If you have made changes to the local setting, in order to see the changes, run from a command prompt: secedit /refreshpolicy machine_policy /enforce. Do the same for user_policy if you have made any changes in the local group policy for the user section.
James Winzenz, MCSE, A+ Associate Systems Administrator Peregrine Systems, Inc. -----Original Message----- From: Buechler, Chris [mailto:[EMAIL PROTECTED]] Sent: Monday, December 10, 2001 3:06 PM To: NT 2000 Discussions Subject: RE: disable policy inheritance on 2000 Pro in NT domain I know what you mean about policies getting "stuck", that happens to us on NT systems from time to time. But, it's always ones that an affected user has logged on to. No user with any policies has ever logged on to any of the machines in question. They're all admin's machines, and some misc. servers. I tried disabling both user and computer policies in the GPO snap-in for the local machines on 2 different non-production servers and rebooted them, and still end up with the same problem in the local security policy. The local setting never changes the effective setting. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ed Esgro Sent: Monday, December 10, 2001 2:52 PM To: NT 2000 Discussions Subject: RE: disable policy inheritance on 2000 Pro in NT domain Has anybody logged on to these computers that has a policy on their account? What I am thinking is maybe a policy was installed for that computer by a user that has a policy and now it is taking precedence of all accounts that log on to the computer. What happens if you open up the MMC on the local computer, add the group policy snap in for the local computer and then choose to disable policies? Maybe that will just disable them all together. -----Original Message----- From: Buechler, Chris [mailto:[EMAIL PROTECTED]] Sent: Monday, December 10, 2001 2:44 PM To: NT 2000 Discussions Subject: RE: disable policy inheritance on 2000 Pro in NT domain That's what appears to be happening. It's strange. There are no policies whatsoever on my machine, my user id, nor any groups I am a member of in the ntconfig.pol file. That's why I'm baffled that I'm somehow getting something inherited from the domain... Or my machine thinks it is. This happens on all the Win 2000 machines we have (both pro and server), which is about 20 out of our 2500 machines. The rest are NT 4 SP6a. We do have extensive policies to lock down our branch users, but they are not applied to any of the admins (including me). I was wondering if I could somehow block inheritance from the domain. I know I could do it in the GPO's and domain policies, if only we had a 2000 domain... More thoughts, opinions, and experience from others in this same situation (2000 in NT domain) would be greatly appreciated! Thanks, Chris -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ed Esgro Sent: Monday, December 10, 2001 1:56 PM To: NT 2000 Discussions Subject: RE: disable policy inheritance on 2000 Pro in NT domain Are you saying that your domain is issuing a policy on your 2K box? If so then you will have to either remove the computer or the user account from policy editor. The ntconfig.pol file hosts this information, which is located in your netlogon directory of your domain controller. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 10, 2001 12:00 PM To: NT 2000 Discussions Subject: disable policy inheritance on 2000 Pro in NT domain Ok, I'm stumped on this one. I'm trying to find a way to disable policy inheritance on my 2000 Pro workstation which is in an NT 4 domain. If I try to modify my local security policy, the "effective setting" doesn't change because a non-existant domain policy is taking precedence. (maybe using the NT 4 policy?) We do have NT 4 system policies, but no policies for 2000 anywhere. I've searched Technet and support.microsoft.com to no avail. Anybody know how I can keep the domain policies from affecting my local policies? Thanks, Chris NT Administrator Hilliard Lyons ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] "MMS <hilliard.com>" made the following annotations on 12/10/01 14:41:46 ------------------------------------------------------------------------ ---- -- Caution: Electronic Mail (e-mail) sent through the Internet may not be secure and could be intercepted by a third party. For your protection avoid sending confidential or proprietary information, or identifying information such as account or social security numbers to others or us. Further, do not send time sensitive, action oriented messages such as orders to buy or sell securities, fund transfer instructions, check stop payments, etc., as it is our policy not to accept such items via e-mail. H-L reserves and intends to exercise the right to review e-mail communications. Not FDIC Insured - May Lose Value - No Bank Guarantee ======================================================================== ==== == ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] "MMS <hilliard.com>" made the following annotations on 12/10/01 15:04:03 ---------------------------------------------------------------------------- -- Caution: Electronic Mail (e-mail) sent through the Internet may not be secure and could be intercepted by a third party. For your protection avoid sending confidential or proprietary information, or identifying information such as account or social security numbers to others or us. Further, do not send time sensitive, action oriented messages such as orders to buy or sell securities, fund transfer instructions, check stop payments, etc., as it is our policy not to accept such items via e-mail. H-L reserves and intends to exercise the right to review e-mail communications. Not FDIC Insured - May Lose Value - No Bank Guarantee ============================================================================ == ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
