RE: [ActiveDir] effective policies blocking local policies

[Rich Milburn]

I don’t think he’s going to get gpresult or GPMC with a Win2K server.  Did you check the site container for GPOs, then the domain container GPOs, and the Computers containers?  Check for Administrators group being listed under Restricted Groups  (Computer Configuration > Windows Settings \ Security Settings \ Restricted Groups) in each of the GPOs you find that can be applied to that computer.  Then check the same thing in the local policy (use the group policy snap-in for local computer in the mmc, not the Local Policy applet in Administrative Tools).  If that group is in there, then the only objects allowed in the local Administrators group are the ones listed.  We’ve used this to make sure only Domain Admins were members on all member computers. Rich   From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 12:34 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] effective policies blocking local policies   CCM servers are not supposed to be domain members.   Having said that, what do gpresult and GPMC tell you?   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marvin Cummings Sent: Wednesday, January 21, 2004 1:19 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] effective policies blocking local policies   I just added a w2k server running Cisco Call Manager to our network and it’s not responding too well to our domain. For instance I need to provide a few of the accounts the right to log on as a service but I’m not able to because there appears to be an effective policy in place preventing me from adding the users. We don’t have any policies in place on our network that would prevent this so I’m trying to figure out what would cause this. The Cisco guys are sure this is related to policy on our network and I think it’s related to the local security policy settings on that server. The server is currently sitting in the Computers container and the accounts have all been added to the domain admins group as requested. Am I overlooking something here in regards to group policy?   Thanks -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system.