[gptalk] Re: Windows Server 2003 R2 SP2 GPO Access denied (security filtering)

  • From: "tan hs" <tanhsjunk@xxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Thu, 13 Mar 2008 09:36:40 +0800

Hi,
'tan1' is a user object which is a member of 'grp_limited' and
'grp_limited' is a member of 'Remote Desktop Users' group.
What my intention is I would like MRS L policy to be global, so I put
it under the DC, I think I can put it under Domain too (either one).
Then, for this user 'tan1', when ever he login from any PCs (not
joined to domain, but use Remote Desktop Connection to connect into
the DC machine), the same set of policies will applied throughout the company.

The following is the output of the GPMC in html.  So, copy and paste
and rename it to dot html file.  You should be able to
see the whole pictures.

Thank you for your help.

<-- copy and paste start after this line...
<html dir="ltr" xmlns:v="urn:schemas-microsoft-com:vml"
gpmc_reportInitialized="false">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-16" />
<title>MYDNS\tan1 on MYDNS\MRS</title>
<!-- Styles -->
<style type="text/css">
                body    { background-color:#FFFFFF; border:1px solid
#666666; color:#000000; font-size:68%; font-family:MS Shell Dlg;
margin:0,0,10px,0; word-break:normal; word-wrap:break-word; }

                table   { font-size:100%; table-layout:fixed; width:100%; }

                td,th   { overflow:visible; text-align:left;
vertical-align:top; white-space:normal; }

                .title  { background:#FFFFFF; border:none;
color:#333333; display:block; height:24px; margin:0px,0px,-1px,0px;
padding-top:4px; position:relative; table-layout:fixed; width:100%;
z-index:5; }

                .he0_expanded    { background-color:#FEF7D6;
border:1px solid #BBBBBB; color:#3333CC; cursor:hand; display:block;
font-family:MS Shell Dlg; font-size:100%; font-weight:bold;
height:2.25em; margin-bottom:-1px; margin-left:0px; margin-right:0px;
padding-left:8px; padding-right:5em; padding-top:4px;
position:relative; width:100%; }

                .he1_expanded    { background-color:#A0BACB;
border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block;
font-family:MS Shell Dlg; font-size:100%; font-weight:bold;
height:2.25em; margin-bottom:-1px; margin-left:10px; margin-right:0px;
padding-left:8px; padding-right:5em; padding-top:4px;
position:relative; width:100%; }

                .he1    { background-color:#A0BACB; border:1px solid
#BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS
Shell Dlg; font-size:100%; font-weight:bold; height:2.25em;
margin-bottom:-1px; margin-left:10px; margin-right:0px;
padding-left:8px; padding-right:5em; padding-top:4px;
position:relative; width:100%; }

                .he2    { background-color:#C0D2DE; border:1px solid
#BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS
Shell Dlg; font-size:100%; font-weight:bold; height:2.25em;
margin-bottom:-1px; margin-left:20px; margin-right:0px;
padding-left:8px; padding-right:5em; padding-top:4px;
position:relative; width:100%; }

                .he3    { background-color:#D9E3EA; border:1px solid
#BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS
Shell Dlg; font-size:100%; font-weight:bold; height:2.25em;
margin-bottom:-1px; margin-left:30px; margin-right:0px;
padding-left:11px; padding-right:5em; padding-top:4px;
position:relative; width:100%; }

                .he4    { background-color:#E8E8E8; border:1px solid
#BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS
Shell Dlg; font-size:100%; font-weight:bold; height:2.25em;
margin-bottom:-1px; margin-left:40px; margin-right:0px;
padding-left:11px; padding-right:5em; padding-top:4px;
position:relative; width:100%; }

                .he4h   { background-color:#E8E8E8; border:1px solid
#BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS
Shell Dlg; font-size:100%; font-weight:bold; height:2.25em;
margin-bottom:-1px; margin-left:45px; margin-right:0px;
padding-left:11px; padding-right:5em; padding-top:4px;
position:relative; width:100%; }

                .he4i   { background-color:#F9F9F9; border:1px solid
#BBBBBB; color:#000000; display:block; font-family:MS Shell Dlg;
font-size:100%; margin-bottom:-1px; margin-left:45px;
margin-right:0px; padding-bottom:5px; padding-left:21px;
padding-top:4px; position:relative; width:100%; }

