Click here to get back home

Default domain controllers policy not applied to my server (2k3 sbs)
 HomeNewsGroups | Search | About
Login Password
Register Now! Lost Password?
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Default domain controllers policy not applied to my server (2k3 sbs) losvik 01-03-2006
Get Chitika Premium
Posted by Steven L Umbach on January 3, 2006, 8:01 pm
Please log in for more thread options
 OK. So I take it that you have resolved the problem then which is the most
important thing. Yes be very careful with deny user rights! --- Steve


>
> I am very sorry about this, but the error was that the deny logon
> locally was turned on with to many users.
>
> Should have seen this, and not bothered you.
>
> But thanks very much for your help!
>
> Ole
>



Posted by Roger Abell [MVP] on January 4, 2006, 12:51 am
Please log in for more thread options
 ??? so application of computer policy settings to a DC is
interrupted by local login denial to accounts which however
does not prevent the machine from booting and allowing other
activity ????

say what ?

--
Roger Abell
Microsoft MVP (Windows Server : Security)



>
> I am very sorry about this, but the error was that the deny logon
> locally was turned on with to many users.
>
> Should have seen this, and not bothered you.
>
> But thanks very much for your help!
>
> Ole
>



Posted by Ole-Kristian Losvik on January 4, 2006, 6:33 am
Please log in for more thread options
I am not sure if i understand your question, but the deny logon locally
is defined by the gpo in the same group as allow logon locally

Ole Losvik


Posted by Roger Abell [MVP] on January 4, 2006, 9:53 am
Please log in for more thread options
What I am wondering is what change to the value set in the
Deny local login policy was it that you found then allowed
everything to work. For example, Authenticated Users was
there in the Deny local login policy and when removed then
the policy became applied, etc.
Also, have you determined that was the only change to the
system that happened at time the policy began getting applied
as expected ? that is, if you put that value back into the
Deny local login settings then things do break again ??

You see, what I am questioning here is that the System account
is the one doing the policy application, so it just does not make
a great deal of sense that the setting you mention is what was
the problem.

>I am not sure if i understand your question, but the deny logon locally
> is defined by the gpo in the same group as allow logon locally
>
> Ole Losvik
>



Posted by Ole-Kristian Losvik on January 4, 2006, 12:21 pm
Please log in for more thread options

I did several changes on my system, amongst them i upgraded the forest
tree from win2000 to win2003

There was 2 problems initially:
1. GPOs did not seem to apply. For a reason i do not know they did
after several restarts (and probably several minor changes on my
system)
2. I couldnt logon a domain user. (which was member of a group included
in "deny logon locally")

I do not know what solved the first problem, but when i saw other
gpo-settings was applied, i experiented with the allow/deny local
logon.


Similar ThreadsPosted
Default Domain Controllers Policy scope May 15, 2006, 11:26 am
secpol on DC vs. Default Domain Policy? November 30, 2006, 6:12 pm
ENTERPRISE DOMAIN CONTROLLERS Vs Domain Group Domain Controllers December 30, 2005, 3:08 am
Reset Group Policy back to out of the box default August 28, 2006, 11:19 am
Locking Down Domain Controllers January 26, 2007, 4:46 am
"Read-Only" branch office domain controllers? April 20, 2006, 2:34 am
Access Based Enumeration on Domain Controllers ? February 26, 2007, 6:15 pm
Microsoft PKI: problem with autoenrollment for domain controllers August 14, 2007, 8:51 am
Certs for Domain Controllers-Trying to Prevent an Issue March 19, 2008, 12:28 pm
Windows 2003, Domain Controllers & "Manage auditing and security November 1, 2006, 4:43 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap