Re: Move W2K3 server to it's own OU seperate from SBS (MyBusiness) OU
- From: "California SBS Dreaming" <noreply@xxxxxxxxxxx>
- Date: Thu, 17 Jan 2008 09:06:10 -0800
"kj [SBS MVP]" <KevinJ.SBS@xxxxxxxxxxxxxxxxxx> wrote in message
news:%23fTj8BLWIHA.5208@xxxxxxxxxxxxxxxxxxxxxxx
California SBS Dreaming wrote:
I think this thread is getting too long and the taks I want to really
do is beginning to get more complicated than it should be. All I want
to be able to do is manage the local policies on the member server
and not have it defined by the SBS server. I created a new OU at the
same level as MyBusiness and called it MyCitrix. I thought that was
all that was needed. When I log onto the member server and open the
local policy editor I cannot manage the "log on locally" and the "log
on as a service" policies. These are being defined by the SBS server.
A few simple questions here.
Did I create the new OU - MyCitrix at the wrong level?
How or what do I need to do to be able to manage these policies on the
member server?
This is was my point. To the best of my knowledge only domain controllers
have a group policy that defines 'log on locally'. If your 'server' is a
domain controller, then that is appropriate. If it is just a member
server, and it hasn't been inadvertainly placed in the domain controllers
OU, then it should not have that policy. Unless someone changed the 'out
of the box' settings of course.
If you want some help diagnosing *why* then your participation is needed.
1) Is the server a DC or *not*? (If you're not sure, we can help you make
that determination.)
This is not a DC and I am 100% positive about that.
2) On the memeber server, at a command prompt, type the line below. Then
post the gpresult.txt file here.
gpresult /scope computer /z>gpresult.txt
This will detail which policy is setting the 'log on locally'
"MyCitrix" ? Is there something else "special" about this server?
Nothing special. This is my citrix server hence the name for the new OU I
created. thanks for your assistance.
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 1/17/2008 at 8:52:38 AM
RSOP data for MACCABEE\Administrator on RACHEL : Logging Mode
--------------------------------------------------------------
OS Type: Microsoft(R) Windows(R) Server 2003, Standard
Edition
OS Configuration: Member Server
OS Version: 5.2.3790
Terminal Server Mode: Application Server
Site Name: Default-First-Site-Name
Roaming Profile:
Local Profile: C:\Documents and
Settings\Administrator.MACCABEE
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=Rachel,OU=Servers,OU=Computers,OU=MyCitrix,DC=MACCABEE,DC=local
Last time Group Policy was applied: 1/17/2008 at 8:47:51 AM
Group Policy was applied from: abraham.MACCABEE.local
Group Policy slow link threshold: 500 kbps
Domain Name: MACCABEE
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
Small Business Server Domain Password Policy
Small Business Server Remote Assistance Policy
Small Business Server Lockout Policy
Small Business Server Client Computer
Default Domain Policy
Instant Messenger Policy Rule
Local Group Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Small Business Server Internet Connection Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PreSP2
The computer is a part of the following security groups
-------------------------------------------------------
BUILTIN\Administrators
Everyone
IIS_WPG
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
This Organization
Rachel$
SBS 2003 Servers
Domain Computers
Resultant Set Of Policies for Computer
---------------------------------------
Software Installations
----------------------
GPO: N/A
Name: Microsoft Firewall Client
Version: 4.0
Deployment State: Assigned
Source: \\ABRAHAM\mspclnt\MS_FWC.msi
AutoInstall: True
Origin: Removed Package
Startup Scripts
---------------
N/A
Shutdown Scripts
----------------
N/A
Account Policies
----------------
GPO: Default Domain Policy
Policy: LockoutBadCount
Computer Setting: 3
GPO: Default Domain Policy
Policy: PasswordHistorySize
Computer Setting: 10
GPO: Small Business Server Domain Password Policy
Policy: MinimumPasswordAge
Computer Setting: N/A
GPO: Small Business Server Domain Password Policy
Policy: PasswordHistorySize
Computer Setting: 24
GPO: Default Domain Policy
Policy: MaximumPasswordAge
Computer Setting: 90
GPO: Small Business Server Lockout Policy
Policy: LockoutDuration
Computer Setting: 10
GPO: Small Business Server Lockout Policy
Policy: ResetLockoutCount
Computer Setting: 10
GPO: Default Domain Policy
Policy: MinimumPasswordLength
Computer Setting: 7
GPO: Default Domain Policy
Policy: MinimumPasswordAge
Computer Setting: N/A
GPO: Small Business Server Domain Password Policy
Policy: MinimumPasswordLength
Computer Setting: 7
GPO: Small Business Server Lockout Policy
Policy: LockoutBadCount
Computer Setting: 50
GPO: Default Domain Policy
Policy: ResetLockoutCount
Computer Setting: 10
GPO: Small Business Server Domain Password Policy
Policy: MaximumPasswordAge
Computer Setting: 45
GPO: Default Domain Policy
Policy: LockoutDuration
Computer Setting: 10
Audit Policy
------------
N/A
User Rights
-----------
GPO: Default Domain Policy
Policy: ServiceLogonRight
Computer Setting: NETWORK SERVICE
MACCABEE\CAServer
MACCABEE\Administrator
Backup Operators
GPO: Default Domain Policy
Policy: InteractiveLogonRight
Computer Setting: Administrators
Remote Desktop Users
Security Options
----------------
GPO: Default Domain Policy
Policy: RequireLogonToChangePassword
