Re: DC with a Local Computer Policy and greyed out security settin
- From: =pathfinder= <pathfinder@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 10 Oct 2007 09:12:01 -0700
so you think installing the admin tools and GPMC on a PC may allow me to see
the DDP? interesting idea.
The GPO I edited the admin name in is the one that says local GPO. should
the local GPO be in C:\WINDOWS\system32\GroupPolicy? the data in this folder
does not appear to match what GPMC says the local GPO has in it.
i still don't get what has caused this mix up.
"Darren Mar-Elia" wrote:
I wouldn't recommend editing the inf file directly. If you can get to the.
policy from another machine, then I would recommend using that to make the
edits rather than doing it on the DC.
As far as the administrator rename, what GPO did you deploy that in? Maybe
you deployed it against the local GPO when you thought it was the DDP?
--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
Script Group Policy Settings with the GPExpert Scripting Toolkit for
PowerShell!
Find out more at http://www.sdmsoftware.com/products2.php
Visit the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy
Information Hub:
FAQs, Training Videos, Whitepapers and Utilities for all things Group
Policy-related
"=pathfinder=" <pathfinder@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BB018568-0C44-4D0E-BDFB-1CBDD339C274@xxxxxxxxxxxxxxxx
thanks for the suggestion, it opened the same local computer policy again
though. On my othe domain it does open the default domain policy, so i
dont
get what the issue is here.
I browsed through the filesystem and found this
[Unicode]
Unicode=yes
[System Access]
MinimumPasswordAge = 1
MaximumPasswordAge = 42
MinimumPasswordLength = 7
PasswordComplexity = 0
PasswordHistorySize = 24
LockoutBadCount = 0
RequireLogonToChangePassword = 0
ForceLogoffWhenHourExpire = 0
ClearTextPassword = 0
[Kerberos Policy]
MaxTicketAge = 10
MaxRenewAge = 7
MaxServiceAge = 600
MaxClockSkew = 5
TicketValidateClient = 1
[Version]
signature="$CHICAGO$"
Revision=1
[Registry Values]
under
\\domain\sysvol\domain.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\MACHINE\Microsoft\Windows
NT\SecEdit\GptTmpl.inf. it has not been edited since 2/17/06 and appears
to
be what i am looking for. Can i edit this file to overcome my immediate
issues like LockoutBadCount = 0?
Another weird thing with this is that i was able to rename the local admin
name, but the contents above to don't show it, again on my other damain
the
inf file shows NewAdministratorName = "ECantona".
- References:
- Re: DC with a Local Computer Policy and greyed out security settings
- From: Darren Mar-Elia
- Re: DC with a Local Computer Policy and greyed out security settin
- From: Darren Mar-Elia
- Re: DC with a Local Computer Policy and greyed out security settings
- Prev by Date: Re: Local Admin Rights
- Next by Date: Re: Policy to allow change of hardware settings
- Previous by thread: Re: DC with a Local Computer Policy and greyed out security settin
- Next by thread: Wireless Network (IEEE 802.11) Policies Deny/Access List for SSID Windows XP
- Index(es):
Relevant Pages
|
