Re: XP Security Question

From: Steven L Umbach (n9rouz_at_nscomcast.net)
Date: 11/01/03 

Date: Sat, 01 Nov 2003 20:06:00 GMT

I agree with Roger's assessment. It would seem that the XP machines you have trouble
accessing are in a different container/OU than the machine you just installed since
it does not show any grayed out settings that indicate inherited policy. I would
first move one of the trouble machine to that same container as the newly installed
machine. Run secedit /refreshpolicy machine_policy on the domain controller and then
reboot the newly moved machine. After that it should not show the grayed out items it
did before. Now try to access it remotely. If you can then there is a setting in the
GPO security policy at the container/OU level that is causing the problem. If moving
did not help, then someone manually configured the Local Security Policy of that
machine and probably the others, possibly importing a template. You may need to use
the Security Configuration and Analysis tool to compare security settings in the two
machines doing the analysis against the setup security.inf template to determine
which security settings are different and troubleshoot from there by changing
security settings to match the new machine. My guess is that it is either the access
this computer from the network user right or a security option. --- Steve

http://www.lokbox.net/SecureXP/secAnalysis.asp

"Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
news:O8ciRvKoDHA.2232@TK2MSFTNGP09.phx.gbl...
> Compare what OU this new machine object is in compared
> to the OU of your (non-functioning) XP workstation.
> You could use GPMC to get a better view of what policies
> are being enforced on you workstation, and compare these
> to what is in effect on the new machine.
>
> --
> Roger Abell
> Microsoft MVP (Windows Server System: Security)
> MCDBA, MCSE W2k3+W2k+Nt4
> "Mike" <hillrm@hotmail.com> wrote in message
> news:0bc301c39fcd$ba1b9df0$a501280a@phx.gbl...
> > Newest wrinkle on this is that I just got in a new PC,
> > brought it up, applied some critical patches, connected
> > it to my network, downloaded all remaining critical
> > updates. This machine I can manage remotely and no
> > options are grayed out in local security policy. I hate
> > to have to completely re-install to move from win2k to XP
> > Pro and other offices in my organization have not
> > reported problems.
> >
> >
> > >-----Original Message-----
> > >Double check that you are indeed logged on as an
> > administrator - can you view the
> > >members of the local administrators group? Maybe you are
> > logging on as a domain
> > >administrator and the domain admins group has been
> > removed. Can the user who is able
> > >to remotely manage them from his W2K box do the same
> > from your XP box. That would
> > >help narrow problem down to user or machine. -- Steve
> > >
> > >"Mike" <Hillrm@hotmail.com> wrote in message
> > >news:05d801c39f31$9b5552e0$a101280a@phx.gbl...
> > >> Situation: I updated my win2k pro machine to XP pro
> > >> tested all of my apps and network...all was well. Then
> > I
> > >> authorized 4 other machines to be upgraded from win2k
> > pro
> > >> to XP pro, all of the machines work without problems;
> > >> EXCEPT that I can no longer do any kind of remote
> > >> management of them from my machine. (For example
> > >> using "Manage" in my computer and selecting another
> > >> machine) I get "Access Denied". I can still manage
> > win2k
> > >> machines from my XP machine, and another user on a
> > win2k
> > >> pro machine can manage the XP machines. I also notice
> > >> some things in local security policy that appear grayed
> > >> out when I'm logged on locally, even though I'm an
> > >> administrator. Netdiag says DNS is fine, RSoP shows no
> > >> Group Policies that could cause the problem; all
> > machines
> > >> are in the same win2k Active Directory Domain. I get
> > >> grayed out options even when I logon as the local
> > >> administrator on the machines. Have looked all over,
> > and
> > >> tried tricks suggested for problems that seem remotely
> > >> similar with no change.
> > >>
> > >> Thanks for any help you can provide!
> > >>
> > >
> > >
> > >.
> > >
>
>

Relevant Pages

  • Re: Unable to download/run ActiveX controls
    ... Your current security settings prohibit running Active X ... Test Your ActiveX Installation ... change the security settings for this zone? ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Big Security Permission Mistake - Please Help if You Can
    ... Reset Security Settings Back to the Defaults ... security template to be applied. ...
    (microsoft.public.windowsxp.configuration_manage)
  • Re: why microsoft choose mfc rather than wtl?
    ... One is that users need to keep their browser security settings as high as ... attacks that aren't possible in the higher security settings. ... point was that you should not dictate securiy settings to your customers ...
    (microsoft.public.vc.mfc)
  • Re: enable outlook security.oft to allow programs to send email wi
    ... there is a limit to how many addresses you can specify for "Security Settings ... > items in the Outlook Security Settings folder, ... >> Exchange server you are running against is an Exchange ...
    (microsoft.public.outlook.program_forms)
  • RE: System Restore
    ... Security setting descriptionsComputer Configuration\Windows ... Windows XP Service Pack 2 introduces some security-enhancing changes to ... Account Policies Password Policy, Account Lockout Policy, and Kerberos Policy ... You can configure the security settings that are described in this section ...
    (microsoft.public.windowsxp.general)