Re: GROUP POLICY
- From: DD <DD@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 7 Jun 2009 19:40:01 -0700
yes, same machine, i suspect the backup DC not updated with the gpo which I
made changes, that's why I post another question on how to copy the gpo from
main to backup dc.
"Meinolf Weber [MVP-DS]" wrote:
Hello DD,.
Please post an unedited ipconfig /all from both machines and a repadmin /showrepl
also. Did i remember correct that you posted some time ago about problem
DC's which where upgraded and never worked correct? Are this the same machines?
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
When i create the new gpo, the file suppose save in sysvol\policy
folder, the new policy file only appear in my prImary DC but in the
sysvol\policy folder in second DC.
beacuse the replication is not working.
"Meinolf Weber [MVP-DS]" wrote:
Hello DD,
The Domain controllers hopefully are both located in the "Domain
controller" OU? Then both should get the same GPOs. What exactly do
you mean with "the policy file only appear in the primary DC"?
On a client you can type %logonserver% in a command window to see
which DC is used.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
ya are right, it works after i move the computer to the OU.
I have issues on the replication which can't solve sometime back ,
(i posted many time on this issue).
I have 2 DC, when i create the new grp policy, the policy file only
appear in the primary DC, it does not replicate to the other DC, can
i do a manual copy to the other DC for the timing ? any issues ?
What is the command to check the policy apply to the user pc is from
which DC, currently my 2 DC policy not replicate to each other, so
don't know which default DC domain policy apply to the user pc,
"Meinolf Weber [MVP-DS]" wrote:
Hello DD,
If i see:
CN=SG050001,CN=Computers,DC=OCSG,DC=co,DC=id
This looks for me that the workstation is in the COMPUTERS
container
not in an OU. In the COMPUTERS container ONLY parts of the default
domain policy are applied, that's by design.
So move the computer object to an OU so that all configuration done
in the "computers configuration" of the linked GPOs can take
effect.
Except the "user configuration" part all of this "password policy,
account lockout policy and , local policy, & user rights , under
the group policy object, Audit policy, windows setting" belongs to
"Computer configuration" and the machine has to be in the OU where
the policy is linked to.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
PLS SEE RESULT
u are right, is HR not audit.
Microsoft (R) Windows (R) XP Operating System Group Policy Result
tool
v2.0 Copyright (C) Microsoft Corp. 1981-2001
Created On 6/4/2009 at 10:30:25 AM
RSOP results for OCB\hrtest on SG050001 : Logging Mode
----------------------------------------------------------
OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: OCB
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
Roaming Profile:
Local Profile: C:\Documents and Settings\hrtest
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=SG050001,CN=Computers,DC=OCSG,DC=co,DC=id
Last time Group Policy was applied: 6/4/2009 at 10:25:42 AM
Group Policy was applied from: SG080001.OCSG.co.id
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
Default Domain Policy
The following GPOs were not applied because they were filtered out
------------------------------------------------------------------
-
Local Group Policy
Filtering: Not Applied (Empty)
The computer is a part of the following security groups:
--------------------------------------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
SG050001$
Domain Computers
Resultant Set Of Policies for Computer:
----------------------------------------
Software Installations
----------------------
N/A
Startup Scripts
---------------
N/A
Shutdown Scripts
----------------
N/A
Account Policies
----------------
GPO: Default Domain Policy
Policy: MinimumPasswordAge
Computer Setting: 3
GPO: Default Domain Policy
Policy: PasswordHistorySize
Computer Setting: 3
GPO: Default Domain Policy
Policy: LockoutDuration
Computer Setting: 4294967295
GPO: Default Domain Policy
Policy: ResetLockoutCount
Computer Setting: 90
GPO: Default Domain Policy
Policy: MinimumPasswordLength
Computer Setting: 8
GPO: Default Domain Policy
Policy: LockoutBadCount
Computer Setting: 3
