Win2003 mix domain and dos boot disk
From: John M (sdkfj_at_microsoft.com)
Date: 02/25/05
- Next message: Joe Richards [MVP]: "Re: Unlock acct permissions"
- Previous message: John M: "give security group right to update phone numbers in AD"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 25 Feb 2005 15:29:25 -0600
I just added a win2003 dc and now my dos boot disks ( Bart's network boot
disk) doesn't login with the 2003 DC on line, if I turn it off I can login
fine..
I've disabled the SMB stuff on the dc gpo and it's still now working..
Here is my DC GPO
Policy Policy Setting
Accounts: Administrator account status Not Defined
Accounts: Guest account status Not Defined
Accounts: Limit local account use of blank passwords to console logon only
Not Defined
Accounts: Rename administrator account Not Defined
Accounts: Rename guest account Not Defined
Audit: Audit the access of global system objects Not Defined
Audit: Audit the use of Backup and Restore privilege Not Defined
Audit: Shut down system immediately if unable to log security audits Not
Defined
Devices: Allow undock without having to log on Not Defined
Devices: Allowed to format and eject removable media Not Defined
Devices: Prevent users from installing printer drivers Not Defined
Devices: Restrict CD-ROM access to locally logged-on user only Not Defined
Devices: Restrict floppy access to locally logged-on user only Not Defined
Devices: Unsigned driver installation behavior Not Defined
Domain controller: Allow server operators to schedule tasks Not Defined
Domain controller: LDAP server signing requirements Not Defined
Domain controller: Refuse machine account password changes Not Defined
Domain member: Digitally encrypt or sign secure channel data (always)
Disabled
Domain member: Digitally encrypt secure channel data (when possible)
Disabled
Domain member: Digitally sign secure channel data (when possible) Disabled
Domain member: Disable machine account password changes Not Defined
Domain member: Maximum machine account password age Not Defined
Domain member: Require strong (Windows 2000 or later) session key Not
Defined
Interactive logon: Do not display last user name Not Defined
Interactive logon: Do not require CTRL+ALT+DEL Not Defined
Interactive logon: Message text for users attempting to log on Not Defined
Interactive logon: Message title for users attempting to log on Not Defined
Interactive logon: Number of previous logons to cache (in case domain
controller is not available) Not Defined
Interactive logon: Prompt user to change password before expiration Not
Defined
Interactive logon: Require Domain Controller authentication to unlock
workstation Not Defined
Interactive logon: Require smart card Not Defined
Interactive logon: Smart card removal behavior Not Defined
Microsoft network client: Digitally sign communications (always) Disabled
Microsoft network client: Digitally sign communications (if server agrees)
Disabled
Microsoft network client: Send unencrypted password to third-party SMB
servers Not Defined
Microsoft network server: Amount of idle time required before suspending
session Not Defined
Microsoft network server: Digitally sign communications (always) Disabled
Microsoft network server: Digitally sign communications (if client agrees)
Disabled
Microsoft network server: Disconnect clients when logon hours expire Not
Defined
Network access: Allow anonymous SID/Name translation Not Defined
Network access: Do not allow anonymous enumeration of SAM accounts Not
Defined
Network access: Do not allow anonymous enumeration of SAM accounts and
shares Not Defined
Network access: Do not allow storage of credentials or .NET Passports for
network authentication Not Defined
Network access: Let Everyone permissions apply to anonymous users Not
Defined
Network access: Named Pipes that can be accessed anonymously Not Defined
Network access: Remotely accessible registry paths Not Defined
Network access: Remotely accessible registry paths and sub-paths Not Defined
Network access: Restrict anonymous access to Named Pipes and Shares Not
Defined
Network access: Shares that can be accessed anonymously Not Defined
Network access: Sharing and security model for local accounts Not Defined
Network security: Do not store LAN Manager hash value on next password
change Not Defined
Network security: Force logoff when logon hours expire Not Defined
Network security: LAN Manager authentication level Not Defined
Network security: LDAP client signing requirements Not Defined
Network security: Minimum session security for NTLM SSP based (including
secure RPC) clients Not Defined
Network security: Minimum session security for NTLM SSP based (including
secure RPC) servers Not Defined
Recovery console: Allow automatic administrative logon Not Defined
Recovery console: Allow floppy copy and access to all drives and all folders
Not Defined
Shutdown: Allow system to be shut down without having to log on Not Defined
Shutdown: Clear virtual memory pagefile Not Defined
System cryptography: Force strong key protection for user keys stored on the
computer Not Defined
System cryptography: Use FIPS compliant algorithms for encryption, hashing,
and signing Not Defined
System objects: Default owner for objects created by members of the
Administrators group Not Defined
System objects: Require case insensitivity for non-Windows subsystems Not
Defined
System objects: Strengthen default permissions of internal system objects
(e.g. Symbolic Links) Not Defined
System settings: Optional subsystems Not Defined
System settings: Use Certificate Rules on Windows Executables for Software
Restriction Policies Not Defined
- Next message: Joe Richards [MVP]: "Re: Unlock acct permissions"
- Previous message: John M: "give security group right to update phone numbers in AD"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
