[gptalk] Re: Disabling Computer Accounts

  • From: "Ray Lewis" <razor@xxxxxxxxxxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Fri, 26 Jan 2007 21:59:52 -0000

Mathieu, please see below..

Thanks again for you help on this...


Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

U:\>gpupdate
Refreshing Policy...

User Policy Refresh has completed.
Computer Policy Refresh has completed.


U:\>gpresult

Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 26-01-2007 at 21:57:09


RSOP results for HOMEDOMAIN\razor on MASTER : Logging Mode
-----------------------------------------------------------

OS Type:                     Microsoft Windows XP Professional
OS Configuration:            Member Workstation
OS Version:                  5.1.2600
Domain Name:                 HOMEDOMAIN
Domain Type:                 Windows 2000
Site Name:                   Default-First-Site-Name
Roaming Profile:
Local Profile:               C:\Documents and Settings\razor
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
    CN=MASTER,OU=Computers,OU=Test,DC=HomeDomain,DC=com
    Last time Group Policy was applied: 26-01-2007 at 21:56:45
    Group Policy was applied from:      DC-FileServer.HomeDomain.com
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Computer Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The computer is a part of the following security groups:
    --------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        BUILTIN\Users
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        MASTER$
        Domain Computers


USER SETTINGS
--------------
    CN=Razor,OU=Admin Users,DC=HomeDomain,DC=com
    Last time Group Policy was applied: 26-01-2007 at 21:56:45
    Group Policy was applied from:      DC-FileServer.HomeDomain.com
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Admin Group Policy
        Local Group Policy

    The user is a part of the following security groups:
    ----------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Users
        BUILTIN\Administrators
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        LOCAL
        Group Policy Creator Owners
        Domain Admins
        Schema Admins
        Enterprise Admins

U:\>

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Mathieu CHATEAU
Sent: 26 January 2007 21:47
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Disabling Computer Accounts

so this station can still communicate with others that are not using ipsec ?

can you send me the gpresult from gpmc ?

ipsec can clearly prevent this unencrypted communication from my 
understanding

Regards,
Mathieu CHATEAU
http://lordoftheping.blogspot.com


----- Original Message ----- 
From: "Ray Lewis" <razor@xxxxxxxxxxxxxxxxxxxxxxxx>
To: <gptalk@xxxxxxxxxxxxx>
Sent: Friday, January 26, 2007 10:44 PM
Subject: [gptalk] Re: Disabling Computer Accounts


> Hello
>
> Yes to both
>
> Cheers
>
> Ray
>
> -----Original Message-----
> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
> Behalf Of Mathieu CHATEAU
> Sent: 26 January 2007 21:35
> To: gptalk@xxxxxxxxxxxxx
> Subject: [gptalk] Re: Disabling Computer Accounts
>
> did you replicate between AD and issue a gpupdate on the station ?
> is the windows ipsec service started ?
>
>
> Regards,
> Mathieu CHATEAU
> http://lordoftheping.blogspot.com
>
>
> ----- Original Message ----- 
> From: "Ray Lewis" <razor@xxxxxxxxxxxxxxxxxxxxxxxx>
> To: <gptalk@xxxxxxxxxxxxx>
> Sent: Friday, January 26, 2007 10:35 PM
> Subject: [gptalk] Re: Disabling Computer Accounts
>
>
>> Thanks Guys..
>>
>> Mathieu, I tried this but unfortunately, it had no effect.
>>
>> I cant think were Im going wrong
>>
>> -----Original Message-----
>> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
>> Behalf Of Mathieu CHATEAU
>> Sent: 26 January 2007 18:36
>> To: gptalk@xxxxxxxxxxxxx
>> Subject: [gptalk] Re: Disabling Computer Accounts
>>
>> just to be clear,
>> you will find an example of the GPO to make as screenshot.
>>
>> The goal is to allow only encrypted trafic and nothing else.
>>
>>
>> Regards,
>> Mathieu CHATEAU
>> http://lordoftheping.blogspot.com
>>
>>
>> ----- Original Message ----- 
>> From: <neil@xxxxxxxxxxxxxxxx>
>> To: <gptalk@xxxxxxxxxxxxx>
>> Sent: Thursday, January 25, 2007 5:03 PM
>> Subject: [gptalk] Disabling Computer Accounts
>>
>>
>>> Hi all,
>>>
>>> Does anyone have any ideas on how best to achieve the following.
>>>
>>> I need to make a computer that is intially built into the domain -
>>> virtually unusable until it is placed in the correct OU.
>>>
>>> I had thought of applying a very restrictive GPO to the default 
>>> computers
>>> OU which made it unusable but not quite sure which settings to apply and
>>> if there are any issues with doing this.
>>>
>>> It is bascially to stop people bypassing build procedures and policies
>>> and
>>> not putting the computer into the correct OU.
>>>
>>> Thanks for any thoughts :)
>>>
>>> Neil
>>> ***********************
>>> You can unsubscribe from gptalk by sending email to
>>> gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
>>> by
>>
>>> logging into the freelists.org Web interface. Archives for the list are
>>> available at http://www.freelists.org/archives/gptalk/
>>> ************************
>>>
>>
>> ***********************
>> You can unsubscribe from gptalk by sending email to
>> gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR 
>> by
>
>> logging into the freelists.org Web interface. Archives for the list are
>> available at http://www.freelists.org/archives/gptalk/
>> ************************
>>
>
> ***********************
> You can unsubscribe from gptalk by sending email to
> gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
> logging into the freelists.org Web interface. Archives for the list are
> available at http://www.freelists.org/archives/gptalk/
> ************************
>
> ***********************
> You can unsubscribe from gptalk by sending email to 
> gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by

> logging into the freelists.org Web interface. Archives for the list are 
> available at http://www.freelists.org/archives/gptalk/
> ************************
> 

***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at http://www.freelists.org/archives/gptalk/
************************

***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************

Other related posts: