[gptalk] Re: Disabling Computer Accounts

It actually applied after some time and did the Job :-)

 

However, when I moved the machine back into an OU which didn't have the
policy assigned, the client simply didn't revoke back. In the end, I had to
remove the PC from the domain back to a workgroup and then back to the
domain. I may be outta my depth using this method.

 

Thanks for all your help guys

 

Ray

 

  _____  

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Alan & Margaret
Sent: 26 January 2007 22:32
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Disabling Computer Accounts

 

Ray,

 

The GPResult report shows that there are no policies being applied to the
Machine. 

 

What is the Policy name and is it applied to the test\Computers OU?

 

Alan Cuthbertson

 

 

 Policy Management Software:-

http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml>
&f=pol_summary.shtml

 

ADM Template Editor:-

http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml>
&f=adm_summary.shtml

 

Policy Log Reporter(Free)

http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml>
&f=policyreporter.shtml

 

 

 

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Ray Lewis
Sent: Saturday, 27 January 2007 9:00 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Disabling Computer Accounts

 

Mathieu, please see below..

 

Thanks again for you help on this...

 

 

Microsoft Windows XP [Version 5.1.2600]

(C) Copyright 1985-2001 Microsoft Corp.

 

U:\>gpupdate

Refreshing Policy...

 

User Policy Refresh has completed.

Computer Policy Refresh has completed.

 

 

U:\>gpresult

 

Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0

Copyright (C) Microsoft Corp. 1981-2001

 

Created On 26-01-2007 at 21:57:09

 

 

RSOP results for HOMEDOMAIN\razor on MASTER : Logging Mode

-----------------------------------------------------------

 

OS Type:                     Microsoft Windows XP Professional

OS Configuration:            Member Workstation

OS Version:                  5.1.2600

Domain Name:                 HOMEDOMAIN

Domain Type:                 Windows 2000

Site Name:                   Default-First-Site-Name

Roaming Profile:

Local Profile:               C:\Documents and Settings\razor

Connected over a slow link?: No

 

 

COMPUTER SETTINGS

------------------

    CN=MASTER,OU=Computers,OU=Test,DC=HomeDomain,DC=com

    Last time Group Policy was applied: 26-01-2007 at 21:56:45

    Group Policy was applied from:      DC-FileServer.HomeDomain.com

    Group Policy slow link threshold:   500 kbps

 

    Applied Group Policy Objects

    -----------------------------

        Computer Policy

 

    The following GPOs were not applied because they were filtered out

    -------------------------------------------------------------------

        Local Group Policy

            Filtering:  Not Applied (Empty)

 

    The computer is a part of the following security groups:

    --------------------------------------------------------

        BUILTIN\Administrators

        Everyone

        BUILTIN\Users

        NT AUTHORITY\NETWORK

        NT AUTHORITY\Authenticated Users

        MASTER$

        Domain Computers

 

 

USER SETTINGS

--------------

    CN=Razor,OU=Admin Users,DC=HomeDomain,DC=com

    Last time Group Policy was applied: 26-01-2007 at 21:56:45

    Group Policy was applied from:      DC-FileServer.HomeDomain.com

    Group Policy slow link threshold:   500 kbps

 

    Applied Group Policy Objects

    -----------------------------

        Admin Group Policy

        Local Group Policy

 

    The user is a part of the following security groups:

    ----------------------------------------------------

        Domain Users

        Everyone

        BUILTIN\Users

        BUILTIN\Administrators

        NT AUTHORITY\INTERACTIVE

        NT AUTHORITY\Authenticated Users

        LOCAL

        Group Policy Creator Owners

        Domain Admins

        Schema Admins

        Enterprise Admins

 

U:\>

 

-----Original Message-----

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On

Behalf Of Mathieu CHATEAU

Sent: 26 January 2007 21:47

To: gptalk@xxxxxxxxxxxxx

Subject: [gptalk] Re: Disabling Computer Accounts

 

so this station can still communicate with others that are not using ipsec ?

 

can you send me the gpresult from gpmc ?

