Re: GPResult lists machine policy as "Denied (Security)." Don't kn
- From: "JM" <jmegna@xxxxxxxxxxxxxxxx>
- Date: Wed, 6 Apr 2005 14:03:02 -0700
Okay well it must have been a permission somewhere in there - I went through
and deleted and reinstated the permissions as they were set previously and it
just started working.
I should have known! Thank you for the nudge, Roger.
"JM" wrote:
> Authenticated Users are set to Read and Apply.
>
> "Roger Abell" wrote:
>
> > Check that the security of the Default Domain GPO is still
> > at its default settings of read/apply for Authenticated Users
> >
> > --
> > Roger Abell
> > Microsoft MVP (Windows Security)
> > MCSE (W2k3,W2k,Nt4) MCDBA
> > "JM" <jmegna@xxxxxxxxxxxxxxxx> wrote in message
> > news:D51149C7-27FE-454F-8A4B-2849E4BAD819@xxxxxxxxxxxxxxxx
> > > Okay this should be an easy one, I think.
> > >
> > > Executive summary: Windows XP machines in my domain show the following
> > > machine policy status when I run gpresult:
> > >
> > > The following GPOs were not applied because they were filtered out
> > > -------------------------------------------------------------------
> > > Default Domain Policy
> > > Filtering: Denied (Security)
> > >
> > >
> > > The long version:
> > >
> > > I have a W2K native-mode domain with two domain controllers, about six or
> > > seven member servers, and about fifty workstations.
> > >
> > > I have one domain policy called "Default Domain Policy" sitting at the top
> > > level in AD Users and Computers. It only has a few things set -
> > > specifically, I'm trying to get my XP SP2 machines to allow a couple of
> > > firewall exceptions. I don't want to use a login script to implement
> > these
> > > exceptions. That just feels so ghetto when you have these cool policies
> > to
> > > use.
> > >
> > > Anyway the XP SP2 firewall settings are a part of the machine policy as
> > I've
> > > noticed, and I've set them up the way I want them. When I log in to any
> > > given machine as a user, however, this is part of what I see in gpresult
> > on
> > > XP machines:
> > >
> > > COMPUTER SETTINGS
> > > ------------------
> > > CN=<COMPUTER NAME>,CN=Computers,DC=<MY DOMAIN>,DC=com
> > > Last time Group Policy was applied: 4/1/2005 at 3:21:24 PM
> > > Group Policy was applied from: <SERVERNAME>
> > > Group Policy slow link threshold: 500 kbps
> > >
> > > Applied Group Policy Objects
> > > -----------------------------
> > > N/A
> > >
> > > The following GPOs were not applied because they were filtered out
> > > -------------------------------------------------------------------
> > > Default Domain Policy
> > > Filtering: Denied (Security)
> > >
> > > Local Group Policy
> > > Filtering: Not Applied (Empty)
> > >
> > > The computer is a part of the following security groups:
> > > --------------------------------------------------------
> > > BUILTIN\Administrators
> > > Everyone
> > > BUILTIN\Users
> > > NT AUTHORITY\NETWORK
> > > NT AUTHORITY\Authenticated Users
> > > <COMPUTERNAME>$
> > > Domain Computers
> > >
> > > Note that stuff like <COMPUTERNAME> is my replacement text. GPResult
> > > returns valid results - I'm just censoring them because I'm paranoid.
> > >
> > > So as you can imagine, I'm trying to figure out why the machine GPO
> > doesn't
> > > apply. I figure it's something very simple, but quite honestly I'm not
> > sure
> > > where to start. Any thoughts?
> > >
> > > Thanks for your help.
> >
> >
> >
.
- Follow-Ups:
- Re: GPResult lists machine policy as "Denied (Security)." Don't kn
- From: Roger Abell
- Re: GPResult lists machine policy as "Denied (Security)." Don't kn
- References:
- Prev by Date: Daylight Savings
- Next by Date: Group Policy, Manditory Profiles & Registry Permissions issues
- Previous by thread: Re: GPResult lists machine policy as "Denied (Security)." Don't kn
- Next by thread: Re: GPResult lists machine policy as "Denied (Security)." Don't kn
- Index(es):
Relevant Pages
|