                .he5    { background-color:#E8E8E8; border:1px solid
#BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS
Shell Dlg; font-size:100%; font-weight:bold; height:2.25em;
margin-bottom:-1px; margin-left:50px; margin-right:0px;
padding-left:11px; padding-right:5em; padding-top:4px;
position:relative; width:100%; }

                .he5h   { background-color:#E8E8E8; border:1px solid
#BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS
Shell Dlg; font-size:100%; padding-left:11px; padding-right:5em;
padding-top:4px; margin-bottom:-1px; margin-left:55px;
margin-right:0px; position:relative; width:100%; }

                .he5i   { background-color:#F9F9F9; border:1px solid
#BBBBBB; color:#000000; display:block; font-family:MS Shell Dlg;
font-size:100%; margin-bottom:-1px; margin-left:55px;
margin-right:0px; padding-left:21px; padding-bottom:5px; padding-top:
4px; position:relative; width:100%; }

                DIV .expando { color:#000000; text-decoration:none;
display:block; font-family:MS Shell Dlg; font-size:100%;
font-weight:normal; position:absolute; right:10px;
text-decoration:underline; z-index: 0; }

                .he0 .expando { font-size:100%; }

                .info, .info3, .info4, .disalign  { line-height:1.6em;
padding:0px,0px,0px,0px; margin:0px,0px,0px,0px; }

                .disalign TD                      {
padding-bottom:5px; padding-right:10px; }

                .info TD                          {
padding-right:10px; width:50%; }

                .info3 TD                         {
padding-right:10px; width:33%; }

                .info4 TD, .info4 TH              {
padding-right:10px; width:25%; }

                .info TH, .info3 TH, .info4 TH, .disalign TH {
border-bottom:1px solid #CCCCCC; padding-right:10px; }

                .subtable, .subtable3             { border:1px solid
#CCCCCC; margin-left:0px; background:#FFFFFF; margin-bottom:10px; }

                .subtable TD, .subtable3 TD       { padding-left:10px;
padding-right:5px; padding-top:3px; padding-bottom:3px;
line-height:1.1em; width:10%; }

                .subtable TH, .subtable3 TH       { border-bottom:1px
solid #CCCCCC; font-weight:normal; padding-left:10px;
line-height:1.6em;  }

                .subtable .footnote               { border-top:1px
solid #CCCCCC; }

                .subtable3 .footnote, .subtable .footnote {
border-top:1px solid #CCCCCC; }

                .subtable_frame     { background:#D9E3EA; border:1px
solid #CCCCCC; margin-bottom:10px; margin-left:15px; }

                .subtable_frame TD  { line-height:1.1em;
padding-bottom:3px; padding-left:10px; padding-right:15px;
padding-top:3px; }

                .subtable_frame TH  { border-bottom:1px solid #CCCCCC;
font-weight:normal; padding-left:10px; line-height:1.6em; }

                .subtableInnerHead { border-bottom:1px solid #CCCCCC;
border-top:1px solid #CCCCCC; }

                .explainlink            { color:#000000;
text-decoration:none; cursor:hand; }

                .explainlink:hover      { color:#0000FF;
text-decoration:underline; }

                .spacer { background:transparent; border:1px solid
#BBBBBB; color:#FFFFFF; display:block; font-family:MS Shell Dlg;
font-size:100%; height:10px; margin-bottom:-1px; margin-left:43px;
margin-right:0px; padding-top: 4px; position:relative; }

                .filler { background:transparent; border:none;
color:#FFFFFF; display:block; font:100% MS Shell Dlg; line-height:8px;
margin-bottom:-1px; margin-left:43px; margin-right:0px;
padding-top:4px; position:relative; }

                .container { display:block; position:relative; }

                .rsopheader { background-color:#A0BACB;
border-bottom:1px solid black; color:#333333; font-family:MS Shell
Dlg; font-size:130%; font-weight:bold; padding-bottom:5px;
text-align:center; }

                .rsopname { color:#333333; font-family:MS Shell Dlg;
font-size:130%; font-weight:bold; padding-left:11px; }

                .gponame{ color:#333333; font-family:MS Shell Dlg;
font-size:130%; font-weight:bold; padding-left:11px; }

                .gpotype{ color:#333333; font-family:MS Shell Dlg;
font-size:100%; font-weight:bold; padding-left:11px; }

                #uri    { color:#333333; font-family:MS Shell Dlg;
font-size:100%; padding-left:11px; }

