Re: Can't change security policy

From: "rindi" <rindi@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 30 Dec 2005 01:47:01 -0800

Thanks for your reply. Yes, I'm in europe.

I'll try to get the secure passwords accepted by the client, but it isn't
the main issue at the moment, but I suspect it is one reason why I can't
logon to the server from the network. While the server was just server and no
AD installed things worked, Now with AD and exchange in place I just can't
logon from the workstations and I can't add them to the domain either.

There was a problem when I tried installing the AD and Exchange with the
wizard, it stopped with an error message I don't remember, so I ran dcpromo
manually and then did forest and domainprep and installed exchange server. It
seems that after having installed AD I can't access the two security policy
applets in the administration menu (or I can access them, but I can't change
anything). In Active Directory users and computers I've removed the main GPO,
then tried creating a new one, that worked. But again I can't save any
changes.

When the server starts I get an eventlog error (Applications):
userenv, id: 1030

(translation, so might not be completely accurate)

a call for the list of grouppolicy objects failed,.......

The PCs on the LAN can logon to themselves, but I can't add them to the
domain or get them to connect to a shared resource.

When trying to connect them, the error I get is:

The User doesn't have this logon-type

(again a translation).

"Leonid S. Knyshov" wrote:

> "rindi" <rindi@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:25846E55-28B1-4DA7-81A1-F22C0EFD439F@xxxxxxxxxxxxxxxx
> >I know that passwords should strong, but theclient insists on them being
> > easier!
> >
> > What from netdiag and dcdiag do you need?
> > DCDIAG:
> > Starting test: NetLogons
> > * Warning VORDEFINIERT\Administratoren did not have the "Access
> > this computer
> > * from network" right.
> > [G4WSRV01] An net use or LsaPolicy operation failed with error 1,
> > Win32 Error 1.
> > ......................... G4WSRV01 failed test NetLogons
>
> Thanks, loooks like you have a netlogon issue but your AD in general is OK.
> Netlogons test failure is the reason why no one can login. Incidently, users
> can't logon to the server directly by design. Can they login to their local
> workstations?
>
> Your client should be advised that you are unable to change the password
> policy as that is after all the truth of this matter. As far as I can tell,
> you are in Europe and are thus subject to their data protection laws. I
> doubt your client would want to deal with a case of negligence due to weak
> passwords. I deal with this issue at every smaller client (it is not a
> concern for any customer with over 50 workstations), and they give up soon
> enough. Explain to them that they are no longer a private little island, but
> that once VPN or RWW are implemented, they become subject to a remote attack
> from the Internet. "As part of my assessment, I identified a number of weak
> passwords on this network. Fortunately, the SBS upgrade includes a much
> improved security policy that will go into effect 7 days after the system is
> live. There is no way to override it and I included these measures in your
> new proposed corporate security policy."
>
> What have you modified that your Administrators group is unable to login
> through the Network? It looks to me that you started modifying group
> policies and by now they are no longer normal and will create further
> issues.
> --
> Leonid S. Knyshov, CEO
> Crashproof Solutions, LLC - http://www.crashproofsolutions.com
> MCP Exchange 2003/Small Business Server 2003, CCNA, SCSA 8
> Microsoft Small Business Specialist Partner
>
>
>
.

Follow-Ups:
- Re: Can't change security policy
  - From: rindi

References:
- Re: Can't change security policy
  - From: Leonid S. Knyshov
- Re: Can't change security policy
  - From: rindi
- Re: Can't change security policy
  - From: Leonid S. Knyshov

Prev by Date: RE: One user with email delivery problems
Next by Date: Re: Recycle Bin asking to delete Windows.
Previous by thread: Re: Can't change security policy
Next by thread: Re: Can't change security policy
Index(es):
- Date
- Thread

Relevant Pages

Re: request for comments : slush
... You then connect back out via SSH client, ... web client or mail client on that server? ... has your passwords, and uses the same password you used for one to break ... that full session encryption is an unacceptable load, ...
(comp.security.ssh)
Re: Novell/Windows 2003 PW Syncing problem
... Every 45 days, Netware forces the users to change passwords which undoes the sync between our windows clients and the server, so our UNC drive mappings no longer work. ... In fact the novell client changes the windows passwords automatically in order to make windows login automatic. ...
(comp.os.netware.misc)
Re: ssh security question
... In my case - the client is a windows client and the ssh is embedded into the windows nx client. ... Is there any reason I can't run ssh-keygen on the server and copy the private key to the client - and the public key to the "authorised" directory? ... sniffer can catch your passwords, and it would make it trivial to log in ...
(SSH)
Re: Cant change security policy
... > I'll try to get the secure passwords accepted by the client, ... > logon to the server from the network. ... > There was a problem when I tried installing the AD and Exchange with the ... >> improved security policy that will go into effect 7 days after the system is ...
(microsoft.public.windows.server.sbs)
Userenv error 1030 cannot apply group policy Options
... applied the Reg patch to a client to test, ... that the "Security policy in the Group policy objects has been applied ... Server IP address is a manually configured at ... All clients are then leased IP addresses from 150.1.1.x on the DHCP ...
(microsoft.public.windows.server.sbs)