Re: Exchange OWA 2003 Trusted Root Certificate
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 02/19/05
- Next message: Roger Abell: "Re: File permissons"
- Previous message: Steven L Umbach: "Re: security log anomolies"
- In reply to: Smurfman: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Next in thread: Smurfman: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Reply: Smurfman: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 18 Feb 2005 19:15:04 -0600
OK. Well for that I would start with gpresult and GPMC to make sure that the
computers are showing as existing in the right OU. Gpresult will also show
what computer configuration GPO's are being applied to a computer and the
last time they were applied. RSOP in logging and planning mode can help you
track down what is going on. RSOP allows you to run scenarios based on the
OU that the computer is in, group membership, and slow link detection. If
RSOP planning mode differs from what you are experiencing then their may be
a network connectivity, dns name resolution, or domain computer account
problem and the support tool netdiag can be run on any domain computer
including domain controllers to check for such. See the link below to first
make sure your dns is 100 percent correct for the domain as improper dns
configuration is the root of most Active Directory problems. --- Steve
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382 --- AD
dns FAQ
http://support.microsoft.com/default.aspx?scid=kb;en-us;321708 --- netdiag
and ho to install support tools.
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B250842 ---
troubleshooting Group Policy
"Smurfman" <Smurfman@discussions.microsoft.com> wrote in message
news:CDC3CC09-D644-433F-957E-B435920DF4C5@microsoft.com...
> Thanks Steve, I posted the behavior in the Exchange.Misc board, I think
> right
> next to "fat chance of anyone having the same issue"...thanks a ton for
> all
> of your help on this one here. I posted a Group Policy post related to
> the
> fact that not all of my machines in the Group are taking the policy, about
> half of them, and several of them only after I reboot...the whole 90-120
> minute thing for computers poling and getting a new machine policy is not
> working...if you had any thoughts on that the post is over there in
> Win2000.Group Policy...
>
> Thanks
> J
>
> "Steven L Umbach" wrote:
>
>> Hmm. I can't help with that as I have never experienced it. I don't use
>> it
>> as a mmc snapin, I just run it from Administrative Tools. --- Steve
>>
>>
>> "Smurfman" <Smurfman@discussions.microsoft.com> wrote in message
>> news:C18EA64A-F4B7-4776-9EB2-F7A27A0267AA@microsoft.com...
>> > Thanks Steve, I actually install and start playing around with the GPMC
>> > SP1
>> > yesterday. I posted an issue with the tool on another board, but in
>> > short
>> > I
>> > can run the tool by browsing to it in Admin tools, but if I attempt to
>> > add
>> > the tool as a snap-in to my custom mmc console, a Microsoft error is
>> > generated, and the console crashes. I get the same results when I
>> > attempt
>> > to
>> > add the Exchange 2003 snap-in for System Manager, the console crashes
>> > and
>> > I
>> > can't add it. However, once again if I browse to it and run it, works
>> > fine.
>> > Ever heard of that behaviour?
>> >
>> > Thanks again.
>> >
>> >
>> > "Steven L Umbach" wrote:
>> >
>> >> If you have a Group Policy where no computer configuration is defined
>> >> it
>> >> makes sense to disable the computer part of the Group Policy. Just
>> >> keep
>> >> in
>> >> mind that it is disabled because we tend to forget such as time goes
>> >> on
>> >> and
>> >> someday if you do define a computer configuration setting it obviously
>> >> will
>> >> not work until you enable the computer configuration portion of the
>> >> Group
>> >> Policy. If you are using Group Policy Management console [via an XP
>> >> Pro
>> >> domain computer for W2K domain] it will be easier to see such. ---
>> >> Steve
>> >>
>> >> http://www.microsoft.com/windowsserver2003/gpmc/default.mspx
>> >>
>> >> "Smurfman" <Smurfman@discussions.microsoft.com> wrote in message
>> >> news:6B79FBDD-B636-494B-AD5E-8A16C31A243A@microsoft.com...
