TheReasonIFail Posted March 10, 2009 Posted March 10, 2009 We decided to lock down our domain controllers through the use of a GPO in the Domain Controllers OU but no matter what we've tried, the DC's will not take those settings.If we make the same exact changes to the local group policy, it works flawlessly.The domain GPO is enabled and enforced.Anyone have any ideas?
Tripredacus Posted March 10, 2009 Posted March 10, 2009 Perhaps adding the User accounts that the DCs use? Of course you did add your Domain Controllers into that group right? And are you enforcing known vs. unknown computers?
stones Posted March 11, 2009 Posted March 11, 2009 In your GPO editor, what is the policy name you are changing?
TheReasonIFail Posted March 11, 2009 Author Posted March 11, 2009 Trip, I've added the correct users and even added the domain controllers themselves to the group, no dice.Stones, I created a new GPO called "DC_GPO_Lockdown".
iamtheky Posted March 12, 2009 Posted March 12, 2009 (edited) the DC's will not take those settings.are you adding a new adm file to the gp with just that small section or are you replacing the entire exisitng structure?Editing or creation of Group Policy Objects (GPO) is always done from the GPO copy found in the PDC Emulator's SYSVOL share, unless configured not to do so by the administrator.http://www.petri.co.il/understanding_fsmo_roles_in_ad.htmedit: '......entire existing adm' + quote and ref in case that helps Edited March 12, 2009 by iamtheky
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now