Re: GPO Update Problem (SYSVOL access via UNC)
- From: "Charles Jennings" <cejennings_cr@xxxxxxxxx>
- Date: Tue, 6 Sep 2005 10:19:34 -0600
Repost
"Charles Jennings" <cejennings_cr@xxxxxxxxx> wrote in message news:...
> Part 2
> ******************************
> Server Security and Auditing Policy
> Data collected on: 8/29/2005 6:40:23 AM
>
> General
> Details
> Domain corp.mycompany.com
> Owner CORP\Domain Admins
> Created 8/18/2005 3:35:50 PM
> Modified 8/18/2005 4:24:00 PM
> User Revisions 0 (AD), 0 (sysvol)
> Computer Revisions 26 (AD), 26 (sysvol)
> Unique ID {AC8C0163-3893-4568-87C8-C38D7E5396AE}
> GPO Status Enabled
>
> Links
> Location Enforced Link Status Path
> Servers No Enabled corp.mycompany.com/Costa Rica/Servers
> This list only includes links in the domain of the GPO.
>
> Security Filtering
> The settings in this GPO can only apply to the following groups, users,
> and computers:
> Name NT AUTHORITY\Authenticated Users
>
> WMI Filtering
> WMI Filter Name None
> Description Not applicable
>
> Delegation
> These groups and users have the specified permission for this GPO
> Name Allowed Permissions Inherited
> CORP\Domain Admins Edit settings, delete, modify security No
> CORP\Enterprise Admins Edit settings, delete, modify security No
> NT AUTHORITY\Authenticated Users Read (from Security Filtering)
> No
> NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Read No
> NT AUTHORITY\SYSTEM Edit settings, delete, modify security No
>
> Computer Configuration (Enabled)
> Windows Settings
> Security Settings
> Local Policies/Audit Policy
> Policy Setting
> Audit account logon events Success, Failure
> Audit account management Success, Failure
> Audit directory service access Success, Failure
> Audit logon events Success, Failure
> Audit object access Success, Failure
> Audit policy change Success, Failure
> Audit privilege use Failure
> Audit process tracking No auditing
> Audit system events Success, Failure
>
> Local Policies/Security Options
> Interactive Logon
> Policy Setting
> Interactive logon: Message text for users attempting to log on
> This
> computer is the property of My Company., Only authorized users may access
> this system., Unauthorized access will be investigated and penalties will
> be
> pursued in conformance with applicable laws and regulations.
> Interactive logon: Message title for users attempting to log on
> "NOTICE"
>
> User Configuration (Enabled)
> No settings defined.
> ******************************
> Costa Rica Global Policy
> Data collected on: 8/29/2005 6:40:46 AM
>
> General
> Details
> Domain corp.mycompany.com
> Owner CORP\Domain Admins
> Created 8/9/2004 2:40:52 PM
> Modified 5/6/2005 6:55:16 AM
> User Revisions 4 (AD), 4 (sysvol)
> Computer Revisions 46 (AD), 46 (sysvol)
> Unique ID {67538E3E-149C-4C7D-8CD7-711268D2BCF5}
> GPO Status Enabled
>
> Links
> Location Enforced Link Status Path
> Costa Rica No Enabled corp.mycompany.com/Costa Rica
> CSG No Enabled corp.mycompany.com/Costa Rica/CSG
> IT No Enabled corp.mycompany.com/Costa Rica/IT
> This list only includes links in the domain of the GPO.
