Re: Viewing local security policies settings on Windows Server 2003 when domain policies are applied
- From: v-rebc@xxxxxxxxxxxxxxxxxxxx ("Rebecca Chen [MSFT]")
- Date: Thu, 07 Apr 2005 11:36:40 GMT
Hi Mike,
I totally understand your concerns. After long time testing and discussed
with other colleagues, unfortunately, we cannot find a way to view the
local policy which is override by domain policy in win2k3 server.
I would like to list a summary of this issue:
Goal to achieve:
==================
View local policy on win2k3 server which is override by domain policy
Tools has used
================
Gpedit.msc
Gpmc.msc
Rsop.msc (gpresult)
Secedit /export command
Analyze secedit.sdb database
Testing steps
=====================
Environment:
Local policy has configured user rights assignments "access this computer
from network" to EVERYONE
Domain policy has configured user rights assignments "access this computer
from network" to ADMINISTRATORS
Steps performed:
===================
I use the command " Secedit /export /cfg c:\test.txt"
c:\test.txt output as follows:
[Privilege Rights]
SeNetworkLogonRight = *S-1-5-32-544
Use GetSID I can see this SID is domain\administrators, which reflects the
domain policy.
Another test is to use secedit.sdb database. I have referred KB 318711 as
follows, however still get domain policy result:
HOW TO: Use the Secedit.sdb Database to Perform a Security Analysis in
Windows 2000
http://support.microsoft.com/kb/318711
Personally, I believe your concern makes sense. I have sent an email to
mswish@xxxxxxxxxxxxx to let them know this feature is not available in
win2k3 server. You may consider also send an email to mswish since the more
feedback they receive; the higher chance they will consider adding this
feature in the new version. I have CC the mail to you.
>From my point of view, a workaround for current situation is that you
disjoin the machine from the domain during the non-business time, right
click the user rights to choose export to a text file in gpedit.msc. You
can then get the current GPO list by open the text file. I understand it
may be not very convenient for you, however, the workaround is the way we
now can view the local policy.
Sorry for the inconvenience this has been cause!
If you have any concerns, please feel free to post back.
Best regards,
Rebecca Chen
MCSE2000 MCDBA CCNA
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- Follow-Ups:
- References:
- Prev by Date: Re: GPO asigned to groups....
- Next by Date: Re: GPO asigned to groups....
- Previous by thread: Re: Viewing local security policies settings on Windows Server 2003 when domain policies are applied
- Next by thread: Re: Viewing local security policies settings on Windows Server 2003 when domain policies are applied
- Index(es):
Relevant Pages
|
