Re: Vera please explain this if you can

thanks Vera for ur reply...

so you are saying that the Domain Controller Security Policy in Admin tools
and secpol.msc are NOT the same thing....

I was sure they were... same settings at a first look...

could u explain better the difference between the two?

Regards,
Luca

"Vera Noest [MVP]" wrote:

There's no need to SHOUT, Luca :-)

You have been looking at 2, possibly 3 different policies:
Under Administrative Tools, there are links to both the Default
Domain Security Policy and the Default Domain Controller Security
Policy.
When you run secpol.msc, you open the Local Security Policy.

I recommend installing the Group Policy Management Console, from
http://www.microsoft.com/windowsserver2003/gpmc/default.mspx

Then use it to run a Resultant Set of Policies, for one of your
user accounts and the DC. You will see exactly which policies are
applied and in which order.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?aGFsZmx1a2U=?= <halfluke@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote on 04 aug 2007 in
microsoft.public.windows.terminal_services:

Hi,
I'm studying TS for the exam 70-290.
I'm practicing on a 2 pcs network, one is a DC, the other one a
win xp workstation.
I COULDN'T USE REMOTE DESKTOP TO CONNECT FROM XP TO 2003 DC

Yes, remote desktop users group ok etc...
Yes, Allow logon through terminal services ok etc...

I looked for 2 days... reading the newsgroup... realizing that
Vera is the guru :)

OH, The error when I tried to connect was: you need to enable
Allow logon through TS for Remote desktop users and bla bla
bla...

NOW TELL ME, VERA OR ANYONE...
Opening Domain COntroller Security Policy in Administration
tools, everything seemed fine... the right users are allowed,
nobody is denied... When I opened secpol.msc from Run.... I
FOUND THE TWO ACCOUNTS I WAS TRYING TO CONNECT IN THE "DENY
LOGON THROUGH TS" SETTING!!! WHAT THE HELL? WHY?? AREN'T THEY
EXACTLY THE SAME CONSOLE (I mean the GUI and secpol.msc)??? HOW
DID THEY GO THERE IN THE "DENY" SETTING? Removed them from
there, Remote desktop works...

Vera, if you know why just please dont keep the secret...

Luca

.

Relevant Pages

  • Re: Vera please explain this if you can
    ... Domain Security Policy and the Default Domain Controller Security ... Then use it to run a Resultant Set of Policies, ... I COULDN'T USE REMOTE DESKTOP TO CONNECT FROM XP TO 2003 DC ... Vera is the guru:) ...
    (microsoft.public.windows.terminal_services)
  • Re: Vera please explain this if you can
    ... Vera Noest ... Domain Security Policy and the Default Domain Controller ... I recommend installing the Group Policy Management Console, ... I COULDN'T USE REMOTE DESKTOP TO CONNECT FROM XP TO 2003 DC ...
    (microsoft.public.windows.terminal_services)
  • Re: Cannot access security settings in Win 2003
    ... Cannot get into Domain Controller Security Policy, ... > at least read/write permissions. ... >> with an account that has admin, domain admin, enterprise admin, group ...
    (microsoft.public.windows.server.networking)
  • Re: Failed to open group policy object
    ... The error when I attempt to open Default Domain Controller Security Policy ... in Administrative Tools is ... "Windows cannot find the network path. ...
    (microsoft.public.windows.group_policy)
  • Re: Limit number of login attemps on Windows server 2003 - where to set this up?
    ... The Domain Security Policy applies to all computers in the ... and the Domain Controller Security Policy only applies to Domain ... > I'm setting up a single server at our small office with Win 2003 server. ...
    (microsoft.public.windows.server.general)