Re: GPResult lists machine policy as "Denied (Security)." Don't know w
- From: "Roger Abell" <mvpNOSpam@xxxxxxx>
- Date: Tue, 5 Apr 2005 08:03:25 -0700
Check that the security of the Default Domain GPO is still
at its default settings of read/apply for Authenticated Users
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"JM" <jmegna@xxxxxxxxxxxxxxxx> wrote in message
news:D51149C7-27FE-454F-8A4B-2849E4BAD819@xxxxxxxxxxxxxxxx
> Okay this should be an easy one, I think.
>
> Executive summary: Windows XP machines in my domain show the following
> machine policy status when I run gpresult:
>
> The following GPOs were not applied because they were filtered out
> -------------------------------------------------------------------
> Default Domain Policy
> Filtering: Denied (Security)
>
>
> The long version:
>
> I have a W2K native-mode domain with two domain controllers, about six or
> seven member servers, and about fifty workstations.
>
> I have one domain policy called "Default Domain Policy" sitting at the top
> level in AD Users and Computers. It only has a few things set -
> specifically, I'm trying to get my XP SP2 machines to allow a couple of
> firewall exceptions. I don't want to use a login script to implement
these
> exceptions. That just feels so ghetto when you have these cool policies
to
> use.
>
> Anyway the XP SP2 firewall settings are a part of the machine policy as
I've
> noticed, and I've set them up the way I want them. When I log in to any
> given machine as a user, however, this is part of what I see in gpresult
on
> XP machines:
>
> COMPUTER SETTINGS
> ------------------
> CN=<COMPUTER NAME>,CN=Computers,DC=<MY DOMAIN>,DC=com
> Last time Group Policy was applied: 4/1/2005 at 3:21:24 PM
> Group Policy was applied from: <SERVERNAME>
> Group Policy slow link threshold: 500 kbps
>
> Applied Group Policy Objects
> -----------------------------
> N/A
>
> The following GPOs were not applied because they were filtered out
> -------------------------------------------------------------------
> Default Domain Policy
> Filtering: Denied (Security)
>
> Local Group Policy
> Filtering: Not Applied (Empty)
>
> The computer is a part of the following security groups:
> --------------------------------------------------------
> BUILTIN\Administrators
> Everyone
> BUILTIN\Users
> NT AUTHORITY\NETWORK
> NT AUTHORITY\Authenticated Users
> <COMPUTERNAME>$
> Domain Computers
>
> Note that stuff like <COMPUTERNAME> is my replacement text. GPResult
> returns valid results - I'm just censoring them because I'm paranoid.
>
> So as you can imagine, I'm trying to figure out why the machine GPO
doesn't
> apply. I figure it's something very simple, but quite honestly I'm not
sure
> where to start. Any thoughts?
>
> Thanks for your help.
.
- Follow-Ups:
- References:
- Prev by Date: Re: Restricted Groups Problem
- Next by Date: Re: Account Lockout does not work on workstations.
- Previous by thread: GPResult lists machine policy as "Denied (Security)." Don't know w
- Next by thread: Re: GPResult lists machine policy as "Denied (Security)." Don't kn
- Index(es):
Relevant Pages
|
Loading
