Re: Trouble with GPO security filtering
From: Drazen (drazen_petrek_at_yahoo.com)
Date: 07/27/04
- Next message: Steve Bray: "Re: GPO and Remote Users"
- Previous message: Mark Renoden [MSFT]: "Re: GPO Design not working"
- In reply to: Steven L Umbach: "Re: Trouble with GPO security filtering"
- Messages sorted by: [ date ] [ thread ]
Date: 26 Jul 2004 23:43:16 -0700
Thank you for your answer Steven.
I have already tried with global security group, but
the result was same :-( Also I tried to put the security group
in container "Computers" hoping that it would help, but
nothing...
Actually, I tried all combinations: domain local security
group on level of domain itself, global security group on
leve od domain, domain local security group in container "Computers"
and global security group in container "Computers"...No go...
Any more tips?
Drazen
"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message news:<uleNc.192272$Oq2.149337@attbi_s52>...
> I have noticed this in the past. Use a global group and not a domain local group to
> add the computer to and see if that makes a difference. MS recommends not to use
> domain local groups for GP filtering, but usually because it is an issue for a user
> logging on from a trusted domain. --- Steve
>
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;309172
>
> "Drazen" <drazen_petrek@yahoo.com> wrote in message
> news:5105d29b.0407261158.53f15d38@posting.google.com...
> > This is our configuration:
> > - w2k DC having simple domain with default containers intact (Users, Computers...)
> > - one global security group (group "A") dwfined on level of domain
> > itself (same level where containers Users and Computers are)
> > whose members are two domain computers (listed in Computers container).
> > - group policy "B" defined on whole domain (under Default domain policy)
> > - for group policy B, Authenticated users were removed under
> > "Security" settings and our group "A" was added with "Read" and
> > "Apply group policy".
> >
> > THe problem is that policy "B" is not applied to security group "A".
> > Actually the policy is not applied to *ANY* computers.
> > When GPREsULT is run on machines in security group "A" there is
> > "Filtering: Denied (Security)". GPRESULT shows NO sign of those two
> > computers being in security group "A" (and I suppose thats why policy
> > is not applied to them).
> >
> > What have I done wrong?
> > If I remove group "A" from policies "Security" and add those
> > two computers manually (and set Read, and Apply policy to each of them),
> > the policy is applied successfully but I'm not satisfied with this
> > solution. Who can explain this? I hope that everything is explained well...
> >
> > Thank you,
> > Drazen
- Next message: Steve Bray: "Re: GPO and Remote Users"
- Previous message: Mark Renoden [MSFT]: "Re: GPO Design not working"
- In reply to: Steven L Umbach: "Re: Trouble with GPO security filtering"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
