Announcement

Collapse
No announcement yet.

Vista in 2003 SBS domain - group policy, WMI, etc problems

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Vista in 2003 SBS domain - group policy, WMI, etc problems

    Hi!

    I'm having problems with several Vista machines in 2003 domain. They're not complying to group policy, although they are in domain. I can't access their remote registry, can't query them via WMI, they're not updating via WSUS...

    We had outsourced company taking care for our servers but in the recent months I'm taking over many of their tasks (in order to cut spending, of course - thanks, boss ), but obviously I'm not as seasoned as they were, heh.

    SBS 03 is our only domain controller, XP machines comply to their GP perfectly. I've checked Vista's GPs, and in the case of firewall policy I've found that there are many settings listed under extra registy settings category.

    I can't perform RSoP, as it goes through WMI queries... But the funny part is that I can access Vista machines via MS network (SMB), I can logon to administrative shares with domain admin account...

    Any ideas? What should I do?

  • #2
    Re: Vista in 2003 SBS domain - group policy, WMI, etc problems

    If you install the Remote Server Administration Tools on a machine, can you modify GPOs etc using that? You can't manage Vista specific GPO settings on the server because there are no ADM files for Vista - only ADMX.
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: Vista in 2003 SBS domain - group policy, WMI, etc problems

      Uh, will try installing that and report. Is there no way to install ADMX on SBS03?

      But if we forget about these extra registry settings... What is the reason Vistas aren't complying to GPs? Why can't I connect to the registry remotely? Why can't I perform WMI queries?

      I'm using Spiceworks Inventory to audit PCs and other network appliances. And I can't get anything from Vista machines.

      Comment


      • #4
        Re: Vista in 2003 SBS domain - group policy, WMI, etc problems

        Check the firewalls on the machines. How did you join the machines to the domain - UTFW?
        Gareth Howells

        BSc (Hons), MBCS, MCP, MCDST, ICCE

        Any advice is given in good faith and without warranty.

        Please give reputation points if somebody has helped you.

        "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

        "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

        Comment


        • #5
          Re: Vista in 2003 SBS domain - group policy, WMI, etc problems

          I came across something similar recently but in a different context. We use Sophos AV generally and it does a push install from the server, which was failing on the Vista PCs and succeeding on XP.

          What we found was that the Default Domain Policy disabled the Windows firewall in XP but it was enabled in Vista. Also, whereas the Remote Registry service is set to Automatic in XP it is set to Disabled in Vista.

          I would expect you'll find something similar. Firewall is on but configured to allow File/Printer sharing probably.
          BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
          sigpic
          Cruachan's Blog

          Comment


          • #6
            Re: Vista in 2003 SBS domain - group policy, WMI, etc problems

            Originally posted by gforceindustries View Post
            Check the firewalls on the machines. How did you join the machines to the domain - UTFW?
            How can this be of any relevance? Is AD working in a different fashion when it comes to Vista? On XP, joining the domain is in no way connected to firewall settings.

            Besides, firewall settings should be enforced by GP. I can't imagine firewall interfering with GP. If this is indeed possible, then this is real security issue in AD environment.

            To answer your question, I joined machines to domain via Computer Name/Domain Changes - > Member of: domain name

            No problems whatsoever. I also said in the first post I can access administrative shares with domain admin password. No problem logging on with domain user accounts either.

            Comment


            • #7
              Re: Vista in 2003 SBS domain - group policy, WMI, etc problems

              Originally posted by cruachan View Post
              I would expect you'll find something similar. Firewall is on but configured to allow File/Printer sharing probably.
              Hm, hm... Firewall on our XP machines is up and running. Configured with exceptions, of course, but it's on.

              Comment

              Working...
              X