Re: GPO Update Problem (SYSVOL access via UNC)
- From: "Charles Jennings" <cejennings_cr@xxxxxxxxx>
- Date: Mon, 29 Aug 2005 09:52:49 -0600
Part 2
******************************
Server Security and Auditing Policy
Data collected on: 8/29/2005 6:40:23 AM
General
Details
Domain corp.mycompany.com
Owner CORP\Domain Admins
Created 8/18/2005 3:35:50 PM
Modified 8/18/2005 4:24:00 PM
User Revisions 0 (AD), 0 (sysvol)
Computer Revisions 26 (AD), 26 (sysvol)
Unique ID {AC8C0163-3893-4568-87C8-C38D7E5396AE}
GPO Status Enabled
Links
Location Enforced Link Status Path
Servers No Enabled corp.mycompany.com/Costa Rica/Servers
This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users,
and computers:
Name NT AUTHORITY\Authenticated Users
WMI Filtering
WMI Filter Name None
Description Not applicable
Delegation
These groups and users have the specified permission for this GPO
Name Allowed Permissions Inherited
CORP\Domain Admins Edit settings, delete, modify security No
CORP\Enterprise Admins Edit settings, delete, modify security No
NT AUTHORITY\Authenticated Users Read (from Security Filtering) No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Read No
NT AUTHORITY\SYSTEM Edit settings, delete, modify security No
Computer Configuration (Enabled)
Windows Settings
Security Settings
Local Policies/Audit Policy
Policy Setting
Audit account logon events Success, Failure
Audit account management Success, Failure
Audit directory service access Success, Failure
Audit logon events Success, Failure
Audit object access Success, Failure
Audit policy change Success, Failure
Audit privilege use Failure
Audit process tracking No auditing
Audit system events Success, Failure
Local Policies/Security Options
Interactive Logon
Policy Setting
Interactive logon: Message text for users attempting to log on This
computer is the property of My Company., Only authorized users may access
this system., Unauthorized access will be investigated and penalties will be
pursued in conformance with applicable laws and regulations.
Interactive logon: Message title for users attempting to log on
"NOTICE"
User Configuration (Enabled)
No settings defined.
******************************
Costa Rica Global Policy
Data collected on: 8/29/2005 6:40:46 AM
General
Details
Domain corp.mycompany.com
Owner CORP\Domain Admins
Created 8/9/2004 2:40:52 PM
Modified 5/6/2005 6:55:16 AM
User Revisions 4 (AD), 4 (sysvol)
Computer Revisions 46 (AD), 46 (sysvol)
Unique ID {67538E3E-149C-4C7D-8CD7-711268D2BCF5}
GPO Status Enabled
Links
Location Enforced Link Status Path
Costa Rica No Enabled corp.mycompany.com/Costa Rica
CSG No Enabled corp.mycompany.com/Costa Rica/CSG
IT No Enabled corp.mycompany.com/Costa Rica/IT
This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users,
and computers:
Name NT AUTHORITY\Authenticated Users
WMI Filtering
WMI Filter Name None
Description Not applicable
Delegation
These groups and users have the specified permission for this GPO
Name Allowed Permissions Inherited
CORP\Domain Admins Edit settings, delete, modify security No
CORP\Enterprise Admins Edit settings, delete, modify security No
NT AUTHORITY\Authenticated Users Read (from Security Filtering) No
NT AUTHORITY\SYSTEM Edit settings, delete, modify security No
Computer Configuration (Enabled)
Windows Settings
Scripts
Startup
Name Parameters
CR-Startup.cmd
Security Settings
Account Policies/Password Policy
Policy Setting
Enforce password history 1 passwords remembered
Maximum password age 42 days
Minimum password age 1 days
Minimum password length 0 characters
Account Policies/Account Lockout Policy
Policy Setting
Account lockout threshold 0 invalid logon attempts
Local Policies/Audit Policy
Policy Setting
Audit account logon events Failure
Audit account management Success, Failure
Audit directory service access Failure
Audit logon events Failure
Audit object access Failure
Audit policy change Success, Failure
Audit privilege use Failure
Audit process tracking Failure
Audit system events Failure
Local Policies/User Rights Assignment
Policy Setting
Add workstations to domain NT AUTHORITY\Authenticated Users
Change the system time Everyone
Local Policies/Security Options
Interactive Logon
Policy Setting
Interactive logon: Do not display last user name Enabled
Microsoft Network Server
Policy Setting
Microsoft network server: Disconnect clients when logon hours expire
Enabled
Network Security
Policy Setting
Network security: Force logoff when logon hours expire Enabled
Public Key Policies/Autoenrollment Settings
Policy Setting
Enroll certificates automatically Enabled
Renew expired certificates, update pending certificates, and remove
revoked certificates Disabled
Update certificates that use certificate templates Disabled
Public Key Policies/Encrypting File System
Properties
Policy Setting
Allow users to encrypt files using Encrypting File System (EFS)
Enabled
Public Key Policies/Trusted Root Certification Authorities
Properties
Policy Setting
Allow users to select new root certification authorities (CAs) to trust
Enabled
Client computers can trust the following certificate stores
Third-Party Root Certification Authorities and Enterprise Root Certification
Authorities
To perform certificate-based authentication of users and computers, CAs
must meet the following criteria Registered in Active Directory only
Administrative Templates
System/Group Policy
Policy Setting
Group Policy refresh interval for computers Enabled
This setting allows you to customize how often Group Policy is applied
to computers. The range is 0 to 64800 minutes (45 days).
