RE: [ActiveDir] GPO applying.
Are you using any custom adm templates? These can remain after moving OUs if those settings are not explicitly set to what you wish them to be. Jacqui From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: 08 October 2004 01:43 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] GPO applying. Actually security is one of those areas that stays around even after the policy is removed. There are obvious advantages to that, and of course some disadvantages. But you're right, the best approach if you want to remove a previous security policy is to apply a sec. template that undoes what the existing policy did. Now, if you're getting admin. template policy hanging around after the GPO was taken out of scope, that is different story and definitely represents a problem, since those should be cleaned up normally. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tyson Leslie Sent: Thursday, October 07, 2004 5:21 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] GPO applying. Have you tried re-applying the default security template? (using Secedit, or the Security Config Analysis MMC snapin...) What functionality appears to be broken? (Most policy settings are not permanent...) Tyson. From: Cothern Jeff D. Team EITC [mailto:[EMAIL PROTECTED] Sent: Thursday, October 07, 2004 5:33 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] GPO applying. Mixture. There were security options etc set. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Thursday, October 07, 2004 6:11 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] GPO applying. What kind of policy was it Jeff? Admin Templates? Other? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cothern Jeff D. Team EITC Sent: Thursday, October 07, 2004 2:33 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] GPO applying. A server we were working on was inadvertently moved into an OU that had a policy applied to it. That GPO had some settings that we are not sure which that broke some functionality of the server we are still in the process of developing fully. The Server was moved out of that ou back into the standard Computer ou but the Policy still appears to be affecting it. Is there a way to clear any policies that are applying to the machine? Jeff
RE: [ActiveDir] GPO applying.
secedit /refreshpolicy machine_policy /enforce From: Cothern Jeff D. Team EITCSent: Thu 07/10/2004 5:33 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] GPO applying. A server we were working on was inadvertently moved into an OU that had a policy applied to it. That GPO had some settings that we are not sure which that broke some functionality of the server we are still in the process of developing fully. The Server was moved out of that ou back into the standard Computer ou but the Policy still appears to be affecting it. Is there a way to clear any policies that are applying to the machine? Jeff
RE: [ActiveDir] GPO applying.
OR..Create a batch file for: secedit /refreshpolicy machine_policy /enforce secedit /refreshpolicy user_policy /enforce Just execute it each time you need to force policies. -Za From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Friday, October 08, 2004 9:20 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] GPO applying. secedit /refreshpolicy machine_policy /enforce From: Cothern Jeff D. Team EITC Sent: Thu 07/10/2004 5:33 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] GPO applying. A server we were working on was inadvertently moved into an OU that had a policy applied to it. That GPO had some settings that we are not sure which that broke some functionality of the server we are still in the process of developing fully. The Server was moved out of that ou back into the standard Computer ou but the Policy still appears to be affecting it. Is there a way to clear any policies that are applying to the machine? Jeff
RE: [ActiveDir] GPO applying.
What kind of policy was it Jeff? Admin Templates? Other? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cothern Jeff D. Team EITCSent: Thursday, October 07, 2004 2:33 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] GPO applying. A server we were working on was inadvertently moved into an OU that had a policy applied to it. That GPO had some settings that we are not sure which that broke some functionality of the server we are still in the process of developing fully. The Server was moved out of that ou back into the standard Computer ou but the Policy still appears to be affecting it. Is there a way to clear any policies that are applying to the machine? Jeff
RE: [ActiveDir] GPO applying.
You can try refreshing its policy configuration using gpupdate or secedit (dependant on OS). If you receive no joy from that, you can try hacking the registry clean starting with the default location that many (not all) GPO settings are stored on the client (HKLM\Software\Policies). From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cothern Jeff D. Team EITC Sent: Thursday, October 07, 2004 4:33 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] GPO applying. Mixture. There were security options etc set. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Thursday, October 07, 2004 6:11 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] GPO applying. What kind of policy was it Jeff? Admin Templates? Other? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cothern Jeff D. Team EITC Sent: Thursday, October 07, 2004 2:33 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] GPO applying. A server we were working on was inadvertently moved into an OU that had a policy applied to it. That GPO had some settings that we are not sure which that broke some functionality of the server we are still in the process of developing fully. The Server was moved out of that ou back into the standard Computer ou but the Policy still appears to be affecting it. Is there a way to clear any policies that are applying to the machine? Jeff
RE: [ActiveDir] GPO applying.
Have you tried re-applying the default security template? (using Secedit, or the Security Config Analysis MMC snapin...) What functionality appears to be broken? (Most policy settings are not permanent...) Tyson. From: Cothern Jeff D. Team EITC [mailto:[EMAIL PROTECTED] Sent: Thursday, October 07, 2004 5:33 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] GPO applying. Mixture. There were security options etc set. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-EliaSent: Thursday, October 07, 2004 6:11 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] GPO applying. What kind of policy was it Jeff? Admin Templates? Other? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cothern Jeff D. Team EITCSent: Thursday, October 07, 2004 2:33 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] GPO applying. A server we were working on was inadvertently moved into an OU that had a policy applied to it. That GPO had some settings that we are not sure which that broke some functionality of the server we are still in the process of developing fully. The Server was moved out of that ou back into the standard Computer ou but the Policy still appears to be affecting it. Is there a way to clear any policies that are applying to the machine? Jeff
RE: [ActiveDir] GPO applying.
Actually security is one of those areas that stays around even after the policy is removed. There are obvious advantages to that, and of course some disadvantages. But you're right, the best approach if you want to remove a previous security policy is to apply a sec. template that undoes what the existing policy did. Now, if you're getting admin. template policy hanging around after the GPO was taken out of scope, that is different story and definitely represents a problem, since those should be "cleaned up" normally. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tyson LeslieSent: Thursday, October 07, 2004 5:21 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] GPO applying. Have you tried re-applying the default security template? (using Secedit, or the Security Config Analysis MMC snapin...) What functionality appears to be broken? (Most policy settings are not permanent...) Tyson. From: Cothern Jeff D. Team EITC [mailto:[EMAIL PROTECTED] Sent: Thursday, October 07, 2004 5:33 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] GPO applying. Mixture. There were security options etc set. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-EliaSent: Thursday, October 07, 2004 6:11 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] GPO applying. What kind of policy was it Jeff? Admin Templates? Other? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cothern Jeff D. Team EITCSent: Thursday, October 07, 2004 2:33 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] GPO applying. A server we were working on was inadvertently moved into an OU that had a policy applied to it. That GPO had some settings that we are not sure which that broke some functionality of the server we are still in the process of developing fully. The Server was moved out of that ou back into the standard Computer ou but the Policy still appears to be affecting it. Is there a way to clear any policies that are applying to the machine? Jeff