>
> Security Filtering
> The settings in this GPO can only apply to the following groups, users,
> and computers:
> Name NT AUTHORITY\Authenticated Users
>
> WMI Filtering
> WMI Filter Name None
> Description Not applicable
>
> Delegation
> These groups and users have the specified permission for this GPO
> Name Allowed Permissions Inherited
> CORP\Domain Admins Edit settings, delete, modify security No
> CORP\Enterprise Admins Edit settings, delete, modify security No
> NT AUTHORITY\Authenticated Users Read (from Security Filtering)
> No
> NT AUTHORITY\SYSTEM Edit settings, delete, modify security No
>
> Computer Configuration (Enabled)
> Windows Settings
> Scripts
> Startup
> Name Parameters
> CR-Startup.cmd
>
> Security Settings
> Account Policies/Password Policy
> Policy Setting
> Enforce password history 1 passwords remembered
> Maximum password age 42 days
> Minimum password age 1 days
> Minimum password length 0 characters
>
> Account Policies/Account Lockout Policy
> Policy Setting
> Account lockout threshold 0 invalid logon attempts
>
> Local Policies/Audit Policy
> Policy Setting
> Audit account logon events Failure
> Audit account management Success, Failure
> Audit directory service access Failure
> Audit logon events Failure
> Audit object access Failure
> Audit policy change Success, Failure
> Audit privilege use Failure
> Audit process tracking Failure
> Audit system events Failure
>
> Local Policies/User Rights Assignment
> Policy Setting
> Add workstations to domain NT AUTHORITY\Authenticated Users
> Change the system time Everyone
>
> Local Policies/Security Options
> Interactive Logon
> Policy Setting
> Interactive logon: Do not display last user name Enabled
>
> Microsoft Network Server
> Policy Setting
> Microsoft network server: Disconnect clients when logon hours expire
> Enabled
>
> Network Security
> Policy Setting
> Network security: Force logoff when logon hours expire Enabled
>
> Public Key Policies/Autoenrollment Settings
> Policy Setting
> Enroll certificates automatically Enabled
> Renew expired certificates, update pending certificates, and remove
> revoked certificates Disabled
> Update certificates that use certificate templates Disabled
>
> Public Key Policies/Encrypting File System
> Properties
> Policy Setting
> Allow users to encrypt files using Encrypting File System (EFS)
> Enabled
>
> Public Key Policies/Trusted Root Certification Authorities
> Properties
> Policy Setting
> Allow users to select new root certification authorities (CAs) to
> trust
> Enabled
> Client computers can trust the following certificate stores
> Third-Party Root Certification Authorities and Enterprise Root
> Certification
> Authorities
> To perform certificate-based authentication of users and computers,
> CAs
> must meet the following criteria Registered in Active Directory only
>
> Administrative Templates
> System/Group Policy
> Policy Setting
> Group Policy refresh interval for computers Enabled
> This setting allows you to customize how often Group Policy is applied
> to computers. The range is 0 to 64800 minutes (45 days).
> Minutes: 90
>
> This is a random time added to the refresh interval to prevent
> all clients from requesting Group Policy at the same time.
> The range is 0 to 1440 minutes (24 hours)
> Minutes: 30
>
>
> User Configuration (Enabled)
> Windows Settings
> Scripts
> Logon
> Name Parameters
> crlogon.cmd
>
> ******************************
> Windows XP SP2 Deploy
> Data collected on: 8/29/2005 6:41:00 AM
>
> General
> Details
> Domain corp.mycompany.com
> Owner CORP\Domain Admins
> Created 5/31/2005 12:45:16 PM
> Modified 5/31/2005 12:46:56 PM
> User Revisions 0 (AD), 0 (sysvol)
> Computer Revisions 1 (AD), 1 (sysvol)
> Unique ID {A4A65CCE-BAFF-494C-BACE-329B080FBB96}
> GPO Status User settings disabled
>
> Links
> Location Enforced Link Status Path
> Costa Rica No Enabled corp.mycompany.com/Costa Rica
> IT No Enabled corp.mycompany.com/Costa Rica/IT
> This list only includes links in the domain of the GPO.
>
> Security Filtering
> The settings in this GPO can only apply to the following groups, users,
> and computers:
> Name NT AUTHORITY\Authenticated Users
>
> WMI Filtering
> WMI Filter Name None
> Description Not applicable
>
> Delegation
> These groups and users have the specified permission for this GPO
> Name Allowed Permissions Inherited
> CORP\Domain Admins Edit settings, delete, modify security No
> CORP\Enterprise Admins Edit settings, delete, modify security No
> NT AUTHORITY\Authenticated Users Read (from Security Filtering)
> No
> NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Read No
> NT AUTHORITY\SYSTEM Edit settings, delete, modify security No
>
> Computer Configuration (Enabled)
> Software Settings
> Assigned Applications
> Windows XP Service Pack 2 (1033)
> Product Information
> Name Windows XP Service Pack 2 (1033)
> Version 5.1
> Language
> Platform Intel
> Support URL
>
> Deployment Information
> General Setting
> Deployment type Assigned
> Deployment source
> \\corp.mycompany.com\wxpsp2\i386\update\update.msi
> Uninstall this application when it falls out of the scope of
> management Disabled
>
> Advanced Deployment Options Setting
> Ignore language when deploying this package Disabled
> Make this 32-bit X86 application available to Win64 machines
> Enabled
> Include OLE class and product information Enabled
>
> Diagnostic Information Setting
> Product code {5d0930a2-1033-433a-8bb9-603665550dd1}
> Deployment Count 0
>
> Security
> Permissions
> Type Name Permission Inherited
> Allow CORP\Domain Admins Full control No
> Allow NT AUTHORITY\SYSTEM Full control No
> Allow NT AUTHORITY\Authenticated Users Read No
> Allow CORP\Domain Admins Read, Write Yes
> Allow CORP\Enterprise Admins Read, Write Yes
> Allow CREATOR OWNER Read, Write Yes
> Allow NT AUTHORITY\SYSTEM Read, Write Yes
> Allow NT AUTHORITY\Authenticated Users Read Yes
> Allow NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Read Yes
> Allow inheritable permissions from the parent to propagate to this
> object and all child objects Enabled
>
> Advanced
> Upgrades Setting
> Required upgrade for existing packages Enabled
> Packages that this package will upgrade GPO
> None
>
> Packages in the current GPO that will upgrade this package None
>
> Categories
> None
>
> Transforms
> None
>
> User Configuration (Disabled)
> No settings defined.
