local security policy

From: John Lambert [MS] (johnla_at_online.microsoft.com)
Date: 05/13/03 

Date: Mon, 12 May 2003 23:08:38 -0700

Did you define those 'deny' policies on the 'Default
Domain Policy' instead of the 'Default Domain controller
policy'? Check to see which GPO you defined those
policies in. You can use reskit tools like gpupdate to
see if those GPOs are affecting your clients.

John

This posting is provided "AS IS" with no warranties, and
confers no rights

>-----Original Message-----
>hi
>
>v have win 2k server running as domain controller , and
v
>3 workstation running on win xp professional , i had
some
>policies defined on the server, like deny logon
locally ,
>some how this policies got defined in 2 win xp pro PCs,
>and it was not allowing clients logon from that
>systems "local policy on the system does not allow
>interactive logon", i tried logging into the local
system
>with administrator provileges but still those policies
had
>freezed on the system , not letting me change them, then
i
>had to take those 2 PCs out and domain and register them
>again, for safer side i disabled deny logon locally from
>the server , i want 2 know how those policies on the
>server got embedded on those 2 PCs on win XP (no
probelm
>with win nt work station r for that matter anyother
>version of windows) i want those deny locally policy
>defined only on the win 2k server domain controller not
on
>workstation because clients access server from the
>workstation.
>
>if some body can put some light on this matter it will
be
>greatly appreciated .
>
>thanx in advanced
>venu
>
>
>.
>

Relevant Pages

  • Re: Simple question on Group Policy, Password policy and blocking inheritance
    ... My point was that you can use fine-grained password policies to specify multiple password policies and apply different password restrictions and account lockout policies to different sets of users within a single domain, ... > trying to enforce a password policy for the entire company. ... create a policy and make sure that is linked at domain level. ... > restoring their 'Default Domain Policy' and 'Default Domain Controller ...
    (microsoft.public.windows.server.active_directory)
  • Re: Password policy, no override
    ... DCs will ignore any password policies you set at the domain controller ... I would disagree with setting the password policy on the Default ... > account and not the Domain user account object). ...
    (microsoft.public.win2000.active_directory)
  • Re: GPO Password length not working
    ... my contact there about it and so we went into the RSoP and looked at their ... 'GPO-Applied' rather than Authenticated Users because some of the policies I ... Apply this policy rights. ... > linked to the domain controller container and that your domain controllers ...
    (microsoft.public.windows.server.security)
  • RE: Group Policy: multiple password policies in the same domain?
    ... > accounts at the domain level, but you do NOT have to use the ... On my DC, running GPMC, if I do a GPO model with conflicting policies, ... just wondering if the policy is actually set but the reporting/RSoP ... on a domain controller, the domain controller policy is the ...
    (Focus-Microsoft)
  • RE: GPO for CTX Servers
    ... and SET DENY right fot the policy which should not be applied. ... If i can remember it is good to use deny because if you are several policies ... First question - is this the correct approach? ...
    (microsoft.public.windows.terminal_services)
Quantcast