                #dtstamp{ color:#333333; font-family:MS Shell Dlg;
font-size:100%; padding-left:11px; text-align:left; width:30%; }

                #objshowhide { color:#000000; cursor:hand;
font-family:MS Shell Dlg; font-size:100%; font-weight:bold;
margin-right:0px; padding-right:10px; text-align:right;
text-decoration:underline; z-index:2; word-wrap:normal; }

                #gposummary { display:block; }

                #gpoinformation { display:block; }

                @media print {

                    #objshowhide{ display:none; }

                    body    { color:#000000; border:1px solid #000000; }

                    .title  { color:#000000; border:1px solid #000000; }

                    .he0_expanded    { color:#000000; border:1px solid
#000000; }

                    .he1_expanded    { color:#000000; border:1px solid
#000000; }

                    .he1    { color:#000000; border:1px solid #000000; }

                    .he2    { color:#000000; background:#EEEEEE;
border:1px solid #000000; }

                    .he3    { color:#000000; border:1px solid #000000; }

                    .he4    { color:#000000; border:1px solid #000000; }

                    .he4h   { color:#000000; border:1px solid #000000; }

                    .he4i   { color:#000000; border:1px solid #000000; }

                    .he5    { color:#000000; border:1px solid #000000; }

                    .he5h   { color:#000000; border:1px solid #000000; }

                    .he5i   { color:#000000; border:1px solid #000000; }

                    }

                    v\:* {behavior:url(#default#VML);}

</style>
<!-- Script 1 -->

<script language="vbscript">
<!--
'================================================================================
' String "strShowHide(0/1)"
' 0 = Hide all mode.
' 1 = Show all mode.
strShowHide = 1

'Localized strings
strShow = "show"
strHide = "hide"
strShowAll = "show all"
strHideAll = "hide all"
strShown = "shown"
strHidden = "hidden"
strExpandoNumPixelsFromEdge = "10px"


Function IsSectionHeader(obj)
    IsSectionHeader = (obj.className = "he0_expanded") Or
(obj.className = "he1_expanded") Or (obj.className = "he1") Or
(obj.className = "he2") Or (obj.className = "he3") Or (obj.className =
"he4") Or (obj.className = "he4h") Or (obj.className = "he5") Or
(obj.className = "he5h")
End Function


Function IsSectionExpandedByDefault(objHeader)
    IsSectionExpandedByDefault = (Right(objHeader.className,
Len("_expanded")) = "_expanded")
End Function


' strState must be show | hide | toggle
Sub SetSectionState(objHeader, strState)
    ' Get the container object for the section.  It's the first one
after the header obj.

    i = objHeader.sourceIndex
    Set all = objHeader.parentElement.document.all
    While (all(i).className <> "container")
        i = i + 1
    Wend

    Set objContainer = all(i)

    If strState = "toggle" Then
        If objContainer.style.display = "none" Then
            SetSectionState objHeader, "show"
        Else
            SetSectionState objHeader, "hide"
        End If

    Else
        Set objExpando = objHeader.children.item(1)

        If strState = "show" Then
            objContainer.style.display = "block"
            objExpando.innerText = strHide

        ElseIf strState = "hide" Then
            objContainer.style.display = "none"
            objExpando.innerText = strShow
        End If
    End If
End Sub


Sub ShowSection(objHeader)
    SetSectionState objHeader, "show"
End Sub


Sub HideSection(objHeader)
    SetSectionState objHeader, "hide"
End Sub


Sub ToggleSection(objHeader)
    SetSectionState objHeader, "toggle"
End Sub


'================================================================================
' When user clicks anywhere in the document body, determine if user is clicking
' on a header element.
'================================================================================
Function document_onclick()
    Set strsrc    = window.event.srcElement

    While (strsrc.className = "sectionTitle" Or strsrc.className =
"expando" Or strsrc.className = "vmlimage")
        Set strsrc = strsrc.parentElement
    Wend

    ' Only handle clicks on headers.
    If Not IsSectionHeader(strsrc) Then Exit Function

    ToggleSection strsrc

    window.event.returnValue = False
End Function

'================================================================================
' link at the top of the page to collapse/expand all collapsable elements
'================================================================================
Function objshowhide_onClick()
    Set objBody = document.body.all
    Select Case strShowHide
        Case 0
            strShowHide = 1
            objshowhide.innerText = strShowAll
            For Each obji In objBody
                If IsSectionHeader(obji) Then
                    HideSection obji
                End If
            Next
        Case 1
            strShowHide = 0
            objshowhide.innerText = strHideAll
            For Each obji In objBody
                If IsSectionHeader(obji) Then
                    ShowSection obji
                End If
            Next
    End Select
End Function

'================================================================================
' onload collapse all except the first two levels of headers (he0, he1)
'================================================================================
Function window_onload()
    ' Only initialize once.  The UI may reinsert a report into the
webbrowser control,
    ' firing onLoad multiple times.
    If UCase(document.documentElement.getAttribute("gpmc_reportInitialized"))
<> "TRUE" Then

        ' Initialize sections to default expanded/collapsed state.
        Set objBody = document.body.all

        For Each obji in objBody
            If IsSectionHeader(obji) Then
                If IsSectionExpandedByDefault(obji) Then
                    ShowSection obji
                Else
                    HideSection obji
                End If
            End If
        Next

        objshowhide.innerText = strShowAll

        document.documentElement.setAttribute "gpmc_reportInitialized", "true"
    End If
End Function




'================================================================================
' When direction (LTR/RTL) changes, change adjust for readability
'================================================================================
Function document_onPropertyChange()
    If window.event.propertyName = "dir" Then
        Call fDetDir(UCase(document.dir))
    End If
End Function
Function fDetDir(strDir)
    strDir = UCase(strDir)
    Select Case strDir
        Case "LTR"
            Set colRules = document.styleSheets(0).rules
            For i = 0 To colRules.length -1
                Set nug = colRules.item(i)
                strClass = nug.selectorText
                If nug.style.textAlign = "right" Then
                    nug.style.textAlign = "left"
                End If
                Select Case strClass
                    Case "DIV .expando"
                        nug.style.Left = ""
                        nug.style.right = strExpandoNumPixelsFromEdge
                    Case "#objshowhide"
                        nug.style.textAlign = "right"
                End Select
            Next
        Case "RTL"
            Set colRules = document.styleSheets(0).rules
            For i = 0 To colRules.length -1
                Set nug = colRules.item(i)
                strClass = nug.selectorText
                If nug.style.textAlign = "left" Then
                    nug.style.textAlign = "right"
                End If
                Select Case strClass
                    Case "DIV .expando"
                        nug.style.Left = strExpandoNumPixelsFromEdge
                        nug.style.right = ""
                    Case "#objshowhide"
                        nug.style.textAlign = "left"
                End Select
            Next
    End Select
End Function

'================================================================================
'When printing reports, if a given section is expanded, let's says
"shown" (instead of "hide" in the UI).
'================================================================================
Function window_onbeforeprint()
    For Each obji In document.all
        If obji.className = "expando" Then
            If obji.innerText = strHide Then obji.innerText = strShown
            If obji.innerText = strShow Then obji.innerText = strHidden
        End If
    Next
End Function

'================================================================================
'If a section is collapsed, change to "hidden" in the printout
(instead of "show").
'================================================================================
Function window_onafterprint()
    For Each obji In document.all
        If obji.className = "expando" Then
            If obji.innerText = strShown Then obji.innerText = strHide
            If obji.innerText = strHidden Then obji.innerText = strShow
        End If
    Next
End Function

'================================================================================
' Adding keypress support for accessibility
'================================================================================
Function document_onKeyPress()
    If window.event.keyCode = "32" Or window.event.keyCode = "13" Or
window.event.keyCode = "10" Then 'space bar (32) or carriage return
(13) or line feed (10)
        If window.event.srcElement.className = "expando" Then Call
document_onclick() : window.event.returnValue = false
        If window.event.srcElement.className = "sectionTitle" Then
Call document_onclick() : window.event.returnValue = false
        If window.event.srcElement.id = "objshowhide" Then Call
objshowhide_onClick() : window.event.returnValue = false
    End If
End Function

