Workstation can see out, but cannot see in!
From: Russ (anonymous_at_discussions.microsoft.com)
Date: 12/17/03
- Next message: Jon McDaniel: "Limited User"
- Previous message: James: "Software Restriction Policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 17 Dec 2003 04:20:45 -0800
Subject: Re: Local Security Policy Locked (or something?)
From: "Russ" <anonymous@discussions.microsoft.com>
Sent: 12/15/2003 8:12:08 AM
Hi Roger,
Yes, you are correct, I suspect either a corrupted file or
at one time I may have been booting the server ending up
with a GPO and booting with the local workstation and
getting a local SP.
The link you mention is the link I used to reset defaults
for the local workstation.
Update: I have performed a reconnection to the Domain.
(Just to be sure that I am connecting.) I can easily see
the rest of the network and files from the local
workstation (FYI, this workstation is running XP while the
other workstations are running 2000Pro and the server is
running 2003 server. AD is elevated to 2003 domain.
If I try to look at the workstation from the server or any
other workstation, I get this message:
Logon Failure: the user has not been granted the requested
logon type at this computer.
I receive an error message when trying to open local
policy.
I get the following message:
Failed to open IPsec policy storage (80070005) Access is
denied.
I then clicked OK. I get:
The group policy settings that apply to this machine could
not be determined. The error received when trying to
retrieve these settings from the local policy database %
windr%\security\database\secedit\secedit.sdb was: The
parameter is correct. All local security settings will be
displayed, but no indication will be given as to whether
or not a given security setting is defined in group policy.
The policy MMC opens and within each folder is:
Windows cannot read template info.
RSoP: Source GPO says Default Domain Policy
Roger, I guess I would like to be able to see the
Directories, Files and Folders from the server and the
other workstations. Diving into this, it may be a more
complex problem that you or I can resolve. I appreciate
any suggestion though and if you have any other
directions, I will certainly try them. Seems funny I can
see out onthe workstation, just can't see in (even though
it lists on the domain network site on explorer.)
r
>-----Original Message-----
>Well, as I am hearing you, when you are in the local
security
>policy you are seeing all of the policies greyed out, and
not
>changeable.
>
>Do you recall what command you used with setup securty.inf
>Was it a variation of
>http://support.microsoft.com/?id=313222
>with secsetup.inf from Windows\repair or was it with file
>setup security.inf from Windows\Security\templates ?
>
>When you are on a domain controller, policies may be set
>at any of a number of locations so that they will apply
onto
>the XP client. On the client you can define a custom mmc
>console to which you add the RSoP (resultant set of
policy)
>snapin (selecting current machine and user) and it will
show
>you from where the setting are arising if they come from
GPOs
>at the Active Directory level.
>
>
>--
>Roger Abell
>Microsoft MVP (Windows Server System: Security)
>MCSE (W2k3,W2k,Nt4) MCDBA
>"russ" <anonymous@discussions.microsoft.com> wrote in
message
>news:13c4e01c3c2a6$55133e30$a601280a@phx.gbl...
>> Thank you for your time Roger,
>>
>> I logon as a local user Administrator and open the Local
>> Security Policy. The Policies are all default (I reset
>> them to default under the Command/DOS prompt)thinking
that
>> I could go into the policies one by one and make the
>> necessary tweaks to my specific situation (SOHO). I
right-
>> click on properties for each item and I do not have the
>> option to change the options. They are greyed-out. They
>> are greyed-out from the server-side also (because I was
>> thinking that this was now domain security and I tried
>> group policy edit fromthe server.) Nope! Group policy is
>> different fromthe existing local so the server is not
>> doing it! I'm confused now. Appreciate any suggestion
you
>> may have (other than a wipe and re-install <grin>)
>>
>> r
>> >-----Original Message-----
>> >The icon of a padlock over a machine is the normal
>> >icon for the Local Security Policy.
>> >
>> >You need to tell us what does happen, not what does
>> >not, when you try to use Local Security Policy.
>> >
>> >You mentioned you are in a domain, in which case it
>> >can be normal to not be able to alter settings of
policies
>> >that are being applied from the Active Directory level.
>> >
>> >--
>> >Roger Abell
>> >Microsoft MVP (Windows Server System: Security)
>> >MCSE (W2k3,W2k,Nt4) MCDBA
>> >"Russ" <anonymous@discussions.microsoft.com> wrote in
>> message
>> >news:13ab101c3c273$d17c55c0$a601280a@phx.gbl...
>> >> Folks,
>> >>
>> >> I am dumb dumb dumb (or something close.)
>> >> I have had some problems with an XP Pro machine on my
>> >> network. I've got it up and running with accessibilty
>> now.
>> >>
>> >> My Local Security Policy icon on this machine has a
>> >> lockbox on it and yes, that means everything in it
will
>> >> not allow me to change it.
>> >> I did issue (at a command prompt) that all Local
>> Security
>> >> Policy settings be set to default settings. This
command
>> >> worked but it did not remove the lock on the icon
and I
>> >> cannot control settings (seemingly from a windows gui
>> >> interface). Can someone shed some light on how I can
>> >> recover? I am the administrator and I have tried to
>> access
>> >> through domain as well as through a local (this
machine
>> >> account). I appreciate your time.
>> >
>> >
>> >.
>> >
>
>
>.
>
.
- Next message: Jon McDaniel: "Limited User"
- Previous message: James: "Software Restriction Policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