>> >> > Actually that was not the only thing I was trying to accomplish.
>> >> > There
>> >> > are
>> >> > specific user configurations that I will be performing as well. But
>> >> > my
>> >> > whole
>> >> > issue was that When I removed Authenticated Users from the default
>> >> > setting
>> >> > for the Apply of the GPO, the computer configuration was not
>> >> > applied,
>> >> > when
>> >> > I
>> >> > used this GPO at the domain level, since Domain Computers are a
>> >> > member
>> >> > of
>> >> > Authenticated Users, other GPO's that I made computer config changes
>> >> > to,
>> >> > worked just fine. Once I modified a group to include the specific
>> >> > computers
>> >> > that would get this particular config, and applied it to the GPO
>> >> > (filter)
>> >> > everything worked like a charm.
>> >> >
>> >> > I do have another question, raised by your comment below. I notice
>> >> > there
>> >> > are options for the GPO to Disable User or Computer Configuration
>> >> > Settings.
>> >> > When I have a policy (not this one), that has Authenticated Users as
>> >> > the
>> >> > default, and I have left this setting as is, but made no comptuer
>> >> > changes -
>> >> > is it safe to assume that the computer configuration is skipped - or
>> >> > in
>> >> > a
>> >> > domain of less than 50 users, do I care? Is performance really a
>> >> > concern?
>> >> >
>> >> > "Paul Adare" wrote:
>> >> >
>> >> >> In article <gsGdnUQ-Y5-o44_fRVn-og@comcast.com>, in the
>> >> >> microsoft.public.win2000.security news group, Steven L Umbach
>> >> >> <n9rou@n0-
>> >> >> spam-for-me-comcast.net> says...
>> >> >>
>> >> >> > That should work fine with the GPO at the domain level. ---
>> >> >> > Steve
>> >> >> >
>> >> >> > "Smurfman" <Smurfman@discussions.microsoft.com> wrote in message
>> >> >> > news:A340D0EB-BB20-41E7-8478-42D257B72CBF@microsoft.com...
>> >> >> > > So for this example, create 2 Global Groups, perhaps one called
>> >> >> > > Mail_Users
>> >> >> > > and the other Mail_Workstations. Then assign the users and
>> >> >> > > computers
>> >> >> > > to
>> >> >> > > each
>> >> >> > > respective group, and use those two groups in the GPO Security
>> >> >> > > settings to
>> >> >> > > Apply and then what - Assign the GPO to the Domain?. Am I
>> >> >> > > following
>> >> >> > > you
>> >> >> > > correctly?
>> >> >> >
>> >> >>
>> >> >> If all the OP is trying to do here is to push the required root
>> >> >> certificate out however, there is no need for the Mail_Users group
>> >> >> at
>> >> >> all. Since the Public Key policy settings are in the Computer
>> >> >> Configuration section of the GPO, that section will _never_ be
>> >> >> processed
>> >> >> by user. Giving them permissions on a GPO that they will never
>> >> >> process
>> >> >> doesn't accomplish anything. In fact, as a best practice, if a GPO
>> >> >> contains _only_ user or _only_ computer settings processing of the
>> >> >> empty
>> >> >> section of the GPO should be disabled for performance reasons. No
>> >> >> point
>> >> >> processing a GPO that doesn't contain settings that will be
>> >> >> applied.
>> >> >>
>> >> >> --
>> >> >> Paul Adare
>> >> >> "On two occasions, I have been asked [by members of Parliament],
>> >> >> 'Pray, Mr. Babbage, if you put into the machine wrong figures,
>> >> >> will the right answers come out?' I am not able to rightly
>> >> >> apprehend
>> >> >> the kind of confusion of ideas that could provoke such a question."
>> >> >> -- Charles Babbage (1791-1871)
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>
- Next message: Roger Abell: "Re: File permissons"
- Previous message: Steven L Umbach: "Re: security log anomolies"
- In reply to: Smurfman: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Next in thread: Smurfman: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Reply: Smurfman: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
