Re: need a way to import 2000 gp into 2003 server

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 06/28/04 

Date: Mon, 28 Jun 2004 04:17:35 GMT

In a default installation the domain policy is linked only to the domain container
and the domain controller policy to only the domain controller. --- Steve

"ajay" <jgrace@digitelusa.net> wrote in message
news:uaSqa0KXEHA.644@tk2msftngp13.phx.gbl...
> ok thanks well tell me this..... im in AD and we have at the domain level
> ...default domain gp and default dc gp linked... Is this default DC gp
> supose to be linked there or only under the OU for DC's could this be my
> problem
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:xvHDc.126337$0y.46952@attbi_s03...
> > No. Never remove your default policies. The domain policy applies to the
> domain while
> > the domain controller policy applies only to the domain controller
> container where
> > all the domain controllers are by default. However any policy setting
> "defined" at
> > the domain level will also apply to the domain controller container if the
> same
> > setting is not defined in the domain controller policy. Note that mostly
> that will
> > only be computer configuration as users by default do not exists in the
> domain
> > controller container, nor should they be moved into it. --- Steve
> >
> >
> > "ajay" <jgrace@digitelusa.net> wrote in message
> > news:u9$yzGHXEHA.556@tk2msftngp13.phx.gbl...
> > > thank you so much for the reply
> > >
> > > i have the default dc policy and the default domain policy added to my
> AD
> > > should i delete or remove the default domain policy and just leave the
> one
> > > for DC
> > > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> > > news:%gjDc.97952$2i5.69247@attbi_s52...
> > > > By default there are no user configuration settings defined on Group
> > > Policy when you
> > > > set up a domain. Computer/security policy settings are defined mostly
> in
> > > Local
> > > > Security Policy and Domain Controller Security Policy [mainly user
> rights
> > > > assignments] for domain controllers , while domain policy defining
> > > account/password
> > > > policies. What you are talking about seems to be mostly an issue with
> user
> > > group
> > > > membership in that users need to be administrators on their local
> > > computers to do all
> > > > that you mention [in W2K]. If it suits your needs you can add the
> users
> > > domain
> > > > account to their local administrators or power users group on their
> > > computer. You can
> > > > use "restricted groups" in security policy at the OU level to modify
> the
> > > membership
> > > > of the local administrators/power users groups of computers in the OU.
> > > First I would
> > > > try adding users to the Network Configuration Operators group on their
> > > local
> > > > computers to allow them to manage networking properties and consider
> using
> > > Group
> > > > Policy to publish or assign .msi applications to them before letting
> them
> > > all be
> > > > local administrators. Users usually do cry when they can't clutter up
> > > their computers
> > > > with unathorized applications, file swapping programs, chat programs,
> > > spyware,
> > > > etc. --- Steve
> > > >
> > > >
> > > > "ajay" <jgrace@digitelusa.net> wrote in message
> > > > news:O1f%233O6WEHA.1888@TK2MSFTNGP11.phx.gbl...
> > > > > i want to know is there a way to import a default gp for 2000sever
> into
> > > my
> > > > > new 2003 domain ...reason is that with the default domain gp all my
> wks
> > > are
> > > > > lock down (limited access and right ) and i can not seem to raised
> the
> > > > > level example no permisson to manage netowrk settings, make vpn
> > > > > connections, install applications .......this is what i want in the
> > > future
> > > > > but for now im locking laptops down with the 2003 gp and all my
> users a
> > > > > crying .....please help
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: GPO - Access denied after changing a GP setting
    ... Domain controller: LDAP server signing requirements - None ... You are about to restore Default Domain policy and Default domain Controller po ... Unable to open the GPO due to access denied. ... You are about to restore Default Domain controller policy for the following domain ...
    (microsoft.public.windows.server.security)
  • Re: lost connections
    ... In Active Directory Users and Computers, rightclick om Domain Controllers, ... Edit the default domain controller policy. ... > We did have a problem with users losing all their printer definitions and ...
    (microsoft.public.windows.server.networking)
  • Re: Unable to login to DC
    ... Was this set in the "default domain controller policy" or in another policy? ... James Brandt ... "Chris" wrote in message ...
    (microsoft.public.win2000.active_directory)
  • Re: PLEASE HELP ME, THIS IS 3RD POST ALREADY
    ... do you have a default domain controller policy? ... Is it an enterprise admin? ... Below you said that your account is a domain admin- ...
    (microsoft.public.win2000.active_directory)
  • Re: need a way to import 2000 gp into 2003 server
    ... In a default installation the domain policy is linked only to the domain container ... and the domain controller policy to only the domain controller. ... However any policy setting ...
    (microsoft.public.windows.group_policy)