Re: GPO Problem
- From: john d <johnd@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 19 Jan 2007 14:29:02 -0800
Sorry for the confusion - the "Default Domain Policy" is applied at the
Domain level. The WSUS and SUS policies have been applied to certain OU's.
"Danny Sanders" wrote:
I'm addressing your problem you stated where your "users were able to set.
passwords that did not meet the "Default Domain Policy" minimum requirements
applied to their OU."
Again password policies applied at the OU level don't take affect when
logging onto the domain. They only take affect when logging in locally.
DDS
"john d" <johnd@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:36E0AC40-3730-46BD-99F5-EA3D32D22945@xxxxxxxxxxxxxxxx
Danny - Please clarify how this applies to my problem?
To add to my existing problem description, I found on a couple other
machines I ran rsop.msc the new WSUS policy was not even listed, and the
old
SUS policy was still in place. These machines got the following error
message:
ADMINISTRATIVE TEMPLATES
The latest versions of the ADM files below are not available. This can be
due to insufficient permissions or unavailable network resources. The
local
copy of these ADM files will be used.
Details:
wuau.adm
Location - \\domain name.com\Sysvol\domain
name.com\Policies\{16B31360-.....
Error - Access is denied
conf.adm
Location - \\domain name.com\Sysvol\domain
name.com\Policies\{16B31360-.....
Error - Access is denied
"Danny Sanders" wrote:
I recently noticed some users were able to set passwords that did not
meet
the "Default Domain Policy" minimum requirements applied to their OU.
Account policies are one to a domain. You apply them at the domain level.
Account policies applied at the OU level only take affect when logging in
locally to a computer in that OU.
"john d" <johnd@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A75454DC-9E65-4010-AEF8-44EB9C60ECBE@xxxxxxxxxxxxxxxx
I recently noticed some users were able to set passwords that did not
meet
the "Default Domain Policy" minimum requirements applied to their OU.
In
addition, I recently removed a policy outlining the SUS settings for
all
employee computers and replaced it with a new WSUS policy. When I run
RSOP.msc on an employee machine, I can see that the pc is pulling down
the
"Default Domain Policy" and the newly applied WSUS policy, however the
settings being passed down are from teh old SUS policy.
With that being said, I noticed the following Events in the application
log
of the employee machines:
Event id: 1043
Windows cannot access the registry information at \\domain
name.com\sysvol\domina
name.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\registry.pol.
(Access is denied. ).
Event id: 1096
Windows cannot access the registry policy file, \\domain
name.com\sysvol\domain
name.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\registry.pol.
(Access is denied. ).
Event ID: 1030
Windows cannot query for the list of Group Policy Objects. A message
that
describes the reason for this was previously logged by the policy
engine.
As per the following article,
http://technet2.microsoft.com/WindowsServer/en/library/0c73a3d4-4f93-4490-80f1-299eea89177f1033.mspx?mfr=true,
I have verified that replication between the domain controllers is
working,
as the registry.pol file exists on all 5 Domain Controller machines.
This
leads me to believe that the "Default Domain Policy" is corrupt. How
do I
go
about confirming this and resolving the issue?
- References:
- Re: GPO Problem
- From: Danny Sanders
- Re: GPO Problem
- From: john d
- Re: GPO Problem
- From: Danny Sanders
- Re: GPO Problem
- Prev by Date: Re: Replication error after changing pswd with Ctrl-Alt-Del
- Next by Date: Re: Help with a Group Policy setting
- Previous by thread: Re: GPO Problem
- Next by thread: Re: GPO Problem
- Index(es):
Relevant Pages
|
