Locking Down Users

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

guess what you not the only one struggling!

Here is another tip - try it i maybe right

open active directory
create a security group (pete will be proud now! )
make the clients members of that group
create the policy
then under security filter add that group

worked for me! just not sure how!

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

something about filtering

Code:

C:\Documents and Settings\Administrator>gpresult

Microsoft (R) Windows (R) Operating System Group Policy Result tool v2
Copyright (C) Microsoft Corp. 1981-2001

Created On 20/12/2006 at 10:17:08


RSOP data for VMWARE\Administrator on WIN2K3AD-VMW : Logging Mode
------------------------------------------------------------------

OS Type:                     Microsoft(R) Windows(R) Server 2003, Ente
tion
OS Configuration:            Primary Domain Controller
OS Version:                  5.2.3790
Terminal Server Mode:        Remote Administration
Site Name:                   Default-First-Site
Roaming Profile:
Local Profile:               C:\Documents and Settings\Administrator
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
    CN=WIN2K3AD-VMW,OU=Domain Controllers,DC=vmware,DC=local
    Last time Group Policy was applied: 20/12/2006 at 10:14:30
    Group Policy was applied from:      win2k3ad-vmw.vmware.local
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        VMWARE
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        Default Domain Controllers Policy
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    ------------------------------------------------------------------
        User Group Lock Down
            Filtering:  Not Applied (Empty)

        Local Group Policy
            Filtering:  Not Applied (Empty)

    The computer is a part of the following security groups
    -------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        BUILTIN\Users
        BUILTIN\Pre-Windows 2000 Compatible Access
        Windows Authorization Access Group
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        This Organization
        WIN2K3AD-VMW$
        Domain Controllers
        NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS


USER SETTINGS
--------------
    CN=Administrator,CN=Users,DC=vmware,DC=local
    Last time Group Policy was applied: 20/12/2006 at 10:14:30
    Group Policy was applied from:      win2k3ad-vmw.vmware.local
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        VMWARE
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        User Group Lock Down
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    ------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Administrators
        BUILTIN\Users
        BUILTIN\Pre-Windows 2000 Compatible Access
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        This Organization
        LOCAL
        Schema Admins
        Domain Admins
        Enterprise Admins
        Group Policy Creator Owners

C:\Documents and Settings\Administrator>

 

Cheeks,

That's the output from the DC. Can you do the same from the Client please?

Si

 

@ Zimbo - there are already part of the security group Global for Domain Users

@ Boyce - command not recognised

 

Yes i can from both way

 

and you succesfully joined the domain? Have you retried, incase of spelling error?

Si

 

yes - i created accounts on the DC, ran gpupdate and logged in using those accounts on the "client".

gpresult

edit: did i need to install wsus

 

Cheeks,

Is there anything in the client event logs? From memory, if you run the gpresult command from a workgroup machine you receive a message saying that their is no domain information availible but the point being the command is installed by default.

Si

 

This is the application log error message (quite a few of the same). cant access as the required priveledge is not held by the client

Code:

Windows cannot determine the user or computer name. Return value (1722). 

edit: i done what its said on mskb (remove from domain and into workgroup > reboot > join domain) and still never worked

 

i tried that and still nowt...

you guys are gonna kill me next week.