Re: GPResult lists machine policy as "Denied (Security)." Don't kn

Authenticated Users are set to Read and Apply.

"Roger Abell" wrote:

> Check that the security of the Default Domain GPO is still
> at its default settings of read/apply for Authenticated Users
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "JM" <jmegna@xxxxxxxxxxxxxxxx> wrote in message
> news:D51149C7-27FE-454F-8A4B-2849E4BAD819@xxxxxxxxxxxxxxxx
> > Okay this should be an easy one, I think.
> >
> > Executive summary: Windows XP machines in my domain show the following
> > machine policy status when I run gpresult:
> >
> > The following GPOs were not applied because they were filtered out
> > -------------------------------------------------------------------
> > Default Domain Policy
> > Filtering: Denied (Security)
> >
> >
> > The long version:
> >
> > I have a W2K native-mode domain with two domain controllers, about six or
> > seven member servers, and about fifty workstations.
> >
> > I have one domain policy called "Default Domain Policy" sitting at the top
> > level in AD Users and Computers. It only has a few things set -
> > specifically, I'm trying to get my XP SP2 machines to allow a couple of
> > firewall exceptions. I don't want to use a login script to implement
> these
> > exceptions. That just feels so ghetto when you have these cool policies
> to
> > use.
> >
> > Anyway the XP SP2 firewall settings are a part of the machine policy as
> I've
> > noticed, and I've set them up the way I want them. When I log in to any
> > given machine as a user, however, this is part of what I see in gpresult
> on
> > XP machines:
> >
> > COMPUTER SETTINGS
> > ------------------
> > CN=<COMPUTER NAME>,CN=Computers,DC=<MY DOMAIN>,DC=com
> > Last time Group Policy was applied: 4/1/2005 at 3:21:24 PM
> > Group Policy was applied from: <SERVERNAME>
> > Group Policy slow link threshold: 500 kbps
> >
> > Applied Group Policy Objects
> > -----------------------------
> > N/A
> >
> > The following GPOs were not applied because they were filtered out
> > -------------------------------------------------------------------
> > Default Domain Policy
> > Filtering: Denied (Security)
> >
> > Local Group Policy
> > Filtering: Not Applied (Empty)
> >
> > The computer is a part of the following security groups:
> > --------------------------------------------------------
> > BUILTIN\Administrators
> > Everyone
> > BUILTIN\Users
> > NT AUTHORITY\NETWORK
> > NT AUTHORITY\Authenticated Users
> > <COMPUTERNAME>$
> > Domain Computers
> >
> > Note that stuff like <COMPUTERNAME> is my replacement text. GPResult
> > returns valid results - I'm just censoring them because I'm paranoid.
> >
> > So as you can imagine, I'm trying to figure out why the machine GPO
> doesn't
> > apply. I figure it's something very simple, but quite honestly I'm not
> sure
> > where to start. Any thoughts?
> >
> > Thanks for your help.
>
>
>
.

Relevant Pages

  • security filtering question
    ... i want to apply a GPO to only a few users... ... on the Scope tab of the GPO i created, i see an option to set security ... It is set for all authenticated users.. ... filtering, it also removes it from delegation. ...
    (microsoft.public.windows.server.sbs)
  • Outsourced passports netting govt. profits, risking national security Part 1 of 3
    ... By Bill Gertz - This is the first in a three-part series on the outsourcing of passports. ... The United States has outsourced the manufacturing of its electronic passports to overseas companies — including one in Thailand that was victimized by Chinese espionage — raising concerns that cost savings are being put ahead of national security, an investigation by The Washington Times has found. ... The Government Printing Office's decision to export the work has proved lucrative, allowing the agency to book more than $100 million in recent profits by charging the State Department more money for blank passports than it actually costs to make them, according to interviews with federal officials and documents obtained by The Times. ... The profits have raised questions both inside the agency and in Congress because the law that created GPO as the federal government's official printer explicitly requires the agency to break even by charging only enough to recover its costs. ...
    (soc.retirement)
  • Outsourced passports netting govt. profits, risking national security Part 1 of 3
    ... By Bill Gertz - This is the first in a three-part series on the outsourcing of passports. ... The United States has outsourced the manufacturing of its electronic passports to overseas companies — including one in Thailand that was victimized by Chinese espionage — raising concerns that cost savings are being put ahead of national security, an investigation by The Washington Times has found. ... The Government Printing Office's decision to export the work has proved lucrative, allowing the agency to book more than $100 million in recent profits by charging the State Department more money for blank passports than it actually costs to make them, according to interviews with federal officials and documents obtained by The Times. ... The profits have raised questions both inside the agency and in Congress because the law that created GPO as the federal government's official printer explicitly requires the agency to break even by charging only enough to recover its costs. ...
    (soc.senior.issues)
  • RE: IE Security Group Policy
    ... username and password to access the Companyweb and the GPO did not apply on ... In the Security filtering of the GPO, please select the user account or ... Step 2: Check the IIS settings on the SBS Server: ...
    (microsoft.public.windows.server.sbs)
  • Re: Problem with NT4 domain trusting W2003 domain
    ... | implemented the settings you suggested in the "default domain controller ... | GPO" and not in the local GPO, and verified with GPMC that they are ... |> suspect there are some settings in security options caused this problem, ...
    (microsoft.public.windows.server.migration)