1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

server 2003 and xp - group policies

Discussion in 'Software' started by ManicD, Dec 7, 2007.

  1. ManicD

    ManicD Byte Poster

    237
    4
    34
    Ok, so recently i'm playing round with server 2003 and xp pro.

    I have M$ Virtual PC setup and have built a smal network of several Xp machines and a central server with active directory etc.

    now, playing around with group policies, i have found that i cant seem to change some local policies on the XP machine, even logged in as "administrator" the account policies in gpedit.msc appear with a padlock symbol and wont let me change them.

    these settings seem to override anything i set up on teh server so i need to disable them locally.

    I have disabled all policies on the server and i'm trying to remove the password history setting, but that and others seem locked.


    Any ideas?
     
    Certifications: MCSA, N+, A+(Tech), ECDL
    WIP: 70-294, 70-298
  2. Stoney

    Stoney Megabyte Poster

    731
    23
    69
    Are you logged on as a domain admin or the local admin account for the XP machine?
     
    Certifications: 25 + 50 metre front crawl
    WIP: MCSA - Exam 70-270
  3. ManicD

    ManicD Byte Poster

    237
    4
    34
    I've tried both

    Administrator
    Domain

    Administrator
    This machine

    Johndoe - (a domain admin)
    Domain
     
    Certifications: MCSA, N+, A+(Tech), ECDL
    WIP: 70-294, 70-298
  4. Stoney

    Stoney Megabyte Poster

    731
    23
    69
    When you update the security settings on the domain controller, have you rebooted the client machines?
     
    Certifications: 25 + 50 metre front crawl
    WIP: MCSA - Exam 70-270
  5. Tinus1959

    Tinus1959 Gigabyte Poster

    1,539
    42
    106
    GPO's can be very tricky. Let's make a short resume:
    When a machine logs on to a domain, it undergoes several GPO's (if present).
    The first one it gets is the site policy. After that you have the domain policy and last the OU policy is read in. If some settings are 'conflicting', the latter policy wins.
    So, if you say "the run command should not be visible" in the domain policy and you say" The run command should be visible" in the OU policy, it will be visible for all users in that OU.
    Off course you also have the local policy, a sort of default setting.
    Now remember there are some settings which are domain wide and can not be set on a OU level. Settings as password lenght and such.
    Most likely these will show up as 'locked' in policies except in the domain policy itself.

    Does this help?
     
    Certifications: See my signature
    WIP: MCSD, MCAD, CCNA, CCNP
  6. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010

Share This Page

Loading...