Re: Group policy

From: Paul Adare (padare@newsguy.com)
Date: 07/31/02

• Next message: The Atomic Ass: "Re: FTP HELP"
• Previous message: Mike: "FTP HELP"
• In reply to: Andy Jiang: "Re: Group policy"
• Next in thread: Andy Jiang: "Re: Group policy"
• Reply: Andy Jiang: "Re: Group policy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Paul Adare <padare@newsguy.com>
Date: Tue, 30 Jul 2002 23:26:09 -0400

In article <34d101c2383a$d1d2ffc0$37ef2ecf@TKMSFTNGXA13>,
ajiang@lumley.co.nz says...
> Thanks Paul
>
> The group policy is very frustrating.
> 1. It seems to me I cannot trust the result of Resultant
> Set of Policy. RSOP tells me domaim1\user1 on PC1 should
> have password at least 7 Char, but not true.

It is true. You're confusing domain user accounts and local user
accounts. In your case, RSOP is not telling you that domain\user1 needs
to have a password of at least 7 characters. Because you linked the GPO
to the OU, rather than the domain, what RSOP is telling you is that any
local accounts on that computer must have at least 7 characters in their
password.

>
> 2. If a GPO is linked to a OU which has only one memeber
> called domain1/user1 , the GPO specifies something in
> Computer configuration like password, then domain1/user1
> logs on to a XP PC called PC1 which is in domain1 but not
> in OU, will computer configuration parts of the GPO takes
> effect?

No, they won't.

> In my test, they did not.

As expected.

> Does this mean to make
> computer configuration part of the GPO work, the logged on
> PC should be in the OU as well?

Yes.

>
> 3. Is there any document about GPO and its computer
> configation, user configuration , their relations between
> log on users and log on computer, Domain controller?

Lots, check the Microsoft web site.

>
> Thanks.
>
> Regards
>

-- 
Paul Adare
Everyone is left-handed until they commit their first sin.

---

• Next message: The Atomic Ass: "Re: FTP HELP"
• Previous message: Mike: "FTP HELP"
• In reply to: Andy Jiang: "Re: Group policy"
• Next in thread: Andy Jiang: "Re: Group policy"
• Reply: Andy Jiang: "Re: Group policy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Disable Web Access to Specific Workstations ... ill-advised to assign permissions to individual User or Computer accounts ... application of Group Policy will be unnecessarily ... you are correct in that the GPO setting I mentioned will not meet ... manufacturing MACHINES in that OU. ... (microsoft.public.windowsxp.network_web) Re: Deny Log on Locally to some accounts through GPO ... accounts reside... ... We also created a GPO named "Disable RDP Application Accounts". ... Microsoft Windows XP Operating System Group Policy Result tool ... Filtering: Not Applied ... (microsoft.public.windows.server.active_directory) Re: Problem applying custom Group Policy ... I have tested to make some settings in Computer Configuration (in ... answer is in the OU to which this GPO is linked! ... Microsoft Windows 2000 Operating System Group Policy Result ... Local Group Policy ... (microsoft.public.windows.server.active_directory) RE: Deny Log on Locally to some accounts through GPO ... Microsoft Windows Operating System Group Policy Result tool v2.0 ... Disable RDP Application Accounts ... Filtering: Not Applied ... This list only includes links in the domain of the GPO. ... (microsoft.public.windows.server.active_directory) Re: How to disallow group policies on windows 2000 servers ... If the settings are applied via computer configuration in the GPO to the ... > awhile it gets annoying when I login to multiple servers. ... > only disallow the running of this group policy if an administrator or user ... (microsoft.public.win2000.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)