OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Frank Knobbe (FKnobbeKNOBBEITS.COM)
Date: Fri Mar 16 2001 - 17:50:05 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Let me guess... You are also getting failed USERENV events in the
    eventlog and failed SecCli events (don't have the actual event ID's
    anymore). I had the same issue, and did find a KB article that helped
    (lost that too, sorry). When I set the server up, I went through the
    usual security stuff, which included removing EVERYONE from the
    Access Through Network user right. Apparently MS suggests that this
    is required for the policy to work. As soon as I added Everyone back
    into above user right, and rebooted the server, the clients were able
    to receive the group policy.

    I haven't verified it yet by removing Everyone again. Imho, Domain
    Computers and Domain Users should be sufficient in this user right
    for the group policies (both, machine and user policy) to work,
    but... oh well...

    Let me know if that fixes your issue as well.

    Regards,
    Frank

    > -----Original Message-----
    > From: Aaron Holten [mailto:AHOLTESTATE.WY.US]
    > Sent: Friday, March 16, 2001 10:10 AM
    >
    > I've recently set up a new Windows 2000 Domain with win2k
    > 'regular' server. I've configured a basic domain controller,
    > and domain security policy to use as a baseline, and proceed
    > to build up a working server/workstation configurating for a
    > new network I am making ... Currently the windows 2000 server
    > is operating in mixed-mode, as it will have to authenticate
    > some NT4.0 workstations until they are eventually upgraded to
    > windows 2000. The problem I am having is I cannot get any
    > windows 2000 workstations to inherit the domain security
    > policy I have specified on the domain controller. I am
    > wondering, is the because the server is in mixed mode, and
    > not native mode? I would assume NT4.0 does not follow a
    > domain security policy from a Windows 2000 server? Also, what
    > services are required to be started for this inheritance to
    > take place? I haven't found anything very detailed about this
    > on Microsoft's site, at least it has not helped me diagnose
    > this problem ... has anyone else run into this?
    >
    > Thanks ...
    >

    -----BEGIN PGP SIGNATURE-----
    Version: PGP Personal Privacy 6.5.8
    Comment: PGP or S/MIME encrypted email preferred.

    iQA/AwUBOrKmrJytSsEygtEFEQKl3QCfR3OlDbtQXKQ7cOtm8WZcjN/qfYAAoLzu
    47LmR24cG8J9aKIv4Zu1s2dj
    =11sp
    -----END PGP SIGNATURE-----