Seeking advice on users and GPOs

[G]

Hi everyone,

I "inherited" a small LAN (30 PCs) running 2000 and XP when the old IS
company walked out and took their servers with them. Created new AD and got
everyone to join but ppl are constantly running into access denied problems
etc. (some even get an Access Denied when using their floppies!)

What is a good GPO that can unlock all that? Should I consider giving them
some extra permissions? At the moment everyone is just member of Domain
Users.

Looking forward to suggestions,

G.

 

[Tim Springston \(MSFT\)]

Hi G-

It's possible that the workstations' local security settings have been
customized. To reset them to defaults, log in with local Administrative
privileges and reapply the default workstation security template using the
syntax below at a command prompt(without the quotes):

"secedit /configure /DB secedit.sdb /CFG %systemroot%\inf\defltwk.inf /log
secedit.log /verbose"

 

[Arxitektwn]

Thanks Tim

once they joined the new domain they were prompted to change pwds as I
specified in their accounts but everybody had "insufficient" rights to
change the pwd. Will the secedit take care of that as well?

G. ( using OE at home)

 

[Arxitektwn]

Also forgot to ask... is there a way of applying the secedit remotely?
(could be quite painful visiting all the machines and logging them locally!)

Many thanks,

G.