G
Guest
Okay this should be an easy one, I think.
Executive summary: Windows XP machines in my domain show the following
machine policy status when I run gpresult:
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Default Domain Policy
Filtering: Denied (Security)
The long version:
I have a W2K native-mode domain with two domain controllers, about six or
seven member servers, and about fifty workstations.
I have one domain policy called "Default Domain Policy" sitting at the top
level in AD Users and Computers. It only has a few things set -
specifically, I'm trying to get my XP SP2 machines to allow a couple of
firewall exceptions. I don't want to use a login script to implement these
exceptions. That just feels so ghetto when you have these cool policies to
use.
Anyway the XP SP2 firewall settings are a part of the machine policy as I've
noticed, and I've set them up the way I want them. When I log in to any
given machine as a user, however, this is part of what I see in gpresult on
XP machines:
COMPUTER SETTINGS
------------------
CN=<COMPUTER NAME>,CN=Computers,DC=<MY DOMAIN>,DC=com
Last time Group Policy was applied: 4/1/2005 at 3:21:24 PM
Group Policy was applied from: <SERVERNAME>
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
N/A
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Default Domain Policy
Filtering: Denied (Security)
Local Group Policy
Filtering: Not Applied (Empty)
The computer is a part of the following security groups:
--------------------------------------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
<COMPUTERNAME>$
Domain Computers
Note that stuff like <COMPUTERNAME> is my replacement text. GPResult
returns valid results - I'm just censoring them because I'm paranoid.
So as you can imagine, I'm trying to figure out why the machine GPO doesn't
apply. I figure it's something very simple, but quite honestly I'm not sure
where to start. Any thoughts?
Thanks for your help.
Executive summary: Windows XP machines in my domain show the following
machine policy status when I run gpresult:
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Default Domain Policy
Filtering: Denied (Security)
The long version:
I have a W2K native-mode domain with two domain controllers, about six or
seven member servers, and about fifty workstations.
I have one domain policy called "Default Domain Policy" sitting at the top
level in AD Users and Computers. It only has a few things set -
specifically, I'm trying to get my XP SP2 machines to allow a couple of
firewall exceptions. I don't want to use a login script to implement these
exceptions. That just feels so ghetto when you have these cool policies to
use.
Anyway the XP SP2 firewall settings are a part of the machine policy as I've
noticed, and I've set them up the way I want them. When I log in to any
given machine as a user, however, this is part of what I see in gpresult on
XP machines:
COMPUTER SETTINGS
------------------
CN=<COMPUTER NAME>,CN=Computers,DC=<MY DOMAIN>,DC=com
Last time Group Policy was applied: 4/1/2005 at 3:21:24 PM
Group Policy was applied from: <SERVERNAME>
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
N/A
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Default Domain Policy
Filtering: Denied (Security)
Local Group Policy
Filtering: Not Applied (Empty)
The computer is a part of the following security groups:
--------------------------------------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
<COMPUTERNAME>$
Domain Computers
Note that stuff like <COMPUTERNAME> is my replacement text. GPResult
returns valid results - I'm just censoring them because I'm paranoid.
So as you can imagine, I'm trying to figure out why the machine GPO doesn't
apply. I figure it's something very simple, but quite honestly I'm not sure
where to start. Any thoughts?
Thanks for your help.