> ******************************
> Windows XP SP2 Firewall Settings - Restricted
> Data collected on: 8/29/2005 6:41:18 AM
>
> General
> Details
> Domain corp.mycompany.com
> Owner CORP\Domain Admins
> Created 6/6/2005 8:33:52 AM
> Modified 6/21/2005 2:17:14 PM
> User Revisions 0 (AD), 0 (sysvol)
> Computer Revisions 50 (AD), 50 (sysvol)
> Unique ID {0BF734CA-1E8C-4351-A97E-2B2A76B8B1E8}
> GPO Status User settings disabled
>
> Links
> Location Enforced Link Status Path
> Costa Rica No Enabled corp.mycompany.com/Costa Rica
> This list only includes links in the domain of the GPO.
>
> Security Filtering
> The settings in this GPO can only apply to the following groups, users,
> and computers:
> Name NT AUTHORITY\Authenticated Users
>
> WMI Filtering
> WMI Filter Name None
> Description Not applicable
>
> Delegation
> These groups and users have the specified permission for this GPO
> Name Allowed Permissions Inherited
> CORP\Domain Admins Edit settings, delete, modify security No
> CORP\Enterprise Admins Edit settings, delete, modify security No
> NT AUTHORITY\Authenticated Users Read (from Security Filtering)
> No
> NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Read No
> NT AUTHORITY\SYSTEM Edit settings, delete, modify security No
>
> Computer Configuration (Enabled)
> Administrative Templates
> Network/Network Connections/Windows Firewall/Domain Profile
> Policy Setting
> Windows Firewall: Allow file and printer sharing exception Enabled
> Allow unsolicited incoming messages from: <SNIP>
> Syntax:
> Type "*" to allow messages from any network, or
> else type a comma-separated list that contains
> any number or combination of these:
> IP addresses, such as 10.0.0.1
> Subnet descriptions, such as 10.2.3.0/24
> The string "localsubnet"
> Example: to allow messages from 10.0.0.1,
> 10.0.0.2, and from any system on the
> local subnet or on the 10.3.4.x subnet,
> type the following:
> 10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
>
> Policy Setting
> Windows Firewall: Allow ICMP exceptions Enabled
> Allow outbound destination unreachable Disabled
> Allow outbound source quench Disabled
> Allow redirect Disabled
> Allow inbound echo request Enabled
> Allow inbound router request Disabled
> Allow outbound time exceeded Disabled
> Allow outbound parameter problem Disabled
> Allow inbound timestamp request Disabled
> Allow inbound mask request Disabled
> Allow outbound packet too big Disabled
>
> Policy Setting
> Windows Firewall: Allow local port exceptions Disabled
> Windows Firewall: Allow local program exceptions Disabled
> Windows Firewall: Allow logging Enabled
> Log dropped packets Enabled
> Log successful connections Enabled
> Log file path and name: %systemroot%\system32\logfiles\pfirewall.log
> Size limit (KB): 4096
>
> Policy Setting
> Windows Firewall: Allow remote administration exception Enabled
> Allow unsolicited incoming messages from: <SNIP>
> Syntax:
> Type "*" to allow messages from any network, or
> else type a comma-separated list that contains
> any number or combination of these:
> IP addresses, such as 10.0.0.1
> Subnet descriptions, such as 10.2.3.0/24
> The string "localsubnet"
> Example: to allow messages from 10.0.0.1,
> 10.0.0.2, and from any system on the
> local subnet or on the 10.3.4.x subnet,
> type the following:
> 10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
>
> Policy Setting
> Windows Firewall: Allow Remote Desktop exception Enabled
> Allow unsolicited incoming messages from: <SNIP>
> Syntax:
> Type "*" to allow messages from any network, or
> else type a comma-separated list that contains
> any number or combination of these:
> IP addresses, such as 10.0.0.1
> Subnet descriptions, such as 10.2.3.0/24
> The string "localsubnet"
> Example: to allow messages from 10.0.0.1,
> 10.0.0.2, and from any system on the
> local subnet or on the 10.3.4.x subnet,
> type the following:
> 10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
>
> Policy Setting
> Windows Firewall: Allow UPnP framework exception Disabled
