Re: GROUP POLICY
- From: DD <DD@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 4 Jun 2009 02:27:01 -0700
ya are right, it works after i move the computer to the OU.
I have issues on the replication which can't solve sometime back , (i posted
many time on this issue).
I have 2 DC, when i create the new grp policy, the policy file only appear
in the primary DC, it does not replicate to the other DC, can i do a manual
copy to the other DC for the timing ? any issues ?
What is the command to check the policy apply to the user pc is from which
DC,
currently my 2 DC policy not replicate to each other, so don't know which
default DC domain policy apply to the user pc,
"Meinolf Weber [MVP-DS]" wrote:
Hello DD,.
If i see:
CN=SG050001,CN=Computers,DC=OCSG,DC=co,DC=id
This looks for me that the workstation is in the COMPUTERS container not
in an OU. In the COMPUTERS container ONLY parts of the default domain policy
are applied, that's by design.
So move the computer object to an OU so that all configuration done in the
"computers configuration" of the linked GPOs can take effect.
Except the "user configuration" part all of this "password policy, account
lockout policy and , local policy, & user rights , under the group policy
object, Audit policy, windows setting" belongs to "Computer configuration"
and the machine has to be in the OU where the policy is linked to.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
PLS SEE RESULT
u are right, is HR not audit.
Microsoft (R) Windows (R) XP Operating System Group Policy Result tool
v2.0 Copyright (C) Microsoft Corp. 1981-2001
Created On 6/4/2009 at 10:30:25 AM
RSOP results for OCB\hrtest on SG050001 : Logging Mode
----------------------------------------------------------
OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: OCB
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
Roaming Profile:
Local Profile: C:\Documents and Settings\hrtest
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=SG050001,CN=Computers,DC=OCSG,DC=co,DC=id
Last time Group Policy was applied: 6/4/2009 at 10:25:42 AM
Group Policy was applied from: SG080001.OCSG.co.id
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
Default Domain Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The computer is a part of the following security groups:
--------------------------------------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
SG050001$
Domain Computers
Resultant Set Of Policies for Computer:
----------------------------------------
Software Installations
----------------------
N/A
Startup Scripts
---------------
N/A
Shutdown Scripts
----------------
N/A
Account Policies
----------------
GPO: Default Domain Policy
Policy: MinimumPasswordAge
Computer Setting: 3
GPO: Default Domain Policy
Policy: PasswordHistorySize
Computer Setting: 3
GPO: Default Domain Policy
Policy: LockoutDuration
Computer Setting: 4294967295
GPO: Default Domain Policy
Policy: ResetLockoutCount
Computer Setting: 90
GPO: Default Domain Policy
Policy: MinimumPasswordLength
Computer Setting: 8
GPO: Default Domain Policy
Policy: LockoutBadCount
Computer Setting: 3
GPO: Default Domain Policy
Policy: MaximumPasswordAge
Computer Setting: 30
Audit Policy
------------
GPO: Default Domain Policy
Policy: AuditPolicyChange
Computer Setting: Success, Failure
GPO: Default Domain Policy
Policy: AuditPrivilegeUse
Computer Setting: Success, Failure
GPO: Default Domain Policy
Policy: AuditDSAccess
Computer Setting: Failure
GPO: Default Domain Policy
Policy: AuditAccountLogon
Computer Setting: Failure
GPO: Default Domain Policy
Policy: AuditObjectAccess
Computer Setting: Failure
GPO: Default Domain Policy
Policy: AuditAccountManage
Computer Setting: Failure
GPO: Default Domain Policy
Policy: AuditLogonEvents
Computer Setting: Failure
GPO: Default Domain Policy
Policy: AuditProcessTracking
Computer Setting: Failure
GPO: Default Domain Policy
Policy: AuditSystemEvents
Computer Setting: Failure
User Rights
-----------
GPO: Default Domain Policy
Policy: SystemtimePrivilege
Computer Setting: Administrators
GPO: Default Domain Policy
Policy: InteractiveLogonRight
Computer Setting: Users
OCB\RAS and IAS Servers
OCB\Domain Users
Administrators
GPO: Default Domain Policy
Policy: DenyInteractiveLogonRight
Computer Setting: N/A
Security Options
----------------
GPO: Default Domain Policy
