algorithm0 Posted March 3, 2005 Share Posted March 3, 2005 I've been trying to follow Microsoft's documentation on group policy security in their Windows Server 2003 Security Guide, and I have come across several inconsistencies with my own servers. In particular, Microsoft speaks of Computer Configuration\Windows Settings\Security Settings\Event Login the Group Policy Object Editor. I clearly have no such object under Security Settings. None of my servers do. Furthermore, I am missingComputer Configuration\Windows Settings\Security Settings\SystemServices\Can anyone explain this anomaly?? I am running Windows Server 2003 Standard Edition, with all the latest updates. Link to comment Share on other sites More sharing options...
valter Posted March 4, 2005 Share Posted March 4, 2005 I don't think there is logical explanation to the problem you experience ... anyway, you can try to reinstall AD, or try to recreate default policy using the attached tool. Please note that you will run this tool on your own responsibility recreateDefPol.zip Link to comment Share on other sites More sharing options...
algorithm0 Posted March 4, 2005 Author Share Posted March 4, 2005 I don't think there is logical explanation to the problem you experience ... anyway, you can try to reinstall AD, or try to recreate default policy using the attached tool. Please note that you will run this tool on your own responsibility <{POST_SNAPBACK}>There is definately a logical explanation. I think it must have something to do with the version of Windows Server 2003 I am using. I have checked several servers in my department, and they all lack the same group policies. Perhaps they don't really exist outside of MS documentation. Maybe I am looking in the wrong place. I am using gpedit.msc. Link to comment Share on other sites More sharing options...
valter Posted March 4, 2005 Share Posted March 4, 2005 I was just about to ask you in pervious post how do you access gpo ... anyway, if you use gpedit.msc, you're right, you can't see those policies there ... but if you click on DOmain controller or Domain Policy in Administrative Tools Folder then you will be able to access aforementioned settings ... same if you right click on your domain name in Active Directory Users and Computers - Properties - Group Policy Link to comment Share on other sites More sharing options...
wullieb1 Posted March 4, 2005 Share Posted March 4, 2005 Got to Microsoft and download a tool called Group Policy Management Console and use that for you GPO'sIt is a more mangeable interface along with testing capabilities. Link to comment Share on other sites More sharing options...
algorithm0 Posted March 4, 2005 Author Share Posted March 4, 2005 I was just about to ask you in pervious post how do you access gpo ... anyway, if you use gpedit.msc, you're right, you can't see those policies there ... but if you click on DOmain controller or Domain Policy in Administrative Tools Folder then you will be able to access aforementioned settings ... same if you right click on your domain name in Active Directory Users and Computers - Properties - Group Policy<{POST_SNAPBACK}>okay great! now my next question is: in Domain Policy mmc, am I editing the policy for all computers in AD? Or am I still editing the local policy for the server i am working on? Link to comment Share on other sites More sharing options...
valter Posted March 4, 2005 Share Posted March 4, 2005 Default Domain Policy applies to all computers in the domainDefault Domain Controller Policy applies only to Domain Controllers in the domain Link to comment Share on other sites More sharing options...
algorithm0 Posted March 7, 2005 Author Share Posted March 7, 2005 Default Domain Policy applies to all computers in the domainDefault Domain Controller Policy applies only to Domain Controllers in the domain<{POST_SNAPBACK}>Okay, so if I am configuring arbitrary servers in my domain that are not domain controllers, then I necessarily will not configure domain and domain controller policies for each one..? Link to comment Share on other sites More sharing options...
valter Posted March 7, 2005 Share Posted March 7, 2005 Default Domain Policy applies to all computers in the domainDefault Domain Controller Policy applies only to Domain Controllers in the domain<{POST_SNAPBACK}>Okay, so if I am configuring arbitrary servers in my domain that are not domain controllers, then I necessarily will not configure domain and domain controller policies for each one..?<{POST_SNAPBACK}>you will configure Default Domain Policy ... anyway, it's not good idea to configure DEFAULT DOMAIN POLICY, but rather make your own and set it to no override ... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now