Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Frank Knobbe (FKnobbeKNOBBEITS.COM)
Date: Fri Mar 16 2001 - 17:50:05 CST
-----BEGIN PGP SIGNED MESSAGE-----
Let me guess... You are also getting failed USERENV events in the
eventlog and failed SecCli events (don't have the actual event ID's
anymore). I had the same issue, and did find a KB article that helped
(lost that too, sorry). When I set the server up, I went through the
usual security stuff, which included removing EVERYONE from the
Access Through Network user right. Apparently MS suggests that this
is required for the policy to work. As soon as I added Everyone back
into above user right, and rebooted the server, the clients were able
to receive the group policy.
I haven't verified it yet by removing Everyone again. Imho, Domain
Computers and Domain Users should be sufficient in this user right
for the group policies (both, machine and user policy) to work,
but... oh well...
Let me know if that fixes your issue as well.
> -----Original Message-----
> From: Aaron Holten [mailto:AHOLTESTATE.WY.US]
> Sent: Friday, March 16, 2001 10:10 AM
> I've recently set up a new Windows 2000 Domain with win2k
> 'regular' server. I've configured a basic domain controller,
> and domain security policy to use as a baseline, and proceed
> to build up a working server/workstation configurating for a
> new network I am making ... Currently the windows 2000 server
> is operating in mixed-mode, as it will have to authenticate
> some NT4.0 workstations until they are eventually upgraded to
> windows 2000. The problem I am having is I cannot get any
> windows 2000 workstations to inherit the domain security
> policy I have specified on the domain controller. I am
> wondering, is the because the server is in mixed mode, and
> not native mode? I would assume NT4.0 does not follow a
> domain security policy from a Windows 2000 server? Also, what
> services are required to be started for this inheritance to
> take place? I haven't found anything very detailed about this
> on Microsoft's site, at least it has not helped me diagnose
> this problem ... has anyone else run into this?
> Thanks ...
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME encrypted email preferred.
-----END PGP SIGNATURE-----