Re: Default Domain Controller Policy being overwritten

From: fnstrat2 (fnstrat2_at_discussions.microsoft.com)
Date: 08/30/04 

Date: Mon, 30 Aug 2004 08:27:04 -0700

I do have the event log size defined. 80000 kb's. The problem is not that
the log file is not big enough, its more that everything is being written to
the log file and filling up in a few days. The actual Policy is being
rewritten to audit everything. It's almost like I change the policy on the
server, it takes affect and works for a few minutes until the domain
controller policy is reapplied and overwritten. Like the server doesn't
actually modify the group policy when I change it.

"Chriss3 [MVP]" wrote:

> Hello
> You may need to define the Maximum event log size for the security logs,
> Have a look at the page below.
>
> http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/resources/documentation/windowsServ/2003/all/techref/en-us/W2K3TR_sepol_event_set.asp
>
> --
> Regards
> Christoffer Andersson
> Microsoft MVP - Directory Services
>
> No email replies please - reply in the newsgroup
> ------------------------------------------------
> http://www.chrisse.se - Active Directory Tips
>
> "fnstrat2" <fnstrat2@discussions.microsoft.com> skrev i meddelandet
> news:7C512C3D-229A-4635-B189-1CFD485A8110@microsoft.com...
> > The default domain controller policy is being overwritten every five
> minutes
> > when the gp updates the computer. I noticed this because I started
> getting
> > messages every time I logged in saying the security log was full. When I
> > check the auditing options everything was set to audit success and
> failure.
> > I have tried resetting many times. When I check the policy again it is
> > changed back to success and failure for all items. This began happening
> > after our forest wide upgrade to windows 2003. This problem is happening
> on
> > the Schema Master. I have run netdiag and dcdiag with no errors. Also,
> no
> > errors relating to this in the event logs on either domain controller. GP
> > updates are applying successfully to the domain controllers.
>
>
>

Relevant Pages

  • Re: SBS 2003 Lost all the Security Policies.
    ... i didn't use dcgpofix i used another sbs 2003 premium has example and created the policies manually. ... I know that your Default Domain Controller Security Policy or Domain Security Policy it is empty. ... DCGPOFIX.EXE will restore the Default Domain Policy and the Default Domain Controller Policy to original default settings. ...
    (microsoft.public.windows.server.sbs)
  • Re: W2K Server / XP Pro Clients / Group Policy -- LOCK TASKBAR
    ... make your dns configuration is correct in that domain controllers point ... The policy you are trying to implement is a "user" configuration policy and therefore ... > machines connecting to a Windows 2000 Domain Controller. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: W2K Server / XP Pro Clients / Group Policy -- LOCK TASKBAR
    ... make your dns configuration is correct in that domain controllers point ... The policy you are trying to implement is a "user" configuration policy and therefore ... > machines connecting to a Windows 2000 Domain Controller. ...
    (microsoft.public.windowsxp.setup_deployment)
  • Re: W2K Server / XP Pro Clients / Group Policy -- LOCK TASKBAR
    ... make your dns configuration is correct in that domain controllers point ... The policy you are trying to implement is a "user" configuration policy and therefore ... > machines connecting to a Windows 2000 Domain Controller. ...
    (microsoft.public.windows.server.active_directory)
  • Re: W2K Server / XP Pro Clients / Group Policy -- LOCK TASKBAR
    ... make your dns configuration is correct in that domain controllers point ... The policy you are trying to implement is a "user" configuration policy and therefore ... > machines connecting to a Windows 2000 Domain Controller. ...
    (microsoft.public.windows.server.security)