Group Policies destroys networking in Vista

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,
I have added my new Vista RTM machine to our existing W2K3 domain.
Now if the policies get active several services stop working: BFE (and
everything that depends), the W32-Time, DHCP and some more.
After joining the domain some rights in the registy seem to have changed:
"Local Service" and "Network Service" are no longer allowed to access several
keys.

After changing the rights in the registry all services exept BFE work until
the next reboot.

I could not find any entries in the policies that could change the rights.
Does anybody has an idea? All our XP machines run fine with the group
policies!

Regards,
Dirk
 
Sure, in the eventlogs are the entries: Access is denied.
The problem seems to be in the group policies.
There exist Keys like Registry and Filesystem keys in there but I have no
idea where they come from.... I have two other domains where these keys not
exist!


Richard G. Harper said:
I haven't seen anything like this and I have several Vista computers running
on our domain just fine. Check the event logs for possible errors and
solutions.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* NEW! Catch my blog ... http://msmvps.com/blogs/rgharper/
* PLEASE post all messages and replies in the newsgroups
* The Website - http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm


DBuedenbender said:
Hi,
I have added my new Vista RTM machine to our existing W2K3 domain.
Now if the policies get active several services stop working: BFE (and
everything that depends), the W32-Time, DHCP and some more.
After joining the domain some rights in the registy seem to have changed:
"Local Service" and "Network Service" are no longer allowed to access
several
keys.

After changing the rights in the registry all services exept BFE work
until
the next reboot.

I could not find any entries in the policies that could change the rights.
Does anybody has an idea? All our XP machines run fine with the group
policies!

Regards,
Dirk
 
I have the same problem. Did you ever import security templates? I believe,
that thes settings came from there.
I removed those entries from group policy, but still my diagnostic and
dhcp-cleitn services refuse to start...
Which registry keys' security are you changing?

Dirk Buedenbender said:
Sure, in the eventlogs are the entries: Access is denied.
The problem seems to be in the group policies.
There exist Keys like Registry and Filesystem keys in there but I have no
idea where they come from.... I have two other domains where these keys not
exist!


Richard G. Harper said:
I haven't seen anything like this and I have several Vista computers running
on our domain just fine. Check the event logs for possible errors and
solutions.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* NEW! Catch my blog ... http://msmvps.com/blogs/rgharper/
* PLEASE post all messages and replies in the newsgroups
* The Website - http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm


DBuedenbender said:
Hi,
I have added my new Vista RTM machine to our existing W2K3 domain.
Now if the policies get active several services stop working: BFE (and
everything that depends), the W32-Time, DHCP and some more.
After joining the domain some rights in the registy seem to have changed:
"Local Service" and "Network Service" are no longer allowed to access
several
keys.

After changing the rights in the registry all services exept BFE work
until
the next reboot.

I could not find any entries in the policies that could change the rights.
Does anybody has an idea? All our XP machines run fine with the group
policies!

Regards,
Dirk
 
Hi Wolfgang,
yes, I suppose someone did import the security templates before I started
with the company....
As the XP clients are fine with the policies I have copied them all to a new
OU for all vista clients and removed the security guideslines there.

To get track of the missing rights, the best method is to try the process
monitor and filter for all results "Access is denied". I got most of the
services working again but at least the basic filtering engine never started
so I have reinstalled the system as this was much faster than digging deeper
in the system.

Rgs,
Dirk

Wolfgang Bures said:
I have the same problem. Did you ever import security templates? I believe,
that thes settings came from there.
I removed those entries from group policy, but still my diagnostic and
dhcp-cleitn services refuse to start...
Which registry keys' security are you changing?

Dirk Buedenbender said:
Sure, in the eventlogs are the entries: Access is denied.
The problem seems to be in the group policies.
There exist Keys like Registry and Filesystem keys in there but I have no
idea where they come from.... I have two other domains where these keys not
exist!


Richard G. Harper said:
I haven't seen anything like this and I have several Vista computers running
on our domain just fine. Check the event logs for possible errors and
solutions.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* NEW! Catch my blog ... http://msmvps.com/blogs/rgharper/
* PLEASE post all messages and replies in the newsgroups
* The Website - http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm


Hi,
I have added my new Vista RTM machine to our existing W2K3 domain.
Now if the policies get active several services stop working: BFE (and
everything that depends), the W32-Time, DHCP and some more.
After joining the domain some rights in the registy seem to have changed:
"Local Service" and "Network Service" are no longer allowed to access
several
keys.

