Re: GPO Update Problem (SYSVOL access via UNC)
- From: "Charles Jennings" <cejennings_cr@xxxxxxxxx>
- Date: Mon, 12 Sep 2005 07:09:37 -0600
Repost 2
"Charles Jennings" <cejennings_cr@xxxxxxxxx> wrote in message news:...
> Repost
>
> "Charles Jennings" <cejennings_cr@xxxxxxxxx> wrote in message news:...
>> Part 2
>> ******************************
>> Server Security and Auditing Policy
>> Data collected on: 8/29/2005 6:40:23 AM
>>
>> General
>> Details
>> Domain corp.mycompany.com
>> Owner CORP\Domain Admins
>> Created 8/18/2005 3:35:50 PM
>> Modified 8/18/2005 4:24:00 PM
>> User Revisions 0 (AD), 0 (sysvol)
>> Computer Revisions 26 (AD), 26 (sysvol)
>> Unique ID {AC8C0163-3893-4568-87C8-C38D7E5396AE}
>> GPO Status Enabled
>>
>> Links
>> Location Enforced Link Status Path
>> Servers No Enabled corp.mycompany.com/Costa Rica/Servers
>> This list only includes links in the domain of the GPO.
>>
>> Security Filtering
>> The settings in this GPO can only apply to the following groups, users,
>> and computers:
>> Name NT AUTHORITY\Authenticated Users
>>
>> WMI Filtering
>> WMI Filter Name None
>> Description Not applicable
>>
>> Delegation
>> These groups and users have the specified permission for this GPO
>> Name Allowed Permissions Inherited
>> CORP\Domain Admins Edit settings, delete, modify security No
>> CORP\Enterprise Admins Edit settings, delete, modify security No
>> NT AUTHORITY\Authenticated Users Read (from Security Filtering) No
>> NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Read No
>> NT AUTHORITY\SYSTEM Edit settings, delete, modify security No
>>
>> Computer Configuration (Enabled)
>> Windows Settings
>> Security Settings
>> Local Policies/Audit Policy
>> Policy Setting
>> Audit account logon events Success, Failure
>> Audit account management Success, Failure
>> Audit directory service access Success, Failure
>> Audit logon events Success, Failure
>> Audit object access Success, Failure
>> Audit policy change Success, Failure
>> Audit privilege use Failure
>> Audit process tracking No auditing
>> Audit system events Success, Failure
>>
>> Local Policies/Security Options
>> Interactive Logon
>> Policy Setting
>> Interactive logon: Message text for users attempting to log on This
>> computer is the property of My Company., Only authorized users may access
>> this system., Unauthorized access will be investigated and penalties will
>> be
>> pursued in conformance with applicable laws and regulations.
>> Interactive logon: Message title for users attempting to log on
>> "NOTICE"
>>
>> User Configuration (Enabled)
>> No settings defined.
>> ******************************
>> Costa Rica Global Policy
>> Data collected on: 8/29/2005 6:40:46 AM
>>
>> General
>> Details
>> Domain corp.mycompany.com
>> Owner CORP\Domain Admins
>> Created 8/9/2004 2:40:52 PM
>> Modified 5/6/2005 6:55:16 AM
>> User Revisions 4 (AD), 4 (sysvol)
>> Computer Revisions 46 (AD), 46 (sysvol)
>> Unique ID {67538E3E-149C-4C7D-8CD7-711268D2BCF5}
>> GPO Status Enabled
>>
>> Links
>> Location Enforced Link Status Path
>> Costa Rica No Enabled corp.mycompany.com/Costa Rica
>> CSG No Enabled corp.mycompany.com/Costa Rica/CSG
>> IT No Enabled corp.mycompany.com/Costa Rica/IT
>> This list only includes links in the domain of the GPO.
