Re: GROUP POLICY
- From: Meinolf Weber [MVP-DS] <meiweb(nospam)@gmx.de>
- Date: Thu, 4 Jun 2009 09:34:06 +0000 (UTC)
Hello DD,
The Domain controllers hopefully are both located in the "Domain controller" OU? Then both should get the same GPOs. What exactly do you mean with "the policy file only appear in the primary DC"?
On a client you can type %logonserver% in a command window to see which DC is used.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
ya are right, it works after i move the computer to the OU.
I have issues on the replication which can't solve sometime back , (i
posted many time on this issue).
I have 2 DC, when i create the new grp policy, the policy file only
appear in the primary DC, it does not replicate to the other DC, can i
do a manual copy to the other DC for the timing ? any issues ?
What is the command to check the policy apply to the user pc is from
which DC, currently my 2 DC policy not replicate to each other, so
don't know which default DC domain policy apply to the user pc,
"Meinolf Weber [MVP-DS]" wrote:
Hello DD,
If i see:
CN=SG050001,CN=Computers,DC=OCSG,DC=co,DC=id
This looks for me that the workstation is in the COMPUTERS container
not in an OU. In the COMPUTERS container ONLY parts of the default
domain policy are applied, that's by design.
So move the computer object to an OU so that all configuration done
in the "computers configuration" of the linked GPOs can take effect.
Except the "user configuration" part all of this "password policy,
account lockout policy and , local policy, & user rights , under the
group policy object, Audit policy, windows setting" belongs to
"Computer configuration" and the machine has to be in the OU where
the policy is linked to.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
PLS SEE RESULT
u are right, is HR not audit.
Microsoft (R) Windows (R) XP Operating System Group Policy Result
tool
v2.0 Copyright (C) Microsoft Corp. 1981-2001
Created On 6/4/2009 at 10:30:25 AM
RSOP results for OCB\hrtest on SG050001 : Logging Mode
----------------------------------------------------------
OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: OCB
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
Roaming Profile:
Local Profile: C:\Documents and Settings\hrtest
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=SG050001,CN=Computers,DC=OCSG,DC=co,DC=id
Last time Group Policy was applied: 6/4/2009 at 10:25:42 AM
Group Policy was applied from: SG080001.OCSG.co.id
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
Default Domain Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The computer is a part of the following security groups:
--------------------------------------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
SG050001$
Domain Computers
Resultant Set Of Policies for Computer:
----------------------------------------
Software Installations
----------------------
N/A
Startup Scripts
---------------
N/A
Shutdown Scripts
----------------
N/A
Account Policies
----------------
GPO: Default Domain Policy
Policy: MinimumPasswordAge
Computer Setting: 3
GPO: Default Domain Policy
Policy: PasswordHistorySize
Computer Setting: 3
GPO: Default Domain Policy
Policy: LockoutDuration
Computer Setting: 4294967295
GPO: Default Domain Policy
Policy: ResetLockoutCount
Computer Setting: 90
GPO: Default Domain Policy
Policy: MinimumPasswordLength
Computer Setting: 8
GPO: Default Domain Policy
Policy: LockoutBadCount
Computer Setting: 3
GPO: Default Domain Policy
Policy: MaximumPasswordAge
Computer Setting: 30
Audit Policy
------------
GPO: Default Domain Policy
Policy: AuditPolicyChange
Computer Setting: Success, Failure
GPO: Default Domain Policy
Policy: AuditPrivilegeUse
Computer Setting: Success, Failure
GPO: Default Domain Policy
Policy: AuditDSAccess
Computer Setting: Failure
GPO: Default Domain Policy
Policy: AuditAccountLogon
Computer Setting: Failure
GPO: Default Domain Policy
Policy: AuditObjectAccess
Computer Setting: Failure
GPO: Default Domain Policy
Policy: AuditAccountManage
Computer Setting: Failure
GPO: Default Domain Policy
Policy: AuditLogonEvents
Computer Setting: Failure
GPO: Default Domain Policy
Policy: AuditProcessTracking
Computer Setting: Failure
GPO: Default Domain Policy
