RE: Group policy not applying (firewall interference?)

I see. The 8003 error is quite to be expected if there are workstations
running the browser service. When a client starts up it is designed to ensure
there is a master browser. This is sort of leftover behavior from some very
old systems, from about 15 years ago. The domain controller will always win
the election so other than causing a bunch of unnecessary network traffic and
wasting some cycles, there is nothing lost by letting this just proceed.

The way you are deploying the policy is fine, by disabling the service. For
some reason, that GPO is filtered out on the machines that ignore it. That is
a different problem. If you go to a command line (as an administrator) on
that system and run "gpresult -z" you would see which policies were applied
and which were skipped. More than likely that system is somehow not in the OU
you bound the policy to. The output for gpresult is very long with the -z
switch, so you may want to redirect it to a file.

I should also mention that if you create a policy the way you did, depending
on the tool set you used and the version of the OS on the box you did it on,
you must set an ACL on the service. What did you set there? It could simply
be that you left the default, which on older versions was Everyone:Full
Control. On more recent versions of Windows Server 2003, it sets a much more
reasonable one.

"rschatz" wrote:

Thanks for clarifying that. I didn't think it sounded right.

Actually I just discovered that the client is getting a couple of errors
which I can probably also look up:
Event Source: SceCli
Event Category: None
Event ID: 1202
Description:
Security policies were propagated with warning. 0x4b8 : An extended error
has occurred.
and
Event Source: Userenv
Event Category: None
Event ID: 1085
Description:
The Group Policy client-side extension Security failed to execute. Please
look for any errors reported earlier by that extension.

The server logs an error (which is really more of a warning I suppose):
Event Source: MRxSmb
Event Category: None
Event ID: 8003
Description:
The master browser has received a server announcement from the computer
COMPUTERNAME that believes that it is the master browser for the domain on
transport bla bla. The master browser is stopping or an election is being
forced.

That is why I'm trying to disable the computer browser service by setting
the computer configuration in a GPO: Windows Settings > security settings >
system services > computer browser (startup mode: disabled).
.

Relevant Pages

  • Re: Tales of the Semi-bold
    ... perhaps in terms of the notoriety of IE's security holes... ... matter of policy. ... most secure browser. ... client is certainly a security risk. ...
    (rec.games.roguelike.angband)
  • Re: Attempt to de-mystify AJAX
    ... > conviction when we know the client is leading ... > code into the browser that it's now just as thick as anything people ... > 1) IT used to think BUI development was easy. ... > 2) Therefore IT people advocated thin client. ...
    (comp.databases.pick)
  • Re: access only to one external site
    ... Is the firewall client installed on the client? ... Is the browser configured to use a proxy or not? ... If you can send a zipped print screen of the Destination Set definition it ...
    (microsoft.public.isa.configuration)
  • Re: Pure client-side javscript database?
    ... the individual asking the question in their single context. ... in the current browser instance and a respondent assumes the question ... >>> that the client may download an application from a server ... >>> server, but the APPLICATION may or may not be. ...
    (comp.lang.javascript)
  • Re: Still Need desperate help to start with ASP NET - simplified problems - HELP!!
    ... Now you can process the entered arguments at startup. ... browser and program so that you can leave all the client server ... back to IIS to send to the client you are going to have to find out ...
    (microsoft.public.dotnet.framework.aspnet)