 

ipsec can clearly prevent this unencrypted communication from my 

understanding

 

Regards,

Mathieu CHATEAU

http://lordoftheping.blogspot.com

 

 

----- Original Message ----- 

From: "Ray Lewis" <razor@xxxxxxxxxxxxxxxxxxxxxxxx>

To: <gptalk@xxxxxxxxxxxxx>

Sent: Friday, January 26, 2007 10:44 PM

Subject: [gptalk] Re: Disabling Computer Accounts

 

 

> Hello

> 

> Yes to both

> 

> Cheers

> 

> Ray

> 

> -----Original Message-----

> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On

> Behalf Of Mathieu CHATEAU

> Sent: 26 January 2007 21:35

> To: gptalk@xxxxxxxxxxxxx

> Subject: [gptalk] Re: Disabling Computer Accounts

> 

> did you replicate between AD and issue a gpupdate on the station ?

> is the windows ipsec service started ?

> 

> 

> Regards,

> Mathieu CHATEAU

> http://lordoftheping.blogspot.com

> 

> 

> ----- Original Message ----- 

> From: "Ray Lewis" <razor@xxxxxxxxxxxxxxxxxxxxxxxx>

> To: <gptalk@xxxxxxxxxxxxx>

> Sent: Friday, January 26, 2007 10:35 PM

> Subject: [gptalk] Re: Disabling Computer Accounts

> 

> 

>> Thanks Guys..

>> 

>> Mathieu, I tried this but unfortunately, it had no effect.

>> 

>> I cant think were Im going wrong

>> 

>> -----Original Message-----

>> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On

>> Behalf Of Mathieu CHATEAU

>> Sent: 26 January 2007 18:36

>> To: gptalk@xxxxxxxxxxxxx

>> Subject: [gptalk] Re: Disabling Computer Accounts

>> 

>> just to be clear,

>> you will find an example of the GPO to make as screenshot.

>> 

>> The goal is to allow only encrypted trafic and nothing else.

>> 

>> 

>> Regards,

>> Mathieu CHATEAU

>> http://lordoftheping.blogspot.com

>> 

>> 

>> ----- Original Message ----- 

>> From: <neil@xxxxxxxxxxxxxxxx>

>> To: <gptalk@xxxxxxxxxxxxx>

>> Sent: Thursday, January 25, 2007 5:03 PM

>> Subject: [gptalk] Disabling Computer Accounts

>> 

>> 

>>> Hi all,

>>> 

>>> Does anyone have any ideas on how best to achieve the following.

>>> 

>>> I need to make a computer that is intially built into the domain -

>>> virtually unusable until it is placed in the correct OU.

>>> 

>>> I had thought of applying a very restrictive GPO to the default 

>>> computers

>>> OU which made it unusable but not quite sure which settings to apply and

>>> if there are any issues with doing this.

>>> 

>>> It is bascially to stop people bypassing build procedures and policies

>>> and

>>> not putting the computer into the correct OU.

>>> 

>>> Thanks for any thoughts :)

>>> 

>>> Neil

>>> ***********************

>>> You can unsubscribe from gptalk by sending email to

>>> gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR

>>> by

>> 

>>> logging into the freelists.org Web interface. Archives for the list are

>>> available at http://www.freelists.org/archives/gptalk/

>>> ************************

>>> 

>> 

>> ***********************

>> You can unsubscribe from gptalk by sending email to

>> gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR 

>> by

> 

>> logging into the freelists.org Web interface. Archives for the list are

>> available at http://www.freelists.org/archives/gptalk/

>> ************************

>> 

> 

> ***********************

> You can unsubscribe from gptalk by sending email to

> gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by

> logging into the freelists.org Web interface. Archives for the list are

> available at http://www.freelists.org/archives/gptalk/

> ************************

> 

> ***********************

> You can unsubscribe from gptalk by sending email to 

> gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by

 

> logging into the freelists.org Web interface. Archives for the list are 

> available at http://www.freelists.org/archives/gptalk/

> ************************

> 

 

***********************

You can unsubscribe from gptalk by sending email to

gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by

logging into the freelists.org Web interface. Archives for the list are

available at http://www.freelists.org/archives/gptalk/

************************

 

***********************

You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at http://www.freelists.org/archives/gptalk/

************************

Other related posts: