Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Group policy help needed!!!

from [Rob McShinsky] Network Security [Permanent Link]
Subject: RE: Group policy help needed!!!
Date: Tue, 14 Dec 2004 15:52:22 -0500 
Some simple gotchas with Application of GPO's

1. Make sure an administrator other than your self did not setup a deny
group.  True if you setup a policy to apply to all systems within an OU, the
should get it, but if there is a group of servers within the OU you are
applying to that you want to not get the server, common practice is to put
these into a group and deny apply policy to them.

2. Sorry if this is too simple, but I have had this happen before.  You
apply the policy to Authenticated Users instead of Domain Computers or to
the specific group of computer objects.


-----Original Message-----
From: Burak Bayoglu [mailto:bayoglu@uekae.tubitak.gov.tr] 
Sent: Friday, December 10, 2004 5:46 AM
To: laurarobinson@verizon.net; 'Peter Rodger'; focus-ms@securityfocus.com
Subject: RE: Group policy help needed!!!

It is *technically* true that any server in the corresponding OU should
receive the group policy but I saw many many examples where some group
policy settings are not successfully applied *for some reason* altough it
should. It is certain that if everything is OK group policy is successfully
applied to all servers but it may be interrupted by a plenty of technical
reasons that we mostly meet in large enterprise systems.( replication
problems, time synchronzation, DNS problems, connectivity etc.) As Laura
says, " Any server that is **supposed** to receive a policy should receive
the policy.". Unfortunately we can only
**suppose** that all the servers will apply the policy in the time interval
we expect in a large and distributed domain.

B.B.

-----Original Message-----
From: Laura A. Robinson [mailto:laurarobinson@verizon.net]
Sent: Friday, December 10, 2004 5:21 AM
To: bayoglu@uekae.tubitak.gov.tr; 'Peter Rodger'; focus-ms@securityfocus.com
Subject: RE: Group policy help needed!!!




It is an expected result that not all the servers in the
domain successfully apply the policy in a w2k active 
directory domain. 


No, it isn't. Any server that is supposed to receive a policy 
*should* receive the policy. 

Laura



---------------------------------------------------------------------------
---------------------------------------------------------------------------





---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: iisadmpwd/UPN, Jordan Wiseman
Next by Date:  Re: Group policy help needed!!!, Ken Hoover
Previous by Thread:  RE: Group policy help needed!!!, Burak Bayoglu
Next by Thread:  RE: Group policy help needed!!!, Hitesh Wadhwani
Indexes:  [Date] [Thread] [Top] [All Lists]