Re: Local Security Settings

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 08/18/05 

Date: Thu, 18 Aug 2005 15:22:29 -0500

Make sure that the policy was configured on a container that contains the
computer accounts. For such a small domain you probably did this in Domain
Security Policy? If that is the case, reboot or use the command secedit
/refreshpolicy machine_policy /enforce on the other computers to see if that
fixes the problem. Also check your dns settings so that the domain
controller points only to itself as it's preferred dns server in tcp/ip
properties and that all the domain computers point only to the domain
controller as their preferred dns server. You can use the command ipconfig
/all to check tcp/ip configuration. You will also find the support tools
dcdiag [domain controller only] and netdiag to check for the health of your
domain computers in regards to network connectivity, dns name resolution,
and computer account/secure channel integrity. The support tools are located
on the install disk in the support/tools folder where you install them by
using the setup file there. Also make it a habit of using Event Viewer to
check the various logs on your computers when you are experiencing problems
and also routinely to check for errors that may mean impending problems,
particularly on your domain controller.. --- Steve

"Dan" <dan@discussions.microsoft.com> wrote in message
news:4B096D30-C779-471B-AADA-8FFB7885FC8D@microsoft.com...
> Hi,
>
> I have a Windows 2000 Server with 5 Client machines... I have set the
> security audit polices on the server and they have propagated down to
> three
> of the machines but two of machines effective settings are not
> correct...So
> they did not receive them... Any help or suggestions would be greatly
> appreciated...
>
> Thanks
> --
> Dan

Relevant Pages

  • Re: Local Security Settings
    ... > properties and that all the domain computers point only to the domain ... > controller as their preferred dns server. ... > dcdiag [domain controller only] and netdiag to check for the health of your ... > "Dan" wrote in message ...
    (microsoft.public.win2000.security)
  • Re: Domain Password Security
    ... accounts need to use complex passwords and minimum of ntlmv2 should be used for lan ... Services Client and configuring authentication level on Domain Controller Security ... controllers if you have all W2K/XP computers. ... I also recommend you enable auditing of account logon and logon ...
    (microsoft.public.win2000.security)
  • Re: Domain Password Security
    ... Domain Controller Security ... >controllers if you have all W2K/XP computers. ... >administrator accounts only when needed to, ... account logon and logon ...
    (microsoft.public.win2000.security)
  • Re: Custom rights
    ... I don't know the specific answer to that offhand as I don't have Exchange ... >> By default any user can log onto a server other than domain controller. ... >> To add computers to the domain go to AD Users and Computers. ... >> not work on privileged groups such as administrators. ...
    (microsoft.public.win2000.security)
  • Re: How to audit who adds computers to domain
    ... Enable auditing of acount managment events in your Domain Controller ... Security Policy and then look for event ID 645 in the security logs in Event ... Microsoft to do this for multiple computers at a time. ...
    (microsoft.public.win2000.networking)