Re: Group Policy broke my DCs

Thanks for your suggestion steve!!
I'm trying to figure out what broke my DC.....will let you know if i find
something interesting.

"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxx> wrote in message
news:uh%23W6PC0FHA.3256@xxxxxxxxxxxxxxxxxxxxxxx
> Keep in mind that services have dependencies and if a service that another
> service depends on is not started the service will eventually stop. You
> need to be very careful with tweaking services on domain controllers.
> Verify that services set to automatic are indeed started. Run the support
> tools netdiag, dcdiag, and gpotool on your domain controllers to see if
> they report anything that may be of help and view the logs of the domain
> controllers using Event Viewer to see what is reported. My guess is you
> will see a lot of problems recorded with Event IDs that may help give you
> a handle on the situation. You can also apply services configurations via
> Group Policy - security policy at the OU level which makes it much easier
> to undo changes by unlinking the GPO when problems arise. The list below
> is complied from the Windows 2003 Server Security guide for baseline core
> services which you may want to review for startup configuration. Windows
> 2000 may not have all these services possibly but it still can be used as
> a guide. --- Steve
>
> Windows 2003 services.
>
>
> Baseline server ---------------------------
>
> Automatic Updates - automatic
> Background Intelligent Transfer Service - manual
> Com+ Event System - manual
> Computer Browser - automatic
> Cryptographic Services - automatic
> DHCP Client - automatic
> DNS Client - automatic
> Event Log - automatic
> Ipsec Policy Agent - automatic
> MS Software Shadow Copy - manual
> Netlogon - automatic
> Network Connections - manual
> Network Location Awareness - manual
> NTLM Security Support Provider - automatic
> Performance Logs - manual
> Plug and Play - automatic
> Protected Storage - automatic
> Remote Administration Service - manual
> Remote Procedure Call RPC - automatic
> Remote Registry Service - automatic
> Security Accounts Manager - automatic
> Server - automatic
> System Event Notification - automatic
> TCP/IP Netbios Helper Service - automatic
> Terminal Services - automatic
> Volume Shadow Copy - manual
> Windows Installer - automatic
> Windows Management Instrumentation - automatic
> Windows Management Instrumentation Driver Ext - automatic
> Windows Time - automatic
> WMI Performance Adapter - manual
> Workstation - automatic
>
> **********************************************
> Added critical services for Domain Controllers
> **********************************************
>
> Distributed File System - automatic
> DNS Server - automatic
> File Replication - automatic
> Intersite Messaging - automatic
> Kerberos Key Distribution Center - automatic
> Remote Procedure Call RPC Locator - automatic
>
>
>
>
> "Anand" <Anand@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:D385104B-DA38-424E-BDFA-9412D3C7FDE2@xxxxxxxxxxxxxxxx
>> Hello,
>>
>> We have an empty root domain and a child domain.
>> We have 3 DCs (in the root domain) and we tweaked the GPOs a little (we
>> made
>> changes to the system services portion of our Default Domain Controller
>> Policy).
>>
>> We changed the startup type and also the security permissions on few of
>> the
>> services. We made these changes based on the settings that we saw in the
>> Default domain controller policy of the child domain.
>>
>> The first thing that happened after we made the GPO changes, was that our
>> Live Communication Server broke. The service wouldn't start. The LCS
>> server
>> is installed in our child domain and no GPO changes were made here in the
>> child domain. Dont know why the root domian chnages broke the LCS server.
>>
>> then we made few changes to security permissions on few services inorder
>> to
>> bring the LCS server back up. After this one of our DCs went down and
>> wouldn't come up.
>> The after an hour the second DC went down.
>>
>> Any suggestions to fix this will be greatly appreciated!
>>
>> thanks
>>
>
>


.

Relevant Pages

  • SecurityFocus Microsoft Newsletter #164
    ... Got Storage Security Risks? ... MICROSOFT VULNERABILITY SUMMARY ... Chat Client FTP Server Default Username Credential Weak... ... NetServe Web Server is a compact web server for Microsoft Windows ...
    (Focus-Microsoft)
  • Re: im being held in memory
    ... How can I harden my computer or server to secure it from hackers? ... Use firewall software and hardware and antivirus software that is ... Follow the instructions for hardening Windows and IIS at ... Install all service packs and security fixes from Microsoft and otherwise ...
    (microsoft.public.security)
  • SecurityFocus Microsoft Newsletter #167
    ... MICROSOFT VULNERABILITY SUMMARY ... Multiple Vendor XML Parser SOAP Server Denial Of Service Vul... ... Proactive Windows Security Explorer ...
    (Focus-Microsoft)
  • MS and security: good effort but no cigar
    ... build upon the progress it's already made in security. ... The low-hanging fruit of millions of insecure Windows machines ... Then there's the issue of poorly secured server applications. ... and execute external virus and filtering ...
    (microsoft.public.windowsxp.general)
  • Re: Group Policy broke my DCs
    ... to be very careful with tweaking services on domain controllers. ... Group Policy - security policy at the OU level which makes it much easier to ... complied from the Windows 2003 Server Security guide for baseline core ... Server - automatic ...
    (microsoft.public.windows.group_policy)