> Windows Firewall: Do not allow exceptions Disabled
> Windows Firewall: Prohibit notifications Enabled
> Windows Firewall: Prohibit unicast response to multicast or broadcast
> requests Disabled
> Windows Firewall: Protect all network connections Enabled
>
> Network/Network Connections/Windows Firewall/Standard Profile
> Policy Setting
> Windows Firewall: Allow file and printer sharing exception Enabled
> Allow unsolicited incoming messages from: <SNIP>
> Syntax:
> Type "*" to allow messages from any network, or
> else type a comma-separated list that contains
> any number or combination of these:
> IP addresses, such as 10.0.0.1
> Subnet descriptions, such as 10.2.3.0/24
> The string "localsubnet"
> Example: to allow messages from 10.0.0.1,
> 10.0.0.2, and from any system on the
> local subnet or on the 10.3.4.x subnet,
> type the following:
> 10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
>
> Policy Setting
> Windows Firewall: Allow ICMP exceptions Enabled
> Allow outbound destination unreachable Disabled
> Allow outbound source quench Disabled
> Allow redirect Disabled
> Allow inbound echo request Enabled
> Allow inbound router request Disabled
> Allow outbound time exceeded Disabled
> Allow outbound parameter problem Disabled
> Allow inbound timestamp request Disabled
> Allow inbound mask request Disabled
> Allow outbound packet too big Disabled
>
> Policy Setting
> Windows Firewall: Allow local port exceptions Disabled
> Windows Firewall: Allow local program exceptions Disabled
> Windows Firewall: Allow logging Enabled
> Log dropped packets Enabled
> Log successful connections Enabled
> Log file path and name: %systemroot%\system32\logfiles\pfirewall.log
> Size limit (KB): 4096
>
> Policy Setting
> Windows Firewall: Allow remote administration exception Enabled
> Allow unsolicited incoming messages from: <SNIP>
> Syntax:
> Type "*" to allow messages from any network, or
> else type a comma-separated list that contains
> any number or combination of these:
> IP addresses, such as 10.0.0.1
> Subnet descriptions, such as 10.2.3.0/24
> The string "localsubnet"
> Example: to allow messages from 10.0.0.1,
> 10.0.0.2, and from any system on the
> local subnet or on the 10.3.4.x subnet,
> type the following:
> 10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
>
> Policy Setting
> Windows Firewall: Allow Remote Desktop exception Enabled
> Allow unsolicited incoming messages from: <SNIP>
> Syntax:
> Type "*" to allow messages from any network, or
> else type a comma-separated list that contains
> any number or combination of these:
> IP addresses, such as 10.0.0.1
> Subnet descriptions, such as 10.2.3.0/24
> The string "localsubnet"
> Example: to allow messages from 10.0.0.1,
> 10.0.0.2, and from any system on the
> local subnet or on the 10.3.4.x subnet,
> type the following:
> 10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
>
> Policy Setting
> Windows Firewall: Do not allow exceptions Disabled
> Windows Firewall: Prohibit unicast response to multicast or broadcast
> requests Disabled
> Windows Firewall: Protect all network connections Enabled
>
> Extra Registry Settings
> Display names for some settings cannot be found. You might be able to
> resolve this issue by updating the .ADM files used by Group Policy
> Management.
>
> Setting State
>
> SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\Enabled
> 1
>
> SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\<SNIP>
> <SNIP>
> ...
> ...
> ...
>
> SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\Enabled
> 1
>
> SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\<SNIP>
> <SNIP>
> ...
> ...
> ...
>
> User Configuration (Disabled)
> No settings defined.
>
>
.
- Prev by Date: Re: GPO Update Problem (SYSVOL access via UNC)
- Next by Date: Re: Cannot browse via UNC path
- Previous by thread: Re: GPO Update Problem (SYSVOL access via UNC)
- Next by thread: RE: GPO Update Problem (SYSVOL access via UNC)
- Index(es):
Relevant Pages
|
|