>>
>> Security Filtering
>> The settings in this GPO can only apply to the following groups, users,
>> and computers:
>> Name NT AUTHORITY\Authenticated Users
>>
>> WMI Filtering
>> WMI Filter Name None
>> Description Not applicable
>>
>> Delegation
>> These groups and users have the specified permission for this GPO
>> Name Allowed Permissions Inherited
>> CORP\Domain Admins Edit settings, delete, modify security No
>> CORP\Enterprise Admins Edit settings, delete, modify security No
>> NT AUTHORITY\Authenticated Users Read (from Security Filtering) No
>> NT AUTHORITY\SYSTEM Edit settings, delete, modify security No
>>
>> Computer Configuration (Enabled)
>> Windows Settings
>> Scripts
>> Startup
>> Name Parameters
>> CR-Startup.cmd
>>
>> Security Settings
>> Account Policies/Password Policy
>> Policy Setting
>> Enforce password history 1 passwords remembered
>> Maximum password age 42 days
>> Minimum password age 1 days
>> Minimum password length 0 characters
>>
>> Account Policies/Account Lockout Policy
>> Policy Setting
>> Account lockout threshold 0 invalid logon attempts
>>
>> Local Policies/Audit Policy
>> Policy Setting
>> Audit account logon events Failure
>> Audit account management Success, Failure
>> Audit directory service access Failure
>> Audit logon events Failure
>> Audit object access Failure
>> Audit policy change Success, Failure
>> Audit privilege use Failure
>> Audit process tracking Failure
>> Audit system events Failure
>>
>> Local Policies/User Rights Assignment
>> Policy Setting
>> Add workstations to domain NT AUTHORITY\Authenticated Users
>> Change the system time Everyone
>>
>> Local Policies/Security Options
>> Interactive Logon
>> Policy Setting
>> Interactive logon: Do not display last user name Enabled
>>
>> Microsoft Network Server
>> Policy Setting
>> Microsoft network server: Disconnect clients when logon hours expire
>> Enabled
>>
>> Network Security
>> Policy Setting
>> Network security: Force logoff when logon hours expire Enabled
>>
>> Public Key Policies/Autoenrollment Settings
>> Policy Setting
>> Enroll certificates automatically Enabled
>> Renew expired certificates, update pending certificates, and remove
>> revoked certificates Disabled
>> Update certificates that use certificate templates Disabled
>>
>> Public Key Policies/Encrypting File System
>> Properties
>> Policy Setting
>> Allow users to encrypt files using Encrypting File System (EFS)
>> Enabled
>>
>> Public Key Policies/Trusted Root Certification Authorities
>> Properties
>> Policy Setting
>> Allow users to select new root certification authorities (CAs) to
>> trust
>> Enabled
>> Client computers can trust the following certificate stores
>> Third-Party Root Certification Authorities and Enterprise Root
>> Certification
>> Authorities
>> To perform certificate-based authentication of users and computers,
>> CAs
>> must meet the following criteria Registered in Active Directory only
>>
>> Administrative Templates
>> System/Group Policy
>> Policy Setting
>> Group Policy refresh interval for computers Enabled
>> This setting allows you to customize how often Group Policy is applied
>> to computers. The range is 0 to 64800 minutes (45 days).
>> Minutes: 90
>>
>> This is a random time added to the refresh interval to prevent
>> all clients from requesting Group Policy at the same time.
>> The range is 0 to 1440 minutes (24 hours)
>> Minutes: 30
>>
>>
>> User Configuration (Enabled)
>> Windows Settings
>> Scripts
>> Logon
>> Name Parameters
>> crlogon.cmd
>>
>> ******************************
>> Windows XP SP2 Deploy
>> Data collected on: 8/29/2005 6:41:00 AM
>>
>> General
>> Details
>> Domain corp.mycompany.com
>> Owner CORP\Domain Admins
>> Created 5/31/2005 12:45:16 PM
>> Modified 5/31/2005 12:46:56 PM
>> User Revisions 0 (AD), 0 (sysvol)
>> Computer Revisions 1 (AD), 1 (sysvol)
>> Unique ID {A4A65CCE-BAFF-494C-BACE-329B080FBB96}
>> GPO Status User settings disabled
>>
>> Links
>> Location Enforced Link Status Path
>> Costa Rica No Enabled corp.mycompany.com/Costa Rica
>> IT No Enabled corp.mycompany.com/Costa Rica/IT
>> This list only includes links in the domain of the GPO.
