I installed group policy management console and looked at the linking a GP to the new OU (GPTEST). Under the inheritance tab the default domain policy is inherited.
Still a little lost .. thanks -----Original Message----- From: Tony Murray [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 9:46 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Migrated NT4 domain member's computers have incorrect rights in 2 003 AD Guido wrote: *** 2003 even allows you to change the Default Computers container into a normal OU which allows you to set GPOs etc. - but I preferr using a different OU and keeping the default configured as is. *** This sounds like good advice to me. I'm sure there are 3rd party products out there that expect to see CN=Users in the structure. Not sure how they'll cope if it isn't present. Tony ---------- Original Message ---------------------------------- Wrom: GPKYLEJGDGVCJVTLBXFGGMEPYOQKEDOTWFAOBUZXUWLSZLKBRNVWWCUFPEGAUTFJM Reply-To: [EMAIL PROTECTED] Date: Mon, 8 Dec 2003 15:32:22 +0100 instead of correcting the security on each one of them, you may want to create a new OU for the machines and set the security for the computer accounts via inheritance on the OU. 2003 even allows you to change the Default Computers container into a normal OU which allows you to set GPOs etc. - but I preferr using a different OU and keeping the default configured as is. /Guido -----Original Message----- Wrom: VRESKPNKMBIPBARHDMNNSKVFVWRKJVZCMHVIBGDADRZFS Sent: Samstag, 6. Dezember 2003 07:12 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Migrated NT4 domain member's computers have incor rect rights in 2 003 AD Problem is I have about 70 PCs who need this. I would rather not rejoin the domain on all of them. Looks like can be solved by changing rights in AD users and computers Why do I have to remain in mixed mode? The desktops are 2000 or XP. Thanks for your reply -----Original Message----- Wrom: QHYUCDDJBLVLMHAALPTCXLYRWTQTIPWIGYOKSTTZRCLBDX Sent: Friday, December 05, 2003 5:19 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Migrated NT4 domain member's computers have incorrect rights in 2 003 AD I unjoined and re-joined mine to the domain, this will work as long as you are running mixed mode, Or keep one nt4 dc around ----- Original Message ----- Wrom: RQBGJSNBOHMKHJYFMYX To: <[EMAIL PROTECTED]> Sent: Friday, December 05, 2003 10:53 AM Subject: [ActiveDir] Migrated NT4 domain member's computers have incorrect rights in 2 003 AD > Hi All, > > I did an in place upgrade from NT 4 -> 2003 AD > > The computers already part of the NT4 domain, get event 5788 and 5789 logon > errors in their system event logs. (though they are able to logon) > > Upon closer examination, newly joined computers to the domain have different > security rights when viewed in AD users and computers (advanced view). > Specifically, Authenticated users has 'read' checked and there is the > existence of the system group with full control security (on newly > joined clients to domain (2000 and XP) whereas the system group is not > listed in previous domain members. If I manually change the rights, > the errors stop (and the fully qualified computer name appears in the > general tab whereas it > is blank on pre-existing domain members) > > Is there any way to change all these security rights on the computers > that were part of the NT4 domain when upgraded via a script or other > method than > manually changing each computer's rights? > > Thanks -- BTW this maillist is a life saver! > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