Computer Setting: Not Enabled
GPO: Small Business Server Domain Password Policy
Policy: PasswordComplexity
Computer Setting: Enabled
GPO: Default Domain Policy
Policy: PasswordComplexity
Computer Setting: Enabled
GPO: Default Domain Policy
Policy: ForceLogoffWhenHourExpire
Computer Setting: Not Enabled
GPO: Small Business Server Domain Password Policy
Policy: ClearTextPassword
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: ClearTextPassword
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: Interactive logon: Prompt user to change
password before expiration
ValueName: MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\PasswordExpiryWarning
Computer Setting: 14
Event Log Settings
------------------
N/A
Restricted Groups
-----------------
N/A
System Services
---------------
N/A
Registry Settings
-----------------
N/A
File System Settings
--------------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
GPO: Instant Messenger Policy Rule
KeyName:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{191cd7fa-f240-4a17-8986-94d480a6c8ca}\SaferFlags
Value: 0, 0, 0, 0
State: Enabled
GPO: Instant Messenger Policy Rule
KeyName:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{191cd7fa-f240-4a17-8986-94d480a6c8ca}\Description
Value: 0, 0
State: Enabled
GPO: Small Business Server Client Computer
KeyName:
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWelcomeScreen
Value: 1, 0, 0, 0
State: Enabled
GPO: Small Business Server Remote Assistance Policy
KeyName: software\policies\microsoft\windows NT\Terminal
Services\RAUnsolicit\MACCABEE\Domain Admins
Value: 77, 0, 65, 0, 67, 0, 67, 0, 65, 0, 66, 0, 69,
0, 69, 0, 92, 0, 68, 0, 111, 0, 109, 0, 97, 0, 105, 0, 110, 0, 32, 0, 65, 0,
100, 0, 109, 0, 105, 0, 110, 0, 115, 0, 0, 0
State: Enabled
GPO: Instant Messenger Policy Rule
KeyName:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\PolicyScope
Value: 0, 0, 0, 0
State: Enabled
GPO: Instant Messenger Policy Rule
KeyName:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{7272edfb-af9f-4ddf-b65b-e4282f2deefc}\SaferFlags
Value: 0, 0, 0, 0
State: Enabled
GPO: Instant Messenger Policy Rule
KeyName:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\DefaultLevel
Value: 0, 0, 4, 0
State: Enabled
GPO: Small Business Server Client Computer
KeyName: software\microsoft\windows
nt\currentversion\winlogon\SyncForegroundPolicy
Value: 1, 0, 0, 0
State: Enabled
GPO: Instant Messenger Policy Rule
KeyName:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{7272edfb-af9f-4ddf-b65b-e4282f2deefc}\Description
Value: 0, 0
State: Enabled
GPO: Instant Messenger Policy Rule
KeyName:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{d2c34ab2-529a-46b2-b293-fc853fce72ea}\Description
Value: 0, 0
State: Enabled
GPO: Small Business Server Remote Assistance Policy
KeyName: software\policies\microsoft\windows NT\Terminal
Services\fAllowUnsolicitedFullControl
Value: 1, 0, 0, 0
State: Enabled
GPO: Small Business Server Client Computer
KeyName: software\policies\microsoft\windows\network
connections\NC_ShowSharedAccessUI
Value: 0, 0, 0, 0
State: Enabled
GPO: Instant Messenger Policy Rule
KeyName:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{8868b733-4b3a-48f8-9136-aa6d05d4fc83}\Description
Value: 0, 0
State: Enabled
GPO: Instant Messenger Policy Rule
KeyName:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{8868b733-4b3a-48f8-9136-aa6d05d4fc83}\SaferFlags
Value: 0, 0, 0, 0
State: Enabled
GPO: Small Business Server Client Computer
KeyName: software\policies\microsoft\windows\network
connections\NC_AllowNetBridge_NLA
Value: 0, 0, 0, 0
State: Enabled
GPO: Instant Messenger Policy Rule
KeyName:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled
Value: 1, 0, 0, 0
State: Enabled
GPO: Small Business Server Remote Assistance Policy
KeyName: software\policies\microsoft\windows NT\Terminal
Services\fAllowUnsolicited
Value: 1, 0, 0, 0
State: Enabled
GPO: Instant Messenger Policy Rule
KeyName:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{d2c34ab2-529a-46b2-b293-fc853fce72ea}\SaferFlags
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
KeyName:
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktop
Value: 1, 0, 0, 0
State: Enabled
.
- Follow-Ups:
- Re: Move W2K3 server to it's own OU seperate from SBS (MyBusiness) OU
- From: kj [SBS MVP]
- Re: Move W2K3 server to it's own OU seperate from SBS (MyBusiness) OU
- References:
- Move W2K3 server to it's own OU seperate from SBS (MyBusiness) OU
- From: California SBS Dreaming
- Re: Move W2K3 server to it's own OU seperate from SBS (MyBusiness) OU
- From: California SBS Dreaming
- Re: Move W2K3 server to it's own OU seperate from SBS (MyBusiness) OU
- From: Les Connor [SBS MVP]
- Re: Move W2K3 server to it's own OU seperate from SBS (MyBusiness) OU
- From: California SBS Dreaming
- Re: Move W2K3 server to it's own OU seperate from SBS (MyBusiness) OU
- From: Les Connor [SBS MVP]
- Re: Move W2K3 server to it's own OU seperate from SBS (MyBusiness) OU
- From: California SBS Dreaming
- Re: Move W2K3 server to it's own OU seperate from SBS (MyBusiness) OU
- From: kj [SBS MVP]
- Move W2K3 server to it's own OU seperate from SBS (MyBusiness) OU
- Prev by Date: SBS 2003 closes connection on RPC users
- Next by Date: Re: Windows Mobile enabled Phones - I'm very pleased
- Previous by thread: Re: Move W2K3 server to it's own OU seperate from SBS (MyBusiness) OU
- Next by thread: Re: Move W2K3 server to it's own OU seperate from SBS (MyBusiness) OU
- Index(es):
Relevant Pages
|