Policy: RequireLogonToChangePassword
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: PasswordComplexity
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: ClearTextPassword
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: NewAdministratorName
Computer Setting: Enabled
Event Log Settings
------------------
GPO: Default Domain Policy
Policy: MaximumLogSize
Computer Setting: 2048
Log Name: Security
GPO: Default Domain Policy
Policy: MaximumLogSize
Computer Setting: 1024
Log Name: System
GPO: Default Domain Policy
Policy: RetentionDays
Computer Setting: 4294967295
Log Name: Application
GPO: Default Domain Policy
Policy: MaximumLogSize
Computer Setting: 1024
Log Name: Application
GPO: Default Domain Policy
Policy: RetentionDays
Computer Setting: 4294967295
Log Name: System
GPO: Default Domain Policy
Policy: RetentionDays
Computer Setting: 4294967295
Log Name: Security
GPO: Default Domain Policy
Policy: RestrictGuestAccess
Computer Setting: Enabled
Log Name: System
GPO: Default Domain Policy
Policy: RestrictGuestAccess
Computer Setting: Enabled
Log Name: Application
GPO: Default Domain Policy
Policy: RestrictGuestAccess
Computer Setting: Enabled
Log Name: Security
Restricted Groups
-----------------
N/A
System Services
---------------
N/A
Registry Settings
-----------------
N/A
File System Settings
--------------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
N/A
USER SETTINGS
--------------
CN=hrtest,OU=Audit,DC=OCSG,DC=co,DC=id
Last time Group Policy was applied: 6/4/2009 at 10:25:42 AM
Group Policy was applied from: sgs0001.OCSG.co.id
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
Default Domain Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Audit Policy
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups:
----------------------------------------------------
Domain Users
Everyone
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
Grpappexcalibur
Grphrtest
Resultant Set Of Policies for User:
------------------------------------
Software Installations
----------------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
N/A
Folder Redirection
------------------
N/A
Internet Explorer Browser User Interface
----------------------------------------
N/A
Internet Explorer Connection
----------------------------
N/A
Internet Explorer URLs
----------------------
N/A
Internet Explorer Security
--------------------------
N/A
Internet Explorer Programs
--------------------------
N/A
"Ace Fekay [Microsoft Certified Trainer]" wrote:
"DD" <DD@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DA66D505-B8C7-40AE-BCEC-9C93F4D26A9F@xxxxxxxxxxxxxxxx
1 )I create the new OU from the active diretory name hrHello DD,
2) use the group policy management , under group policy objects,
create
new
policy name HR Policy, then i defined the my own policy .
3) I do a link an existing GPO to the HR Policy
4) from the active user directory , i move the test a/c to the Audit
OU.
when I login the test a/c , i doest not apply the new HR policy,
still use default domain policy.
any steps i missed out, your assist pls.
I assume in #3 in your post:
"> 3) I do a link an existing GPO to the HR Policy"
That you meant you linked the GPO to the HR OU, not the HR Policy.
If you moved the user to the Audit OU, how is it going to get the GPO
in the HR OU? As Meinolf said, it must be moved to where the GPO is
linked.
Otherwise, if you did move it to the HR OU, and it is not working,
you can
find out which GPOs are applied to the client by running in the
- Follow-Ups:
- Re: GROUP POLICY
- From: Meinolf Weber [MVP-DS]
- Re: GROUP POLICY
- References:
- Re: GROUP POLICY
- From: Ace Fekay [Microsoft Certified Trainer]
- Re: GROUP POLICY
- From: Ace Fekay [Microsoft Certified Trainer]
- Re: GROUP POLICY
- From: DD
- Re: GROUP POLICY
- From: Ace Fekay [Microsoft Certified Trainer]
- Re: GROUP POLICY
- From: Ace Fekay [Microsoft Certified Trainer]
- Re: GROUP POLICY
- From: DD
- Re: GROUP POLICY
- From: Ace Fekay [Microsoft Certified Trainer]
- Re: GROUP POLICY
- From: DD
- Re: GROUP POLICY
- From: Meinolf Weber [MVP-DS]
- Re: GROUP POLICY
- Prev by Date: Re: Time Service issue and time replication accross the domain.
- Next by Date: Re: GROUP POLICY
- Previous by thread: Re: GROUP POLICY
- Next by thread: Re: GROUP POLICY
- Index(es):
Relevant Pages
|
Loading
