Re: Windows XP remember GP when removed from domain
From: Mark Renoden [MSFT] (markreno_at_online.microsoft.com)
Date: 08/24/04
- Next message: Mark Renoden [MSFT]: "Re: GPO problems"
- Previous message: Kevin Sullivan: "Re: Group Policy Management Console"
- In reply to: Keven: "Re: Windows XP remember GP when removed from domain"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 25 Aug 2004 08:29:28 +1000
Hi Keven
You can reset all security settings to the installation defaults with
secedit /configure /cfg "%SYSTEMROOT%\security\templates\setup security.inf"
/db "%SYSTEMROOT%\security\database\setup security.sdb" /log
"%SYSTEMROOT%\security\database\setup security.log" /verbose
(this is one line at the command prompt)
Depending on the function of the machine, you may want to then apply another
security template ... for example, if it were a member server you might use
basicsv.inf.
Kind regards
-- Mark Renoden [MSFT] Windows Platform Support Team Email: markreno@online.microsoft.com Please note you'll need to strip ".online" from my email address to email me; I'll post a response back to the group. This posting is provided "AS IS" with no warranties, and confers no rights. "Keven" <anonymous@discussions.microsoft.com> wrote in message news:c0b701c489e7$a87ef600$a501280a@phx.gbl... > Thanks for the info Mark, how do I remove those locks > from the GPO so that I can edit the password requirements > on this machine that is no longer part of the domain? > > Keven >>-----Original Message----- >>Hi Keven >> >>I'm actually surprised that the policies are being reset > on the Windows 2000 >>machines. What you're seeing on the Windows XP SP1 > machines is what I'd >>expect. >> >>Security policy is an actual registry change that needs > to be modified with >>a new policy. Perhaps your Windows 2000 machines > actually have settings in >>their local policy which is allowed to take effect once > they are moved off >>the domain and that is normally overridden by the domain > policy? >> >>HTH >>-- >>Mark Renoden [MSFT] >>Windows Platform Support Team >>Email: markreno@online.microsoft.com >> >>Please note you'll need to strip ".online" from my email > address to email >>me; I'll post a response back to the group. >> >>This posting is provided "AS IS" with no warranties, and > confers no rights. >> >>"Keven" <darkslyther@no-spam.yahoo.com> wrote in message >>news:bca301c4895b$ce235db0$a401280a@phx.gbl... >>> My windows 2003 domain is set to have accounts lockout >>> after so many attempts, to require at least 8 passwords >>> etc. On Windows 2000 machines if I remove a machine > from >>> the domain it always releases these policies back to > the >>> local GPO. On my XP Box with SP1 if I remove the PC > from >>> the domain, these policies remain in force and are > locked >>> on the local station. Is there a way to remove these >>> locked policies not that the box is part of a workgroup >>> again? Thanks Keven >>> >>> If you reply direct please remove no-spam. >> >> >>. >>
- Next message: Mark Renoden [MSFT]: "Re: GPO problems"
- Previous message: Kevin Sullivan: "Re: Group Policy Management Console"
- In reply to: Keven: "Re: Windows XP remember GP when removed from domain"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
