Re: Local GPO
From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 03/01/04
- Next message: Roger Abell [MVP]: "Re: Local GPO"
- Previous message: Terence: "Re: Local GPO"
- In reply to: Terence: "Re: Local GPO"
- Next in thread: Roger Abell [MVP]: "Re: Local GPO"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 29 Feb 2004 23:24:09 -0700
When you look at the local security policy on a member what you see are the
current settings. Some of these are what are called preferences, while
others
are true policies. Preferences are settings in the registry that are not
volitile,
whereas polices are. If something is set according to the registry as a
preference
then this will be showing in the local security policy.
What is it that you are trying to do ??
Disabling all GPO is not a good idea, especially the Default Domain
Controller GPO.
"Terence" <anonymous@discussions.microsoft.com> wrote in message
news:C50DD24B-2673-46E3-8E01-94F4185EA23D@microsoft.com...
> Re question 2, I've tried to disabled all GPOs from the domain.
> The RSOP report from a member server shows "None" GPO applied, while the
denied GPOs include all disabled Links and Local Group Policy due to
"Empty".
> Checking the Local Security Settings MMC again, there are many configured
settings out there.
>
> Any other hints ?
>
> Many Thanks.
>
> Terence
>
> ----- Chriss3 wrote: -----
>
> inline
>
> --
> Regards
> Christoffer Andersson
>
> No email replies please - reply in the newsgroup
>
> "Terence" <terencewong@hotmail.com> skrev i meddelandet
> news:544AC59B-B737-42DB-BD79-1131B162BDDD@microsoft.com...
> > Forgive me if it is a stupid question.
> >> Facts:
> >> Microsoft's documentation "Windows Server 2003 Group Policy
> Infrastructure" says that "Local GPO: Each computer has exactly one
GPO that
> is stored locally, shared by all users of that computer. This
processes for
> both computer and user Group Policy processing".
> >> Questions:
> > 1. Do all kind of servers have Local GPO, i.e. Domain Controller,
Member
> Server, Standalone Server. It seems that after promoting to Domain
> Controller, the Local Security Settings MMC snap-in is no longer
exist. Is
> this means that the Local GPO has been removed, or we can't change
the Local
> GPO anymore ?
>
> [Chtistoffer] Yes every Windows2000 , Windows XP and Windows Server
2003
> computer have a Local Group Policy, inluced Domain Controllers. You
supose
> to use the Default Domain Controllers Policy linked to the Domain
> Controllers OU for define policy settings for Domain Controllers
within a
> Domain. How ever you can type gpedit.msc to configure an invidual
policy for
> the particular Domain Controller. but i don't recommend you to do so.
>
> > 2. By using GPMC to generate RSOP for a Member Server, the report
> indicates that Local GPO has been denied due to "Empty". But by
looking at
> the Local Security Setting, where are plenty of configurated
settings.
> What's going on ?
>
> [Christoffer] Whitout know anything about other policys within your
> enveirorment. The Local Group Policy may are overwtitten by a
higher-level
> linked Policy within Active Directory.
>
> >> Any hints are appreciated. Thanks.
> >>> Terence
>
>
>
- Next message: Roger Abell [MVP]: "Re: Local GPO"
- Previous message: Terence: "Re: Local GPO"
- In reply to: Terence: "Re: Local GPO"
- Next in thread: Roger Abell [MVP]: "Re: Local GPO"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