-->
</script>

<!-- Script 2 -->

<script language="javascript">
<!--
function getExplainWindowTitle()
{
        return document.getElementById("explainText_windowTitle").innerHTML;
}

function getExplainWindowStyles()
{
        return document.getElementById("explainText_windowStyles").innerHTML;
}

function getExplainWindowSettingPathLabel()
{
        return 
document.getElementById("explainText_settingPathLabel").innerHTML;
}

function getExplainWindowExplainTextLabel()
{
        return 
document.getElementById("explainText_explainTextLabel").innerHTML;
}

function getExplainWindowPrintButton()
{
        return document.getElementById("explainText_printButton").innerHTML;
}

function getExplainWindowCloseButton()
{
        return document.getElementById("explainText_closeButton").innerHTML;
}

function getNoExplainTextAvailable()
{
        return 
document.getElementById("explainText_noExplainTextAvailable").innerHTML;
}

function getExplainWindowSupportedLabel()
{
        return document.getElementById("explainText_supportedLabel").innerHTML;
}

function getNoSupportedTextAvailable()
{
        return 
document.getElementById("explainText_noSupportedTextAvailable").innerHTML;
}

function showExplainText(srcElement)
{
    var strSettingName = srcElement.getAttribute("gpmc_settingName");
    var strSettingPath = srcElement.getAttribute("gpmc_settingPath");
    var strSettingDescription =
srcElement.getAttribute("gpmc_settingDescription");

    if (strSettingDescription == "")
    {
                strSettingDescription = getNoExplainTextAvailable();
    }

    var strSupported = srcElement.getAttribute("gpmc_supported");

    if (strSupported == "")
    {
        strSupported = getNoSupportedTextAvailable();
    }

    var strHtml = "<html>\n";
    strHtml += "<head>\n";
    strHtml += "<title>" + getExplainWindowTitle() + "</title>\n";
    strHtml += "<style type='text/css'>\n" + getExplainWindowStyles()
+ "</style>\n";
    strHtml += "</head>\n";
    strHtml += "<body>\n";
    strHtml += "<div class='head'>" + strSettingName +"</div>\n";
    strHtml += "<div class='path'><b>" +
getExplainWindowSettingPathLabel() + "</b><br/>" + strSettingPath
+"</div>\n";
    strHtml += "<div class='path'><b>" +
getExplainWindowSupportedLabel() + "</b><br/>" + strSupported
+"</div>\n";
    strHtml += "<div class='info'>\n";
    strHtml += "<div class='hdr'>" +
getExplainWindowExplainTextLabel() + "</div>\n";
    strHtml += "<div class='bdy'>" + strSettingDescription + "</div>\n";
    strHtml += "<div class='btn'>";
    strHtml += getExplainWindowPrintButton();
    strHtml += getExplainWindowCloseButton();
    strHtml += "</div></body></html>";

    var strDiagArgs = "height=360px, width=630px, status=no,
toolbar=no, scrollbars=yes, resizable=yes ";
    var expWin = window.open("", "expWin", strDiagArgs);
    expWin.document.write("");
    expWin.document.close();
    expWin.document.write(strHtml);
    expWin.document.close();
    expWin.focus();

    //cancels navigation for IE.
    if(navigator.userAgent.indexOf("MSIE") > 0)
    {
        window.event.returnValue = false;
    }

    return false;
}
-->
</script>

</head>

<body>

<!-- HTML resources -->
<div style="display:none;">
        <div id="explainText_windowTitle">Group Policy Management</div>
        <div id="explainText_windowStyles">

                            body  { font-size:68%;font-family:MS Shell
Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666;
background:#F6F6F6; width:100%; word-break:normal;
word-wrap:break-word; }

                            .head { font-weight:bold; font-size:160%;
font-family:MS Shell Dlg; width:100%; color:#6587DC;
background:#E3EAF9; border:1px solid #5582D2; padding-left:8px;
height:24px; }

                            .path { margin-left: 10px; margin-top:
10px; margin-bottom:5px;width:100%; }

                            .info { padding-left:10px;width:100%; }

                            table { font-size:100%; width:100%;
border:1px solid #999999; }

                            th    { border-bottom:1px solid #999999;
text-align:left; padding-left:10px; height:24px; }

                            td    { background:#FFFFFF;
padding-left:10px; padding-bottom:10px; padding-top:10px; }

                            .btn  { width:100%; text-align:right;
margin-top:16px; }

                            .hdr  { font-weight:bold; border:1px solid
#999999; text-align:left; padding-top: 4px; padding-left:10px;
height:24px; margin-bottom:-1px; width:100%; }

                            .bdy  { width:100%; height:182px;
display:block; overflow:scroll; z-index:2; background:#FFFFFF;
padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px
solid #999999; }

                            button { width:6.9em; height:2.1em;
font-size:100%; font-family:MS Shell Dlg; margin-right:15px; }

