W
WinTelSA
I have an member server (Wk2) under W2K3 domain. Some of its effective
security settings (i.e deny logon locally) will not changed by adjusting
local security policy.
Suspected that was caused by GP. However , GPRRESULT only gives the policy
comes from an inexist server. I asked my AD colleague that Site, default
domain and OU did not implement control in this settings.
Effective setting is checked and greyed out. Local setting is unchecked.
Effective setting remain the same even if server has already rebooted.
Would like to ask whether there is way to find out the cause. Is it caused
by group policy or old history left in the W2K server ?
Below is a sample of GPResult :
dc_name is an removed DC. I checked this server (server_hostname) can
connect to replacment DC through port 135 & 389 respectively.
- BEGIN -
Microsoft (R) Windows (R) 2000 Operating System Group Policy Result tool
Copyright (C) Microsoft Corp. 1981-1999
Created on Wednesday, April 22, 2009 at 9:24:27 PM
Operating System Information:
Operating System Type: Server
Operating System Version: 5.0.2195.Service Pack 4
Terminal Server Mode: None
#####################################################
User Group Policy results for:
server_hostname\user_id
Domain Name: server_hostname
Domain Type: None (Local user account)
Roaming profile: (None)
Local profile: C:\Documents and Settings\user_id
The user is a member of the following security groups:
server_hostname\None
\Everyone
BUILTIN\Users
BUILTIN\Administrators
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
\LOCAL
#####################################################
Last time Group Policy was applied: Wednesday, April 22, 2009 at 8:22:49 PM
#####################################################
Computer Group Policy results for:
Domain Name: a_domain
Domain Type: Windows 2000
Site Name: a_site
The computer is a member of the following security groups:
BUILTIN\Administrators
\Everyone
NT AUTHORITY\Authenticated Users
#####################################################
Last time Group Policy was applied: Wednesday, April 22, 2009 at 8:17:45 PM
Group Policy was applied from: dc_name.domain_name
=====================================================
The computer received "Registry" settings from these GPOs:
Local Group Policy
=====================================================The computer received
"Security" settings from these GPOs:
Local Group Policy
=====================================================The computer received
"EFS recovery" settings from these GPOs:
Local Group Policy
- END -
security settings (i.e deny logon locally) will not changed by adjusting
local security policy.
Suspected that was caused by GP. However , GPRRESULT only gives the policy
comes from an inexist server. I asked my AD colleague that Site, default
domain and OU did not implement control in this settings.
Effective setting is checked and greyed out. Local setting is unchecked.
Effective setting remain the same even if server has already rebooted.
Would like to ask whether there is way to find out the cause. Is it caused
by group policy or old history left in the W2K server ?
Below is a sample of GPResult :
dc_name is an removed DC. I checked this server (server_hostname) can
connect to replacment DC through port 135 & 389 respectively.
- BEGIN -
Microsoft (R) Windows (R) 2000 Operating System Group Policy Result tool
Copyright (C) Microsoft Corp. 1981-1999
Created on Wednesday, April 22, 2009 at 9:24:27 PM
Operating System Information:
Operating System Type: Server
Operating System Version: 5.0.2195.Service Pack 4
Terminal Server Mode: None
#####################################################
User Group Policy results for:
server_hostname\user_id
Domain Name: server_hostname
Domain Type: None (Local user account)
Roaming profile: (None)
Local profile: C:\Documents and Settings\user_id
The user is a member of the following security groups:
server_hostname\None
\Everyone
BUILTIN\Users
BUILTIN\Administrators
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
\LOCAL
#####################################################
Last time Group Policy was applied: Wednesday, April 22, 2009 at 8:22:49 PM
#####################################################
Computer Group Policy results for:
Domain Name: a_domain
Domain Type: Windows 2000
Site Name: a_site
The computer is a member of the following security groups:
BUILTIN\Administrators
\Everyone
NT AUTHORITY\Authenticated Users
#####################################################
Last time Group Policy was applied: Wednesday, April 22, 2009 at 8:17:45 PM
Group Policy was applied from: dc_name.domain_name
=====================================================
The computer received "Registry" settings from these GPOs:
Local Group Policy
=====================================================The computer received
"Security" settings from these GPOs:
Local Group Policy
=====================================================The computer received
"EFS recovery" settings from these GPOs:
Local Group Policy
- END -