Minutes: 90
This is a random time added to the refresh interval to prevent
all clients from requesting Group Policy at the same time.
The range is 0 to 1440 minutes (24 hours)
Minutes: 30
User Configuration (Enabled)
Windows Settings
Scripts
Logon
Name Parameters
crlogon.cmd
******************************
Windows XP SP2 Deploy
Data collected on: 8/29/2005 6:41:00 AM
General
Details
Domain corp.mycompany.com
Owner CORP\Domain Admins
Created 5/31/2005 12:45:16 PM
Modified 5/31/2005 12:46:56 PM
User Revisions 0 (AD), 0 (sysvol)
Computer Revisions 1 (AD), 1 (sysvol)
Unique ID {A4A65CCE-BAFF-494C-BACE-329B080FBB96}
GPO Status User settings disabled
Links
Location Enforced Link Status Path
Costa Rica No Enabled corp.mycompany.com/Costa Rica
IT No Enabled corp.mycompany.com/Costa Rica/IT
This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users,
and computers:
Name NT AUTHORITY\Authenticated Users
WMI Filtering
WMI Filter Name None
Description Not applicable
Delegation
These groups and users have the specified permission for this GPO
Name Allowed Permissions Inherited
CORP\Domain Admins Edit settings, delete, modify security No
CORP\Enterprise Admins Edit settings, delete, modify security No
NT AUTHORITY\Authenticated Users Read (from Security Filtering) No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Read No
NT AUTHORITY\SYSTEM Edit settings, delete, modify security No
Computer Configuration (Enabled)
Software Settings
Assigned Applications
Windows XP Service Pack 2 (1033)
Product Information
Name Windows XP Service Pack 2 (1033)
Version 5.1
Language
Platform Intel
Support URL
Deployment Information
General Setting
Deployment type Assigned
Deployment source
\\corp.mycompany.com\wxpsp2\i386\update\update.msi
Uninstall this application when it falls out of the scope of
management Disabled
Advanced Deployment Options Setting
Ignore language when deploying this package Disabled
Make this 32-bit X86 application available to Win64 machines
Enabled
Include OLE class and product information Enabled
Diagnostic Information Setting
Product code {5d0930a2-1033-433a-8bb9-603665550dd1}
Deployment Count 0
Security
Permissions
Type Name Permission Inherited
Allow CORP\Domain Admins Full control No
Allow NT AUTHORITY\SYSTEM Full control No
Allow NT AUTHORITY\Authenticated Users Read No
Allow CORP\Domain Admins Read, Write Yes
Allow CORP\Enterprise Admins Read, Write Yes
Allow CREATOR OWNER Read, Write Yes
Allow NT AUTHORITY\SYSTEM Read, Write Yes
Allow NT AUTHORITY\Authenticated Users Read Yes
Allow NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Read Yes
Allow inheritable permissions from the parent to propagate to this
object and all child objects Enabled
Advanced
Upgrades Setting
Required upgrade for existing packages Enabled
Packages that this package will upgrade GPO
None
Packages in the current GPO that will upgrade this package None
Categories
None
Transforms
None
User Configuration (Disabled)
No settings defined.
