RE: [ActiveDir] effective policies blocking local policies

[Michael B. Smith]

Title: Message

That's what they said in class. :-) And on the CCM tests. :-)   More seriously, from the Callmanager 3.3 release notes:   Caution   When a server exists in a domain, authentication between servers may fail, or the non-default domain security policies may restrict Cisco CallManager from building critical NT Accounts. Failing to remove the system from the domain and add it to a workgroup may cause upgrade errors, upgrade failures, or a total system failure, which includes a loss of data and a complete reinstallation of Cisco CallManager.   This is combined with the fact that when you switch back and forth between workgroup and domain membership, you are required to basically reconfigure CCM each time (the server instance name changes).   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser Sent: Wednesday, January 21, 2004 2:14 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] effective policies blocking local policies Michael; why are CCMs not supposed to be domain members? Thanks!     ********************** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 985 0975 x5083 ********************** -----Original Message----- From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 10:34 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] effective policies blocking local policies CCM servers are not supposed to be domain members.   Having said that, what do gpresult and GPMC tell you?   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marvin Cummings Sent: Wednesday, January 21, 2004 1:19 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] effective policies blocking local policies   I just added a w2k server running Cisco Call Manager to our network and it's not responding too well to our domain. For instance I need to provide a few of the accounts the right to log on as a service but I'm not able to because there appears to be an effective policy in place preventing me from adding the users. We don't have any policies in place on our network that would prevent this so I'm trying to figure out what would cause this. The Cisco guys are sure this is related to policy on our network and I think it's related to the local security policy settings on that server. The server is currently sitting in the Computers container and the accounts have all been added to the domain admins group as requested. Am I overlooking something here in regards to group policy?   Thanks