven L Umbach: "Re: Event ID 538 & 540 whenuser did not logon"
- In reply to: Steven L Umbach: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Next in thread: Steven L Umbach: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Reply: Steven L Umbach: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 17 Feb 2005 12:17:01 -0800
Thanks Steve, I posted the behavior in the Exchange.Misc board, I think right
next to "fat chance of anyone having the same issue"...thanks a ton for all
of your help on this one here. I posted a Group Policy post related to the
fact that not all of my machines in the Group are taking the policy, about
half of them, and several of them only after I reboot...the whole 90-120
minute thing for computers poling and getting a new machine policy is not
working...if you had any thoughts on that the post is over there in
Win2000.Group Policy...
Thanks
J
"Steven L Umbach" wrote:
> Hmm. I can't help with that as I have never experienced it. I don't use it
> as a mmc snapin, I just run it from Administrative Tools. --- Steve
>
>
> "Smurfman" <Smurfman@discussions.microsoft.com> wrote in message
> news:C18EA64A-F4B7-4776-9EB2-F7A27A0267AA@microsoft.com...
> > Thanks Steve, I actually install and start playing around with the GPMC
> > SP1
> > yesterday. I posted an issue with the tool on another board, but in short
> > I
> > can run the tool by browsing to it in Admin tools, but if I attempt to
> > add
> > the tool as a snap-in to my custom mmc console, a Microsoft error is
> > generated, and the console crashes. I get the same results when I attempt
> > to
> > add the Exchange 2003 snap-in for System Manager, the console crashes and
> > I
> > can't add it. However, once again if I browse to it and run it, works
> > fine.
> > Ever heard of that behaviour?
> >
> > Thanks again.
> >
> >
> > "Steven L Umbach" wrote:
> >
> >> If you have a Group Policy where no computer configuration is defined it
> >> makes sense to disable the computer part of the Group Policy. Just keep
> >> in
> >> mind that it is disabled because we tend to forget such as time goes on
> >> and
> >> someday if you do define a computer configuration setting it obviously
> >> will
> >> not work until you enable the computer configuration portion of the Group
> >> Policy. If you are using Group Policy Management console [via an XP Pro
> >> domain computer for W2K domain] it will be easier to see such. --- Steve
> >>
> >> http://www.microsoft.com/windowsserver2003/gpmc/default.mspx
> >>
> >> "Smurfman" <Smurfman@discussions.microsoft.com> wrote in message
> >> news:6B79FBDD-B636-494B-AD5E-8A16C31A243A@microsoft.com...
> >> > Actually that was not the only thing I was trying to accomplish. There
> >> > are
> >> > specific user configurations that I will be performing as well. But my
> >> > whole
> >> > issue was that When I removed Authenticated Users from the default
> >> > setting
> >> > for the Apply of the GPO, the computer configuration was not applied,
> >> > when
> >> > I
> >> > used this GPO at the domain level, since Domain Computers are a member
> >> > of
> >> > Authenticated Users, other GPO's that I made computer config changes
> >> > to,
> >> > worked just fine. Once I modified a group to include the specific
> >> > computers
> >> > that would get this particular config, and applied it to the GPO
> >> > (filter)
> >> > everything worked like a charm.
> >> >
> >> > I do have another question, raised by your comment below. I notice
> >> > there
> >> > are options for the GPO to Disable User or Computer Configuration
> >> > Settings.
> >> > When I have a policy (not this one), that has Authenticated Users as
> >> > the
> >> > default, and I have left this setting as is, but made no comptuer
> >> > changes -
> >> > is it safe to assume that the computer configuration is skipped - or in
> >> > a
> >> > domain of less than 50 users, do I care? Is performance really a
> >> > concern?
> >> >
> >> > "Paul Adare" wrote:
> >> >
> >> >> In article <gsGdnUQ-Y5-o44_fRVn-og@comcast.com>, in the
> >> >> microsoft.public.win2000.security news group, Steven L Umbach
> >> >> <n9rou@n0-
> >> >> spam-for-me-comcast.net> says...
> >> >>
> >> >> > That should work fine with the GPO at the domain level. --- Steve
> >> >> >
> >> >> > "Smurfman" <Smurfman@discussions.microsoft.com> wrote in message
> >> >> > news:A340D0EB-BB20-41E7-8478-42D257B72CBF@microsoft.com...
> >> >> > > So for this example, create 2 Global Groups, perhaps one called
> >> >> > > Mail_Users
> >> >> > > and the other Mail_Workstations. Then assign the users and
> >> >> > > computers
> >> >> > > to
> >> >> > > each
> >> >> > > respective group, and use those two groups in the GPO Security
> >> >> > > settings to
> >> >> > > Apply and then what - Assign the GPO to the Domain?. Am I
> >> >> > > following
> >> >> > > you
> >> >> > > correctly?
> >> >> >
> >> >>
> >> >> If all the OP is trying to do here is to push the required root
> >> >> certificate out however, there is no need for the Mail_Users group at
> >> >> all. Since the Public Key policy settings are in the Computer
> >> >> Configuration section of the GPO, that section will _never_ be
> >> >> processed
> >> >> by user. Giving them permissions on a GPO that they will never process
> >> >> doesn't accomplish anything. In fact, as a best practice, if a GPO
> >> >> contains _only_ user or _only_ computer settings processing of the
> >> >> empty
> >> >> section of the GPO should be disabled for performance reasons. No
> >> >> point
> >> >> processing a GPO that doesn't contain settings that will be applied.
> >> >>
> >> >> --
> >> >> Paul Adare
> >> >> "On two occasions, I have been asked [by members of Parliament],
> >> >> 'Pray, Mr. Babbage, if you put into the machine wrong figures,
> >> >> will the right answers come out?' I am not able to rightly apprehend
> >> >> the kind of confusion of ideas that could provoke such a question."
> >> >> -- Charles Babbage (1791-1871)
> >> >>
> >>
> >>
> >>
>
>
>
- Next message: Steven L Umbach: "Re: NTLMv2 / Windows 2000 Pro bug fix"
- Previous message: Steven L Umbach: "Re: Event ID 538 & 540 whenuser did not logon"
- In reply to: Steven L Umbach: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Next in thread: Steven L Umbach: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Reply: Steven L Umbach: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