>>
>> Security Filtering
>> The settings in this GPO can only apply to the following groups, users,
>> and computers:
>> Name NT AUTHORITY\Authenticated Users
>>
>> WMI Filtering
>> WMI Filter Name None
>> Description Not applicable
>>
>> Delegation
>> These groups and users have the specified permission for this GPO
>> Name Allowed Permissions Inherited
>> CORP\Domain Admins Edit settings, delete, modify security No
>> CORP\Enterprise Admins Edit settings, delete, modify security No
>> NT AUTHORITY\Authenticated Users Read (from Security Filtering) No
>> NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Read No
>> NT AUTHORITY\SYSTEM Edit settings, delete, modify security No
>>
>> Computer Configuration (Enabled)
>> Software Settings
>> Assigned Applications
>> Windows XP Service Pack 2 (1033)
>> Product Information
>> Name Windows XP Service Pack 2 (1033)
>> Version 5.1
>> Language
>> Platform Intel
>> Support URL
>>
>> Deployment Information
>> General Setting
>> Deployment type Assigned
>> Deployment source
>> \\corp.mycompany.com\wxpsp2\i386\update\update.msi
>> Uninstall this application when it falls out of the scope of
>> management Disabled
>>
>> Advanced Deployment Options Setting
>> Ignore language when deploying this package Disabled
>> Make this 32-bit X86 application available to Win64 machines
>> Enabled
>> Include OLE class and product information Enabled
>>
>> Diagnostic Information Setting
>> Product code {5d0930a2-1033-433a-8bb9-603665550dd1}
>> Deployment Count 0
>>
>> Security
>> Permissions
>> Type Name Permission Inherited
>> Allow CORP\Domain Admins Full control No
>> Allow NT AUTHORITY\SYSTEM Full control No
>> Allow NT AUTHORITY\Authenticated Users Read No
>> Allow CORP\Domain Admins Read, Write Yes
>> Allow CORP\Enterprise Admins Read, Write Yes
>> Allow CREATOR OWNER Read, Write Yes
>> Allow NT AUTHORITY\SYSTEM Read, Write Yes
>> Allow NT AUTHORITY\Authenticated Users Read Yes
>> Allow NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Read
>> Yes
>> Allow inheritable permissions from the parent to propagate to this
>> object and all child objects Enabled
>>
>> Advanced
>> Upgrades Setting
>> Required upgrade for existing packages Enabled
>> Packages that this package will upgrade GPO
>> None
>>
>> Packages in the current GPO that will upgrade this package None
>>
>> Categories
>> None
>>
>> Transforms
>> None
>>
>> User Configuration (Disabled)
>> No settings defined.
>> ******************************
>> Windows XP SP2 Firewall Settings - Restricted
>> Data collected on: 8/29/2005 6:41:18 AM
>>
>> General
>> Details
>> Domain corp.mycompany.com
>> Owner CORP\Domain Admins
>> Created 6/6/2005 8:33:52 AM
>> Modified 6/21/2005 2:17:14 PM
>> User Revisions 0 (AD), 0 (sysvol)
>> Computer Revisions 50 (AD), 50 (sysvol)
>> Unique ID {0BF734CA-1E8C-4351-A97E-2B2A76B8B1E8}
>> GPO Status User settings disabled
>>
>> Links
>> Location Enforced Link Status Path
>> Costa Rica No Enabled corp.mycompany.com/Costa Rica
>> This list only includes links in the domain of the GPO.
