See reply inline below...... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mayet, Yusuf Y Sent: Monday, October 07, 2002 10:21 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Netlogon Service
The problem I am having is this. We have a Domain Policy which I have enabled the security option for a "Message Title" to be displayed to the user. And in true Windows fashion this "Domain Policy" should apply to all computers in the Domain. But there are random users in the Domain that are not getting this policy applied to their computers. Also am I correct in saying that the Group Policy will apply to the "Computers" not the Users ?? [RTK} Yes - this is absolutely correct. The section of the GP that you're working with does apply only to the Computer object - not to the User object. So my question is if they are being authenticated by a Domain Controller then verily they should be applying the Group Policy as well. Why are they not receiving the correct Group Policy. [RTK] Well, this is the question. The condition that normally causes this is that the computer object is not in an OU - a computer cannot reside in the default Computer container and have GP applied to it. The Computer container is the folder that you would see in the AD U&C tool as a simple folder - not an Organizational Unit. I would employ GPRESULT and GPOTOOL (two tools that are found in the Windows 2000 Server Resource Kit). If you want to pipe the output to a text file and .ZIP it up then e-mail it to me, I'll be happy to review it. Otherwise, with a little bit of concentration and common sense, the output should lend a hand in idetifying the problem. The fact that it is applying to some and not all tends to lead me to believe that the problem is where the computer objects ARE (i.e. the computer container....) Thanks, Yusuf [RTK] You're welcome! Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 "Any sufficiently advanced technology is indistinguishable from magic." --- Arthur C. Clarke -----Original Message----- From: Rick Kingslan [mailto:[EMAIL PROTECTED]] Sent: 07 October, 2002 15:29 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Netlogon Service Yusuf, What problem(s) are you experiencing? Give us details, and I'ms sure that the good folks here will be able to assist. Rick Kingslan - Microsoft Certified Trainer MCSE+I on Windows NT 4.0 MCSE on Windows 2000 MVP [Windows NT/2000 Server] "Any sufficiently advanced technology is indistinguishable from magic." --- Arthur C. Clarke -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mayet, Yusuf Y Sent: Monday, October 07, 2002 6:13 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Netlogon Service Rick, Thanks for the reply. We are currently running a mixed environment. NT4.0, W2K and .NET[RC1] The reason we had "Disabled" the NETLOGON Service was due to an issue we are experiencing with access for users from Trusted Domains. Does anyone have any suggestions as to how I can get away without causing more issues? Thanks, Yusuf -----Original Message----- From: Rick Kingslan [mailto:[EMAIL PROTECTED]] Sent: 04 October, 2002 22:04 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Netlogon Service On a DC, NetLogon does the following: * Registers and maintains ALL SRV records for that DC. * Can be restarted to automatically update changes, or to simply reregister any SRV records * Enumerates the sites and subnet objects to determine which site contains which subnets * Determines the site of the client performing a discovery and returns the client's site in the discovery response. So, given this information - AD isn't going to deal with it very well at all. Effectively, NetLogon is a requirement in the Windows 2000 AD structure. Rick Kingslan - Microsoft Certified Trainer MCSE+I on Windows NT 4.0 MCSE on Windows 2000 MVP [Windows NT/2000 Server] "Any sufficiently advanced technology is indistinguishable from magic." --- Arthur C. Clarke -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mayet, Yusuf Y Sent: Friday, October 04, 2002 1:49 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Netlogon Service Does anyone know what adverse effects a "Directory Service" will experience if the NETLOGON Service is Disabled on a Domain Controller ??? Thanks, Yusuf ______________________________________________ Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the company. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of Standard Bank. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. _______________________________________________ ______________________________________________ Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the company. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of Standard Bank. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. _______________________________________________ ______________________________________________ Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the company. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of Standard Bank. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. _______________________________________________ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
