Re: Last logon User [WILDPACKET]

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Steve:

I created on OU called Member Servers and within it I created 2 OUs called
2000 and 2003. I mvoed all the 2003 member servers to its OU and 2000
servers to its OU.

Applied the policy to the Member Servers OU and the policy seems only
affecting the Windows 2003 Servers. How come not applying to 2000 member
servers?

Advise please.

Thank you in adv.




"Steven L Umbach" wrote:

> For domain member computers you can do it with Group Policy. You could for
> instance put the servers in an Organizational Unit with a Group Policy
> linked to it and then define your security option setting to not display
> last logged on name. Security policy is a subset of Group Policy computer
> configuration under Windows settings/security settings. Since by default a
> computer/user will inherit Group Policy settings from parent containers you
> could place your OU so that the computers/users will still get other Group
> Policy settings you want applied to them from existing Group Policies. For
> computers in a workgroup you will need to configure the Local Security
> Policy [secpol.msc] on each computer. --- Steve
>
>
> "WILD PACKET." <mailtomohsin@xxxxxxxxxxx> wrote in message
> news:O6EeYf6yFHA.3000@xxxxxxxxxxxxxxxxxxxxxxx
> > Thank you Steve for you assistance. All the DCs on LAN are working now.
> >
> > I have few member servers on the LAN, how do I do those now, Do I go on
> > each member server and do them or there exists an easy and other way to do
> > it?
> >
> > I also want to do the same for the servers in the DMZ, we have 12 servers
> > in the DMZ and they are all in one workgroup.
> >
> > Please advise
> >
> >
> >
> >
> >
> > "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxx> wrote in message
> > news:OfmVTI3yFHA.2556@xxxxxxxxxxxxxxxxxxxxxxx
> >> You should not have to restart it but using gpupdate /force for Windows
> >> 2003 may speed up propagation but domain controllers usually refresh
> >> fairly often using a five minute default. Gpupdate /force will prompt for
> >> restart if it is needed. If problems persist use the support tool gpotool
> >> to make sure your Group Policies are replicating correctly. You will get
> >> an error message if they are not. --- Steve
> >>
> >>
> >> "WILDPACKET" <WILDPACKET@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> news:C6AB601A-2711-4751-B34B-81007E0A57F1@xxxxxxxxxxxxxxxx
> >>> Thank you Steve for the information.
> >>>
> >>> Yes, all the DCs are in a Domain Controllers OU and I have applied the
> >>> Policy. Will the policy be applied autmatically or I have to restart
> >>> the
> >>> Dcs. These are not in the DMZ. These are on my LAN.
> >>>
> >>>
> >>>
> >>> "Steven L Umbach" wrote:
> >>>
> >>>> If the domain controllers are all in the same default container then
> >>>> defining the setting in Domain Controller Security Policy should work
> >>>> for
> >>>> domain controllers in the domain. If you are still having a problem and
> >>>> have
> >>>> a domain controller in the DMZ for that same domain then firewall
> >>>> settings
> >>>> isolating the DMZ from the internal lan could be causing failure of
> >>>> Group
> >>>> Policy to propagate. The support tools such as netdiag, gpresult, and
> >>>> viewing the logs using Event Viewer are a good place to start and
> >>>> troubleshoot. Having a domain controller for a domain in the DMZ is not
> >>>> what
> >>>> would be called best practice unless it is not the same domain as the
> >>>> domain
> >>>> used on the lan. Sometimes separate forests are created - one for the
> >>>> lan
> >>>> and one for the DMZ with a one way trust where the DMZ forest/domain
> >>>> trusts
> >>>> the lan forest/domain only but not vice versa. --- Steve
> >>>>
> >>>>
> >>>> tp://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B179442 ---
> >>>> firewall configuration for domains and trusts.
> >>>>
> >>>> "WILDPACKET" <WILDPACKET@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >>>> news:608CF45B-D75C-47A8-9D47-C68C96A37338@xxxxxxxxxxxxxxxx
> >>>> >I have set the DC Security Policy to -
> >>>> >
> >>>> > Do not display last last logged on user to ENABLE and it works fine.
> >>>> >
> >>>> > How do I make this work for the DCs sitting in the DMZ because I
> >>>> > notice
> >>>> > this
> >>>> > does not work for the DCs in DMZ.
> >>>> >
> >>>> > Please advise.
> >>>> >
> >>>> > Thanks in advance.
> >>>>
> >>>>
> >>>>
> >>
> >>
> >
> >
>
>
>
.

Relevant Pages

  • Re: Prevent Domain Users from logging on to specific PCs w/ Group Policies
    ... This user right is defined in the Default Domain Controller Group Policy object and in the local security policy of workstations and servers. ...
    (microsoft.public.windows.server.security)
  • Re: Unable to Block Inheritance on Group Policy
    ... This posting is provided "AS IS" with no warranties, ... have a group policy named Login that is at the user level that maps ... named Servers that I want to block the inheritance of the group ...
    (microsoft.public.windows.server.active_directory)
  • Re: Custom GPO Version Mismatch
    ... I can't find any errors on those 2 servers. ... Check out http://www.gpoguy.com -- The Windows Group Policy Information Hub: ... the Windows Group Policy Guide is out from Microsoft Press!!! ... getting any replication errors on those two servers. ...
    (microsoft.public.windows.group_policy)
  • Unable to Block Inheritance on Group Policy
    ... have a group policy named Login that is at the user level that maps ... named Servers that I want to block the inheritance of the group ...
    (microsoft.public.windows.server.active_directory)
  • Re: (domain)administrator cant run Windows Update?
    ... Domain Controllers, 3 member Servers. ... When I run Windows Update from the start menu it says "windows update ... there is NO policy defined whatsoever wich prevents access. ...
    (microsoft.public.windowsupdate)