>>
>> Security Filtering
>> The settings in this GPO can only apply to the following groups, users,
>> and computers:
>> Name NT AUTHORITY\Authenticated Users
>>
>> WMI Filtering
>> WMI Filter Name None
>> Description Not applicable
>>
>> Delegation
>> These groups and users have the specified permission for this GPO
>> Name Allowed Permissions Inherited
>> CORP\Domain Admins Edit settings, delete, modify security No
>> CORP\Enterprise Admins Edit settings, delete, modify security No
>> NT AUTHORITY\Authenticated Users Read (from Security Filtering) No
>> NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Read No
>> NT AUTHORITY\SYSTEM Edit settings, delete, modify security No
>>
>> Computer Configuration (Enabled)
>> Administrative Templates
>> Network/Network Connections/Windows Firewall/Domain Profile
>> Policy Setting
>> Windows Firewall: Allow file and printer sharing exception Enabled
>> Allow unsolicited incoming messages from: <SNIP>
>> Syntax:
>> Type "*" to allow messages from any network, or
>> else type a comma-separated list that contains
>> any number or combination of these:
>> IP addresses, such as 10.0.0.1
>> Subnet descriptions, such as 10.2.3.0/24
>> The string "localsubnet"
>> Example: to allow messages from 10.0.0.1,
>> 10.0.0.2, and from any system on the
>> local subnet or on the 10.3.4.x subnet,
>> type the following:
>> 10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
>>
>> Policy Setting
>> Windows Firewall: Allow ICMP exceptions Enabled
>> Allow outbound destination unreachable Disabled
>> Allow outbound source quench Disabled
>> Allow redirect Disabled
>> Allow inbound echo request Enabled
>> Allow inbound router request Disabled
>> Allow outbound time exceeded Disabled
>> Allow outbound parameter problem Disabled
>> Allow inbound timestamp request Disabled
>> Allow inbound mask request Disabled
>> Allow outbound packet too big Disabled
>>
>> Policy Setting
>> Windows Firewall: Allow local port exceptions Disabled
>> Windows Firewall: Allow local program exceptions Disabled
>> Windows Firewall: Allow logging Enabled
>> Log dropped packets Enabled
>> Log successful connections Enabled
>> Log file path and name:
>> %systemroot%\system32\logfiles\pfirewall.log
>> Size limit (KB): 4096
>>
>> Policy Setting
>> Windows Firewall: Allow remote administration exception Enabled
>> Allow unsolicited incoming messages from: <SNIP>
>> Syntax:
>> Type "*" to allow messages from any network, or
>> else type a comma-separated list that contains
>> any number or combination of these:
>> IP addresses, such as 10.0.0.1
>> Subnet descriptions, such as 10.2.3.0/24
>> The string "localsubnet"
>> Example: to allow messages from 10.0.0.1,
>> 10.0.0.2, and from any system on the
>> local subnet or on the 10.3.4.x subnet,
>> type the following:
>> 10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
>>
>> Policy Setting
>> Windows Firewall: Allow Remote Desktop exception Enabled
>> Allow unsolicited incoming messages from: <SNIP>
>> Syntax:
>> Type "*" to allow messages from any network, or
>> else type a comma-separated list that contains
>> any number or combination of these:
>> IP addresses, such as 10.0.0.1
>> Subnet descriptions, such as 10.2.3.0/24
>> The string "localsubnet"
>> Example: to allow messages from 10.0.0.1,
>> 10.0.0.2, and from any system on the
>> local subnet or on the 10.3.4.x subnet,
>> type the following:
>> 10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
>>
>> Policy Setting
>> Windows Firewall: Allow UPnP framework exception Disabled
>> Windows Firewall: Do not allow exceptions Disabled
>> Windows Firewall: Prohibit notifications Enabled
>> Windows Firewall: Prohibit unicast response to multicast or broadcast
>> requests Disabled
>> Windows Firewall: Protect all network connections Enabled