                            @media print {

                                .bdy { display:block; overflow:visible; }

                                button { display:none; }

                                .head { color:#000000;
background:#FFFFFF; border:1px solid #000000; }

                            }


        </div>
        <div id="explainText_settingPathLabel">Setting Path:</div>
        <div id="explainText_explainTextLabel">Explanation</div>
        <div id="explainText_printButton">
        <button name="Print" onClick="window.print()"
accesskey="P"><u>P</u>rint</button>

                </div>
        <div id="explainText_closeButton">
        <button name="Close" onClick="window.close()"
accesskey="C"><u>C</u>lose</button>

        </div>
        <div id="explainText_noExplainTextAvailable">No explanation is
available for this setting.</div>
        <div id="explainText_supportedLabel">Supported On:</div>
        <div id="explainText_noSupportedTextAvailable">Not available</div>
</div><table class="title" cellpadding="0" cellspacing="0">
<tr><td colspan="2" class="rsopheader">Group Policy Results</td></tr>
<tr><td colspan="2" class="rsopname">MYDNS\tan1 on MYDNS\MRS</td></tr>
<tr><td id="dtstamp">Data collected on: 3/12/2008 4:14:04
PM</td><td><div id="objshowhide" tabindex="0"></div></td></tr>
</table>
<div class="rsopsummary">
<div class="he0_expanded"><span class="sectionTitle"
tabindex="0">Summary</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he1_expanded"><span
class="sectionTitle" tabindex="0">Computer Configuration
Summary</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he2"><span class="sectionTitle"
tabindex="0">General</span><a class="expando" href="#"></a></div>
        <div class="container"><div class="he4i"><table class="info"
cellpadding="0" cellspacing="0">
<tr><td>Computer name</td><td>MYDNS\MRS</td></tr>
<tr><td>Domain</td><td>mydns.com</td></tr>
<tr><td>Site</td><td>Default-First-Site</td></tr>
<tr><td>Last time Group Policy was processed</td><td>3/12/2008 4:13:54
PM</td></tr>
</table>
</div></div>
<div class="he2"><span class="sectionTitle" tabindex="0">Group Policy
Objects</span><a class="expando" href="#"></a></div>
        <div class="container"><div class="he3"><span
class="sectionTitle" tabindex="0">Applied GPOs</span><a
class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3"
cellpadding="0" cellspacing="0">
<tr><th scope="col">Name</th><th scope="col">Link Location</th><th
scope="col">Revision</th></tr>
<tr><td>Local Group Policy</td><td>Local</td><td>AD (1), Sysvol (1)</td></tr>
<tr><td>Default Domain Policy</td><td>mydns.com</td><td>AD (14),
Sysvol (14)</td></tr>
<tr><td>Default Domain Controllers Policy</td><td>mydns.com/Domain
Controllers</td><td>AD (26), Sysvol (26)</td></tr>
</table>
</div></div><div class="he3"><span class="sectionTitle"
tabindex="0">Denied GPOs</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3"
cellpadding="0" cellspacing="0">
<tr><th scope="col">Name</th><th scope="col">Link Location</th><th
scope="col">Reason Denied</th></tr>
<tr><td>MRS L</td><td>mydns.com/Domain Controllers</td><td>Access
Denied (Security Filtering)</td></tr>
</table>
</div></div></div>
<div class="he2"><span class="sectionTitle" tabindex="0">Security
Group Membership when Group Policy was applied</span><a
class="expando" href="#"></a></div>
        <div class="container"><div
class="he4i">BUILTIN\Administrators<br/>Everyone<br/>BUILTIN\Pre-Windows
2000 Compatible Access<br/>BUILTIN\Users<br/>BUILTIN\Windows
Authorization Access Group<br/>NT AUTHORITY\NETWORK<br/>NT
AUTHORITY\Authenticated Users<br/>NT AUTHORITY\This
Organization<br/>MYDNS\MRS$<br/>MYDNS\Domain Controllers<br/>NT
AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS</div></div>
<div class="he2"><span class="sectionTitle" tabindex="0">WMI
Filters</span><a class="expando" href="#"></a></div>
        <div class="container"><div class="he4i"><table class="info3"
