Missing Group Policies

[algorithm0]

I've been trying to follow Microsoft's documentation on group policy security in their Windows Server 2003 Security Guide, and I have come across several inconsistencies with my own servers. In particular, Microsoft speaks of

Computer Configuration\Windows Settings\Security Settings\Event Log

in the Group Policy Object Editor. I clearly have no such object under Security Settings. None of my servers do. Furthermore, I am missing

Computer Configuration\Windows Settings\Security Settings\System

Services\

Can anyone explain this anomaly?? I am running Windows Server 2003 Standard Edition, with all the latest updates.

[valter]

I don't think there is logical explanation to the problem you experience ... anyway, you can try to reinstall AD, or try to recreate default policy using the attached tool. Please note that you will run this tool on your own responsibility

recreateDefPol.zip

[algorithm0]

I don't think there is logical explanation to the problem you experience ... anyway, you can try to reinstall AD, or try to recreate default policy using the attached tool. Please note that you will run this tool on your own responsibility

<{POST_SNAPBACK}>

There is definately a logical explanation. I think it must have something to do with the version of Windows Server 2003 I am using. I have checked several servers in my department, and they all lack the same group policies. Perhaps they don't really exist outside of MS documentation.

Maybe I am looking in the wrong place. I am using gpedit.msc.

[valter]

I was just about to ask you in pervious post how do you access gpo ... anyway, if you use gpedit.msc, you're right, you can't see those policies there ... but if you click on DOmain controller or Domain Policy in Administrative Tools Folder then you will be able to access aforementioned settings ... same if you right click on your domain name in Active Directory Users and Computers - Properties - Group Policy

[wullieb1]

Got to Microsoft and download a tool called Group Policy Management Console and use that for you GPO's

It is a more mangeable interface along with testing capabilities.

[algorithm0]

I was just about to ask you in pervious post how do you access gpo ... anyway, if you use gpedit.msc, you're right, you can't see those policies there ... but if you click on DOmain controller or Domain Policy in Administrative Tools Folder then you will be able to access aforementioned settings ... same if you right click on your domain name in Active Directory Users and Computers - Properties - Group Policy

<{POST_SNAPBACK}>

okay great! now my next question is: in Domain Policy mmc, am I editing the policy for all computers in AD? Or am I still editing the local policy for the server i am working on?

[valter]

Default Domain Policy applies to all computers in the domain

Default Domain Controller Policy applies only to Domain Controllers in the domain

[algorithm0]

Default Domain Policy applies to all computers in the domain

Default Domain Controller Policy applies only to Domain Controllers in the domain

<{POST_SNAPBACK}>

Okay, so if I am configuring arbitrary servers in my domain that are not domain controllers, then I necessarily will not configure domain and domain controller policies for each one..?

[valter]

Default Domain Policy applies to all computers in the domain

Default Domain Controller Policy applies only to Domain Controllers in the domain

<{POST_SNAPBACK}>

Okay, so if I am configuring arbitrary servers in my domain that are not domain controllers, then I necessarily will not configure domain and domain controller policies for each one..?

<{POST_SNAPBACK}>

you will configure Default Domain Policy ... anyway, it's not good idea to configure DEFAULT DOMAIN POLICY, but rather make your own and set it to no override ...