RE: [ActiveDir] effective policies blocking local policies

[Kingslan, Rick T.]

Title: Message

I do hope that's true.  I'm going based off of what the Engineers that we deal with at Cisco are telling us.  Might be that they are being conservative to not set incorrect expectations.   We shall see, I guess.   Thanks!   -rtk From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Wednesday, January 21, 2004 2:15 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] effective policies blocking local policies I think that most of their development efforts right now are going to the "express" versions -- CCME and CUE. I would expect to see the full CCM and (maybe) CU offered on Linux before then based on scuttlebutt I've heard. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kingslan, Rick T. Sent: Wednesday, January 21, 2004 3:07 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] effective policies blocking local policies Yeah, and add to that - I sure wish that they (Cisco) would get their act together.  I'd REALLY like to go to Server 2003, except the CCM is not 'ready for prime time'.  Schema extensions and all, you know.....  Maybe Fall, 2004.   How much advance knowledge (aren't they a major Microsoft partner?) do you have to have to produce a product that is due 18 months after the OS that requires it?   (Sorry, Robbie....)   Rick Kingslan  MCSE, MCSA, MCT Microsoft MVP - Active Directory LAN Administration - Windows 2000 West Corporation 1-800-542-1000 ext. 116-1636 Direct# 402-716-1636 Fax# 402-343-2597 [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Wednesday, January 21, 2004 1:43 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] effective policies blocking local policies That's what they said in class. :-) And on the CCM tests. :-)   More seriously, from the Callmanager 3.3 release notes:   Caution   When a server exists in a domain, authentication between servers may fail, or the non-default domain security policies may restrict Cisco CallManager from building critical NT Accounts. Failing to remove the system from the domain and add it to a workgroup may cause upgrade errors, upgrade failures, or a total system failure, which includes a loss of data and a complete reinstallation of Cisco CallManager.   This is combined with the fact that when you switch back and forth between workgroup and domain membership, you are required to basically reconfigure CCM each time (the server instance name changes).   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser Sent: Wednesday, January 21, 2004 2:14 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] effective policies blocking local policies Michael; why are CCMs not supposed to be domain members? Thanks!     ********************** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 985 0975 x5083 ********************** -----Original Message----- From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 10:34 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] effective policies blocking local policies CCM servers are not supposed to be domain members.   Having said that, what do gpresult and GPMC tell you?   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marvin Cummings Sent: Wednesday, January 21, 2004 1:19 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] effective policies blocking local policies   I just added a w2k server running Cisco Call Manager to our network and it's not responding too well to our domain. For instance I need to provide a few of the accounts the right to log on as a service but I'm not able to because there appears to be an effective policy in place preventing me from adding the users. We don't have any policies in place on our network that would prevent this so I'm trying to figure out what would cause this. The Cisco guys are sure this is related to policy on our network and I think it's related to the local security policy settings on that server. The server is currently sitting in the Computers container and the accounts have all been added to the domain admins group as requested. Am I overlooking something here in regards to group policy?   Thanks