>>
>> Network/Network Connections/Windows Firewall/Standard Profile
>> Policy Setting
>> Windows Firewall: Allow file and printer sharing exception Enabled
>> Allow unsolicited incoming messages from: <SNIP>
>> Syntax:
>> Type "*" to allow messages from any network, or
>> else type a comma-separated list that contains
>> any number or combination of these:
>> IP addresses, such as 10.0.0.1
>> Subnet descriptions, such as 10.2.3.0/24
>> The string "localsubnet"
>> Example: to allow messages from 10.0.0.1,
>> 10.0.0.2, and from any system on the
>> local subnet or on the 10.3.4.x subnet,
>> type the following:
>> 10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
>>
>> Policy Setting
>> Windows Firewall: Allow ICMP exceptions Enabled
>> Allow outbound destination unreachable Disabled
>> Allow outbound source quench Disabled
>> Allow redirect Disabled
>> Allow inbound echo request Enabled
>> Allow inbound router request Disabled
>> Allow outbound time exceeded Disabled
>> Allow outbound parameter problem Disabled
>> Allow inbound timestamp request Disabled
>> Allow inbound mask request Disabled
>> Allow outbound packet too big Disabled
>>
>> Policy Setting
>> Windows Firewall: Allow local port exceptions Disabled
>> Windows Firewall: Allow local program exceptions Disabled
>> Windows Firewall: Allow logging Enabled
>> Log dropped packets Enabled
>> Log successful connections Enabled
>> Log file path and name:
>> %systemroot%\system32\logfiles\pfirewall.log
>> Size limit (KB): 4096
>>
>> Policy Setting
>> Windows Firewall: Allow remote administration exception Enabled
>> Allow unsolicited incoming messages from: <SNIP>
>> Syntax:
>> Type "*" to allow messages from any network, or
>> else type a comma-separated list that contains
>> any number or combination of these:
>> IP addresses, such as 10.0.0.1
>> Subnet descriptions, such as 10.2.3.0/24
>> The string "localsubnet"
>> Example: to allow messages from 10.0.0.1,
>> 10.0.0.2, and from any system on the
>> local subnet or on the 10.3.4.x subnet,
>> type the following:
>> 10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
>>
>> Policy Setting
>> Windows Firewall: Allow Remote Desktop exception Enabled
>> Allow unsolicited incoming messages from: <SNIP>
>> Syntax:
>> Type "*" to allow messages from any network, or
>> else type a comma-separated list that contains
>> any number or combination of these:
>> IP addresses, such as 10.0.0.1
>> Subnet descriptions, such as 10.2.3.0/24
>> The string "localsubnet"
>> Example: to allow messages from 10.0.0.1,
>> 10.0.0.2, and from any system on the
>> local subnet or on the 10.3.4.x subnet,
>> type the following:
>> 10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
>>
>> Policy Setting
>> Windows Firewall: Do not allow exceptions Disabled
>> Windows Firewall: Prohibit unicast response to multicast or broadcast
>> requests Disabled
>> Windows Firewall: Protect all network connections Enabled
>>
>> Extra Registry Settings
>> Display names for some settings cannot be found. You might be able to
>> resolve this issue by updating the .ADM files used by Group Policy
>> Management.
>>
>> Setting State
>>
>> SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\Enabled
>> 1
>>
>> SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\<SNIP>
>> <SNIP>
>> ...
>> ...
>> ...
>>
>> SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\Enabled
>> 1
>>
>> SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\<SNIP>
>> <SNIP>
>> ...
>> ...
>> ...
>>
>> User Configuration (Disabled)
>> No settings defined.
>>
>>
>
>
.
- Prev by Date: Re: GPO Update Problem (SYSVOL access via UNC)
- Next by Date: Re: Logon locally
- Previous by thread: Re: GPO Update Problem (SYSVOL access via UNC)
- Next by thread: GP Issue on XP Pro SP2 ?
- Index(es):
Relevant Pages
|
|