After changing the rights in the registry all services exept BFE work
until
the next reboot.

I could not find any entries in the policies that could change the rights.
Does anybody has an idea? All our XP machines run fine with the group
policies!

Regards,
Dirk
 
You "reinstalled the system", meaning you re-installed the vista machien and
it worked, or you set-up the domain anew?
I have had this issue again and again after clean installing a vista
machine. Maybe this link
(http://blogs.technet.com/asiasupp/a...ying-vista-client-in-windows-2000-domain.aspx)
helps, I have to try it out. My domain was upgraded from W2K.....

Dirk Buedenbender said:
Hi Wolfgang,
yes, I suppose someone did import the security templates before I started
with the company....
As the XP clients are fine with the policies I have copied them all to a new
OU for all vista clients and removed the security guideslines there.

To get track of the missing rights, the best method is to try the process
monitor and filter for all results "Access is denied". I got most of the
services working again but at least the basic filtering engine never started
so I have reinstalled the system as this was much faster than digging deeper
in the system.

Rgs,
Dirk

Wolfgang Bures said:
I have the same problem. Did you ever import security templates? I believe,
that thes settings came from there.
I removed those entries from group policy, but still my diagnostic and
dhcp-cleitn services refuse to start...
Which registry keys' security are you changing?

Dirk Buedenbender said:
Sure, in the eventlogs are the entries: Access is denied.
The problem seems to be in the group policies.
There exist Keys like Registry and Filesystem keys in there but I have no
idea where they come from.... I have two other domains where these keys not
exist!


:

I haven't seen anything like this and I have several Vista computers running
on our domain just fine. Check the event logs for possible errors and
solutions.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* NEW! Catch my blog ... http://msmvps.com/blogs/rgharper/
* PLEASE post all messages and replies in the newsgroups
* The Website - http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm


Hi,
I have added my new Vista RTM machine to our existing W2K3 domain.
Now if the policies get active several services stop working: BFE (and
everything that depends), the W32-Time, DHCP and some more.
After joining the domain some rights in the registy seem to have changed:
"Local Service" and "Network Service" are no longer allowed to access
several
keys.

After changing the rights in the registry all services exept BFE work
until
the next reboot.

I could not find any entries in the policies that could change the rights.
Does anybody has an idea? All our XP machines run fine with the group
policies!

Regards,
Dirk
 
I tried your approach with procMon, but I didnt get any Denials. Some buffer
overflows and some reparses but nothing to wierd... No ideas from here.

Dirk Buedenbender said:
Hi Wolfgang,
yes, I suppose someone did import the security templates before I started
with the company....
As the XP clients are fine with the policies I have copied them all to a new
OU for all vista clients and removed the security guideslines there.

To get track of the missing rights, the best method is to try the process
monitor and filter for all results "Access is denied". I got most of the
services working again but at least the basic filtering engine never started
so I have reinstalled the system as this was much faster than digging deeper
in the system.

Rgs,
Dirk

Wolfgang Bures said:
I have the same problem. Did you ever import security templates? I believe,
that thes settings came from there.
I removed those entries from group policy, but still my diagnostic and
dhcp-cleitn services refuse to start...
Which registry keys' security are you changing?

Dirk Buedenbender said:
Sure, in the eventlogs are the entries: Access is denied.
The problem seems to be in the group policies.
There exist Keys like Registry and Filesystem keys in there but I have no
idea where they come from.... I have two other domains where these keys not
exist!


:

I haven't seen anything like this and I have several Vista computers running
on our domain just fine. Check the event logs for possible errors and
solutions.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* NEW! Catch my blog ... http://msmvps.com/blogs/rgharper/
* PLEASE post all messages and replies in the newsgroups
* The Website - http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm


Hi,
I have added my new Vista RTM machine to our existing W2K3 domain.
Now if the policies get active several services stop working: BFE (and
everything that depends), the W32-Time, DHCP and some more.
After joining the domain some rights in the registy seem to have changed:
"Local Service" and "Network Service" are no longer allowed to access
several
keys.

After changing the rights in the registry all services exept BFE work
until
the next reboot.

I could not find any entries in the policies that could change the rights.
Does anybody has an idea? All our XP machines run fine with the group
policies!

Regards,
Dirk
 
Back
Top