Announcement

Collapse
No announcement yet.

GPO problem

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • GPO problem

    Hi friends

    Im not able to apply gpo on client machines using xp.My server is win2003.When i apply gpo in mmc,its applying locally to server machine not on the client xp machine.Can anyone rectify that problem.

  • #2
    Re: GPO problem

    Is it a domain?
    Where is the policy being applied -- domain or OU?
    Have you tried using RSoP (Group Policy Results) to see what is happening?
    Are there any unusual events on the server or workstation event logs?
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: GPO problem

      It is a domain. how to run a gpresult.when i run a gpresult a terminal is opened and i dont know where it is stored.Can u give me details

      Thanks for responding

      Comment


      • #4
        Re: GPO problem

        Check Admin Tools on your server and see if you have "Group Policy Management Console" installed

        If so, open it and GP Modelling is at the bottom of the tree. Graphical so much easier than the CLI tool
        If not, go to Microsoft, download it and install on the server...
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: GPO problem

          Policy Setting
          Allow users to encrypt files using Encrypting File System (EFS) Enabled

          Certificateshide
          Issued To Issued By Expiration Date Intended Purposes
          Administrator Administrator 1/27/2011 8:48:37 PM File Recovery

          For additional information about individual settings, launch Group Policy Object Editor.
          Public Key Policies/Trusted Root Certification Authoritieshide
          Propertieshide
          Policy Setting
          Allow users to select new root certification authorities (CAs) to trust Enabled
          Client computers can trust the following certificate stores Third-Party Root Certification Authorities and Enterprise Root Certification Authorities
          To perform certificate-based authentication of users and computers, CAs must meet the following criteria Registered in Active Directory only

          User Configuration (Enabled)hide
          Windows Settingshide
          Remote Installation Serviceshide
          Client Installation Wizard optionshide
          Policy Setting
          Custom Setup Disabled
          Restart Setup Disabled
          Tools Disabled

          Administrative Templateshide
          Desktop/Active Desktophide
          Policy Setting
          Active Desktop Wallpaper Enabled
          Wallpaper Name: c:\windows\web\wallpaper\home.jpg
          Example: Using a local path: C:\windows\web\wallpaper\home.jpg
          Example: Using a UNC path: \\Server\Share\Corp.jpg
          Wallpaper Style: Stretch

          Policy Setting
          Prohibit adding items Enabled
          Prohibit changes Enabled

          Comment


          • #6
            Re: GPO problem

            What is your domain policy actually trying to do?

            The GP Results wizard should show you the "winning policy" for each setting
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: GPO problem

              Default Domain Policy
              Data collected on: 1/29/2008 6:21:16 PM hide all

              Generalhide
              Detailshide
              Domain ajsquare.com
              Owner AJSQUARE\Domain Admins
              Created 1/28/2008 8:38:06 PM
              Modified 1/29/2008 4:04:04 PM
              User Revisions 8 (AD), 8 (sysvol)
              Computer Revisions 3 (AD), 3 (sysvol)
              Unique ID {31B2F340-016D-11D2-945F-00C04FB984F9}
              GPO Status Enabled

              Linkshide
              Location Enforced Link Status Path
              ajsquare No Enabled ajsquare.com

              This list only includes links in the domain of the GPO.
              Security Filteringhide
              The settings in this GPO can only apply to the following groups, users, and computers:Name
              AJSQUARE\customersupport
              AJSQUARE\dotnet
              AJSQUARE\java
              AJSQUARE\multimedia
              AJSQUARE\php
              AJSQUARE\testing
              AJSQUARE\webdesign
              NT AUTHORITY\Authenticated Users

              WMI Filteringhide
              WMI Filter Name None
              Description Not applicable

              Delegationhide
              These groups and users have the specified permission for this GPOName Allowed Permissions Inherited
              AJSQUARE\customersupport Read (from Security Filtering) No
              AJSQUARE\Domain Admins Edit settings, delete, modify security No
              AJSQUARE\dotnet Read (from Security Filtering) No
              AJSQUARE\Enterprise Admins Edit settings, delete, modify security No
              AJSQUARE\java Read (from Security Filtering) No
              AJSQUARE\multimedia Read (from Security Filtering) No
              AJSQUARE\php Read (from Security Filtering) No
              AJSQUARE\testing Read (from Security Filtering) No
              AJSQUARE\webdesign Read (from Security Filtering) No
              NT AUTHORITY\Authenticated Users Read (from Security Filtering) No
              NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Read No
              NT AUTHORITY\SYSTEM Edit settings, delete, modify security No

              Computer Configuration (Enabled)hide
              Windows Settingshide
              Security Settingshide
              Account Policies/Password Policyhide
              Policy Setting
              Enforce password history 24 passwords remembered
              Maximum password age 42 days
              Minimum password age 1 days
              Minimum password length 7 characters
              Password must meet complexity requirements Enabled
              Store passwords using reversible encryption Disabled

              Account Policies/Account Lockout Policyhide
              Policy Setting
              Account lockout threshold 0 invalid logon attempts

              Account Policies/Kerberos Policyhide
              Policy Setting
              Enforce user logon restrictions Enabled
              Maximum lifetime for service ticket 600 minutes
              Maximum lifetime for user ticket 10 hours
              Maximum lifetime for user ticket renewal 7 days
              Maximum tolerance for computer clock synchronization 5 minutes

              Local Policies/Security Optionshide
              Network Securityhide
              Policy Setting
              Network security: Force logoff when logon hours expire Disabled

              Public Key Policies/Autoenrollment Settingshide
              Policy Setting
              Enroll certificates automatically Enabled
              Renew expired certificates, update pending certificates, and remove revoked certificates Disabled
              Update certificates that use certificate templates Disabled


              Public Key Policies/Encrypting File Systemhide
              Propertieshide
              Policy Setting
              Allow users to encrypt files using Encrypting File System (EFS) Enabled

              Certificateshide
              Issued To Issued By Expiration Date Intended Purposes
              Administrator Administrator 1/27/2011 8:48:37 PM File Recovery

              For additional information about individual settings, launch Group Policy Object Editor.
              Public Key Policies/Trusted Root Certification Authoritieshide
              Propertieshide
              Policy Setting
              Allow users to select new root certification authorities (CAs) to trust Enabled
              Client computers can trust the following certificate stores Third-Party Root Certification Authorities and Enterprise Root Certification Authorities
              To perform certificate-based authentication of users and computers, CAs must meet the following criteria Registered in Active Directory only

              User Configuration (Enabled)hide
              Windows Settingshide
              Remote Installation Serviceshide
              Client Installation Wizard optionshide
              Policy Setting
              Custom Setup Disabled
              Restart Setup Disabled
              Tools Disabled

              Administrative Templateshide
              Desktop/Active Desktophide
              Policy Setting
              Active Desktop Wallpaper Enabled
              Wallpaper Name: c:\windows\web\wallpaper\home.jpg
              Example: Using a local path: C:\windows\web\wallpaper\home.jpg
              Example: Using a UNC path: \\Server\Share\Corp.jpg
              Wallpaper Style: Stretch

              Policy Setting
              Prohibit adding items Enabled
              Prohibit changes Enabled

              Comment


              • #8
                Re: GPO problem

                As you are using 2k3 and XP machines, it's always good to run rsop.msc as it will provide you a better result and understanding...........

                Regards,
                Kapil Sharma
                ~~~~~~~~~~~~~
                Life is too short, Enjoy It.

                Comment

                Working...
                X