Policy: AuditSystemEvents
Computer Setting: Failure
User Rights
-----------
GPO: Default Domain Policy
Policy: SystemtimePrivilege
Computer Setting: Administrators
GPO: Default Domain Policy
Policy: InteractiveLogonRight
Computer Setting: Users
OCB\RAS and IAS Servers
OCB\Domain Users
Administrators
GPO: Default Domain Policy
Policy: DenyInteractiveLogonRight
Computer Setting: N/A
Security Options
----------------
GPO: Default Domain Policy
Policy: RequireLogonToChangePassword
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: PasswordComplexity
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: ClearTextPassword
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: NewAdministratorName
Computer Setting: Enabled
Event Log Settings
------------------
GPO: Default Domain Policy
Policy: MaximumLogSize
Computer Setting: 2048
Log Name: Security
GPO: Default Domain Policy
Policy: MaximumLogSize
Computer Setting: 1024
Log Name: System
GPO: Default Domain Policy
Policy: RetentionDays
Computer Setting: 4294967295
Log Name: Application
GPO: Default Domain Policy
Policy: MaximumLogSize
Computer Setting: 1024
Log Name: Application
GPO: Default Domain Policy
Policy: RetentionDays
Computer Setting: 4294967295
Log Name: System
GPO: Default Domain Policy
Policy: RetentionDays
Computer Setting: 4294967295
Log Name: Security
GPO: Default Domain Policy
Policy: RestrictGuestAccess
Computer Setting: Enabled
Log Name: System
GPO: Default Domain Policy
Policy: RestrictGuestAccess
Computer Setting: Enabled
Log Name: Application
GPO: Default Domain Policy
Policy: RestrictGuestAccess
Computer Setting: Enabled
Log Name: Security
Restricted Groups
-----------------
N/A
System Services
---------------
N/A
Registry Settings
-----------------
N/A
File System Settings
--------------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
N/A
USER SETTINGS
--------------
CN=hrtest,OU=Audit,DC=OCSG,DC=co,DC=id
Last time Group Policy was applied: 6/4/2009 at 10:25:42 AM
Group Policy was applied from: sgs0001.OCSG.co.id
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
Default Domain Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Audit Policy
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups:
----------------------------------------------------
Domain Users
Everyone
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
Grpappexcalibur
Grphrtest
Resultant Set Of Policies for User:
------------------------------------
Software Installations
----------------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
N/A
Folder Redirection
------------------
N/A
Internet Explorer Browser User Interface
----------------------------------------
N/A
Internet Explorer Connection
----------------------------
N/A
Internet Explorer URLs
----------------------
N/A
Internet Explorer Security
--------------------------
N/A
Internet Explorer Programs
--------------------------
N/A
"Ace Fekay [Microsoft Certified Trainer]" wrote:
"DD" <DD@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DA66D505-B8C7-40AE-BCEC-9C93F4D26A9F@xxxxxxxxxxxxxxxx
1 )I create the new OU from the active diretory name hrHello DD,
2) use the group policy management , under group policy objects,
create
new
policy name HR Policy, then i defined the my own policy .
3) I do a link an existing GPO to the HR Policy
4) from the active user directory , i move the test a/c to the
Audit
OU.
when I login the test a/c , i doest not apply the new HR policy,
still use default domain policy.
any steps i missed out, your assist pls.
I assume in #3 in your post:
"> 3) I do a link an existing GPO to the HR Policy"
That you meant you linked the GPO to the HR OU, not the HR Policy.
If you moved the user to the Audit OU, how is it going to get the
GPO
in the HR OU? As Meinolf said, it must be moved to where the GPO is
linked.
Otherwise, if you did move it to the HR OU, and it is not working,
you can
find out which GPOs are applied to the client by running in the
.
- Follow-Ups:
- Re: GROUP POLICY
- From: DD
- Re: GROUP POLICY
- References:
- Re: GROUP POLICY
- From: DD
- Re: GROUP POLICY
- Prev by Date: Re: GROUP POLICY
- Next by Date: Re: GROUP POLICY
- Previous by thread: Re: GROUP POLICY
- Next by thread: Re: GROUP POLICY
- Index(es):
Relevant Pages
|