GPO: Default Domain Policy
Policy: MaximumPasswordAge
Computer Setting: 30
Audit Policy
------------
GPO: Default Domain Policy
Policy: AuditPolicyChange
Computer Setting: Success, Failure
GPO: Default Domain Policy
Policy: AuditPrivilegeUse
Computer Setting: Success, Failure
GPO: Default Domain Policy
Policy: AuditDSAccess
Computer Setting: Failure
GPO: Default Domain Policy
Policy: AuditAccountLogon
Computer Setting: Failure
GPO: Default Domain Policy
Policy: AuditObjectAccess
Computer Setting: Failure
GPO: Default Domain Policy
Policy: AuditAccountManage
Computer Setting: Failure
GPO: Default Domain Policy
Policy: AuditLogonEvents
Computer Setting: Failure
GPO: Default Domain Policy
Policy: AuditProcessTracking
Computer Setting: Failure
GPO: Default Domain Policy
Policy: AuditSystemEvents
Computer Setting: Failure
User Rights
-----------
GPO: Default Domain Policy
Policy: SystemtimePrivilege
Computer Setting: Administrators
GPO: Default Domain Policy
Policy: InteractiveLogonRight
Computer Setting: Users
OCB\RAS and IAS Servers
OCB\Domain Users
Administrators
GPO: Default Domain Policy
Policy: DenyInteractiveLogonRight
Computer Setting: N/A
Security Options
----------------
GPO: Default Domain Policy
Policy: RequireLogonToChangePassword
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: PasswordComplexity
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: ClearTextPassword
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: NewAdministratorName
Computer Setting: Enabled
Event Log Settings
------------------
GPO: Default Domain Policy
Policy: MaximumLogSize
Computer Setting: 2048
Log Name: Security
GPO: Default Domain Policy
Policy: MaximumLogSize
Computer Setting: 1024
Log Name: System
GPO: Default Domain Policy
Policy: RetentionDays
Computer Setting: 4294967295
Log Name: Application
GPO: Default Domain Policy
Policy: MaximumLogSize
Computer Setting: 1024
Log Name: Application
GPO: Default Domain Policy
Policy: RetentionDays
Computer Setting: 4294967295
Log Name: System
GPO: Default Domain Policy
Policy: RetentionDays
Computer Setting: 4294967295
Log Name: Security
GPO: Default Domain Policy
Policy: RestrictGuestAccess
Computer Setting: Enabled
Log Name: System
GPO: Default Domain Policy
Policy: RestrictGuestAccess
Computer Setting: Enabled
Log Name: Application
GPO: Default Domain Policy
Policy: RestrictGuestAccess
Computer Setting: Enabled
Log Name: Security
Restricted Groups
-----------------
N/A
System Services
---------------
N/A
Registry Settings
-----------------
N/A
File System Settings
--------------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
N/A
USER SETTINGS
--------------
CN=hrtest,OU=Audit,DC=OCSG,DC=co,DC=id
Last time Group Policy was applied: 6/4/2009 at 10:25:42 AM
Group Policy was applied from: sgs0001.OCSG.co.id
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
Default Domain Policy
The following GPOs were not applied because they were filtered out
------------------------------------------------------------------
-
Audit Policy
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups:
----------------------------------------------------
Domain Users
Everyone
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
Grpappexcalibur
Grphrtest
Resultant Set Of Policies for User:
------------------------------------
Software Installations
----------------------
- Follow-Ups:
- Re: GROUP POLICY
- From: Meinolf Weber [MVP-DS]
- Re: GROUP POLICY
- From: Ace Fekay [Microsoft Certified Trainer]
- Re: GROUP POLICY
- References:
- Re: GROUP POLICY
- From: Ace Fekay [Microsoft Certified Trainer]
- Re: GROUP POLICY
- From: Ace Fekay [Microsoft Certified Trainer]
- Re: GROUP POLICY
- From: DD
- Re: GROUP POLICY
- From: Ace Fekay [Microsoft Certified Trainer]
- Re: GROUP POLICY
- From: Ace Fekay [Microsoft Certified Trainer]
- Re: GROUP POLICY
- From: DD
- Re: GROUP POLICY
- From: Ace Fekay [Microsoft Certified Trainer]
- Re: GROUP POLICY
- From: DD
- Re: GROUP POLICY
- From: Meinolf Weber [MVP-DS]
- Re: GROUP POLICY
- From: DD
- Re: GROUP POLICY
- From: Meinolf Weber [MVP-DS]
- Re: GROUP POLICY
- From: DD
- Re: GROUP POLICY
- From: Meinolf Weber [MVP-DS]
- Re: GROUP POLICY
- Prev by Date: Re: Backup policy
- Next by Date: Re: GROUP POLICY
- Previous by thread: Re: GROUP POLICY
- Next by thread: Re: GROUP POLICY
- Index(es):
Relevant Pages
|
Loading