******************************
Windows XP SP2 Firewall Settings - Restricted
Data collected on: 8/29/2005 6:41:18 AM
General
Details
Domain corp.mycompany.com
Owner CORP\Domain Admins
Created 6/6/2005 8:33:52 AM
Modified 6/21/2005 2:17:14 PM
User Revisions 0 (AD), 0 (sysvol)
Computer Revisions 50 (AD), 50 (sysvol)
Unique ID {0BF734CA-1E8C-4351-A97E-2B2A76B8B1E8}
GPO Status User settings disabled
Links
Location Enforced Link Status Path
Costa Rica No Enabled corp.mycompany.com/Costa Rica
This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users,
and computers:
Name NT AUTHORITY\Authenticated Users
WMI Filtering
WMI Filter Name None
Description Not applicable
Delegation
These groups and users have the specified permission for this GPO
Name Allowed Permissions Inherited
CORP\Domain Admins Edit settings, delete, modify security No
CORP\Enterprise Admins Edit settings, delete, modify security No
NT AUTHORITY\Authenticated Users Read (from Security Filtering) No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Read No
NT AUTHORITY\SYSTEM Edit settings, delete, modify security No
Computer Configuration (Enabled)
Administrative Templates
Network/Network Connections/Windows Firewall/Domain Profile
Policy Setting
Windows Firewall: Allow file and printer sharing exception Enabled
Allow unsolicited incoming messages from: <SNIP>
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following:
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
Policy Setting
Windows Firewall: Allow ICMP exceptions Enabled
Allow outbound destination unreachable Disabled
Allow outbound source quench Disabled
Allow redirect Disabled
Allow inbound echo request Enabled
Allow inbound router request Disabled
Allow outbound time exceeded Disabled
Allow outbound parameter problem Disabled
Allow inbound timestamp request Disabled
Allow inbound mask request Disabled
Allow outbound packet too big Disabled
Policy Setting
Windows Firewall: Allow local port exceptions Disabled
Windows Firewall: Allow local program exceptions Disabled
Windows Firewall: Allow logging Enabled
Log dropped packets Enabled
Log successful connections Enabled
Log file path and name: %systemroot%\system32\logfiles\pfirewall.log
Size limit (KB): 4096
Policy Setting
Windows Firewall: Allow remote administration exception Enabled
Allow unsolicited incoming messages from: <SNIP>
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following:
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
Policy Setting
Windows Firewall: Allow Remote Desktop exception Enabled
Allow unsolicited incoming messages from: <SNIP>
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following:
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
Policy Setting
Windows Firewall: Allow UPnP framework exception Disabled
Windows Firewall: Do not allow exceptions Disabled
Windows Firewall: Prohibit notifications Enabled
Windows Firewall: Prohibit unicast response to multicast or broadcast
requests Disabled
Windows Firewall: Protect all network connections Enabled
Network/Network Connections/Windows Firewall/Standard Profile
Policy Setting
Windows Firewall: Allow file and printer sharing exception Enabled
Allow unsolicited incoming messages from: <SNIP>
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following:
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
Policy Setting
Windows Firewall: Allow ICMP exceptions Enabled
Allow outbound destination unreachable Disabled
Allow outbound source quench Disabled
Allow redirect Disabled
Allow inbound echo request Enabled
Allow inbound router request Disabled
Allow outbound time exceeded Disabled
Allow outbound parameter problem Disabled
Allow inbound timestamp request Disabled
Allow inbound mask request Disabled
Allow outbound packet too big Disabled
Policy Setting
Windows Firewall: Allow local port exceptions Disabled
Windows Firewall: Allow local program exceptions Disabled
Windows Firewall: Allow logging Enabled
Log dropped packets Enabled
Log successful connections Enabled
Log file path and name: %systemroot%\system32\logfiles\pfirewall.log
Size limit (KB): 4096
Policy Setting
Windows Firewall: Allow remote administration exception Enabled
Allow unsolicited incoming messages from: <SNIP>
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following:
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
Policy Setting
Windows Firewall: Allow Remote Desktop exception Enabled
Allow unsolicited incoming messages from: <SNIP>
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following:
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
Policy Setting
Windows Firewall: Do not allow exceptions Disabled
Windows Firewall: Prohibit unicast response to multicast or broadcast
requests Disabled
Windows Firewall: Protect all network connections Enabled
Extra Registry Settings
Display names for some settings cannot be found. You might be able to
resolve this issue by updating the .ADM files used by Group Policy
Management.
Setting State
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\Enabled
1
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\<SNIP>
<SNIP>
...
...
...
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\Enabled
1
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\<SNIP>
<SNIP>
...
...
...
User Configuration (Disabled)
No settings defined.
.
- Prev by Date: Cannot browse via UNC path
- Next by Date: Office XP Sp3
- Previous by thread: Re: GPO Update Problem (SYSVOL access via UNC)
- Next by thread: Re: GPO Update Problem (SYSVOL access via UNC)
- Index(es):
Relevant Pages
|
|