cellpadding="0" cellspacing="0">
<tr><th scope="col">Name</th><th scope="col">Value</th><th
scope="col">Reference GPO(s)</th></tr>
<tr><td colspan="3">None</td></tr></table>
</div></div>
<div class="he2"><span class="sectionTitle" tabindex="0">Component
Status</span><a class="expando" href="#"></a></div>
        <div class="container"><div class="he4i"><table class="info3"
cellpadding="0" cellspacing="0">
<tr><th scope="col">Component Name</th><th scope="col">Status</th><th
scope="col">Last Process Time</th></tr>
<tr><td>Group Policy Infrastructure</td><td>Success</td><td>3/12/2008
4:13:58 PM</td></tr>
<tr><td>EFS recovery</td><td>Success (no data)</td><td>3/12/2008
4:13:58 PM</td></tr>
<tr><td>Registry</td><td>Success</td><td>3/12/2008 4:13:54 PM</td></tr>
<tr><td>Security</td><td>Success</td><td>3/12/2008 4:13:58 PM</td></tr>
</table>
</div></div>
</div>
<div class="filler"></div>
<div class="he1_expanded"><span class="sectionTitle" tabindex="0">User
Configuration Summary</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he2"><span class="sectionTitle"
tabindex="0">General</span><a class="expando" href="#"></a></div>
        <div class="container"><div class="he4i"><table class="info"
cellpadding="0" cellspacing="0">
<tr><td>User name</td><td>MYDNS\tan1</td></tr>
<tr><td>Domain</td><td>mydns.com</td></tr>
<tr><td>Last time Group Policy was processed</td><td>3/12/2008 3:10:32
PM</td></tr>
</table>
</div></div>
<div class="he2"><span class="sectionTitle" tabindex="0">Group Policy
Objects</span><a class="expando" href="#"></a></div>
        <div class="container"><div class="he3"><span
class="sectionTitle" tabindex="0">Applied GPOs</span><a
class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3"
cellpadding="0" cellspacing="0">
<tr><th scope="col">Name</th><th scope="col">Link Location</th><th
scope="col">Revision</th></tr>
<tr><td>Default Domain Policy</td><td>mydns.com</td><td>AD (5), Sysvol
(5)</td></tr>
</table>
</div></div><div class="he3"><span class="sectionTitle"
tabindex="0">Denied GPOs</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3"
cellpadding="0" cellspacing="0">
<tr><th scope="col">Name</th><th scope="col">Link Location</th><th
scope="col">Reason Denied</th></tr>
<tr><td>Local Group Policy</td><td>Local</td><td>Empty</td></tr>
</table>
</div></div></div>
<div class="he2"><span class="sectionTitle" tabindex="0">Security
Group Membership when Group Policy was applied</span><a
class="expando" href="#"></a></div>
        <div class="container"><div class="he4i">MYDNS\Domain
Users<br/>Everyone<br/>BUILTIN\Users<br/>BUILTIN\Pre-Windows 2000
Compatible Access<br/>BUILTIN\Remote Desktop Users<br/>NT
AUTHORITY\REMOTE INTERACTIVE LOGON<br/>NT AUTHORITY\INTERACTIVE<br/>NT
AUTHORITY\Authenticated Users<br/>NT AUTHORITY\This
Organization<br/>LOCAL<br/>MYDNS\grp_limited</div></div>
<div class="he2"><span class="sectionTitle" tabindex="0">WMI
Filters</span><a class="expando" href="#"></a></div>
        <div class="container"><div class="he4i"><table class="info3"
cellpadding="0" cellspacing="0">
<tr><th scope="col">Name</th><th scope="col">Value</th><th
scope="col">Reference GPO(s)</th></tr>
<tr><td colspan="3">None</td></tr></table>
</div></div>
<div class="he2"><span class="sectionTitle" tabindex="0">Component
Status</span><a class="expando" href="#"></a></div>
        <div class="container"><div class="he4i"><table class="info3"
cellpadding="0" cellspacing="0">
<tr><th scope="col">Component Name</th><th scope="col">Status</th><th
scope="col">Last Process Time</th></tr>
<tr><td>Group Policy Infrastructure</td><td>Success</td><td>3/12/2008
3:10:33 PM</td></tr>
<tr><td>Registry</td><td>Success</td><td>3/12/2008 2:45:49 PM</td></tr>
</table>
</div></div>
</div></div>
<div class="filler"></div>
</div>

<div class="rsopsettings">
<div class="he0_expanded"><span class="sectionTitle"
tabindex="0">Computer Configuration</span><a class="expando"
href="#"></a></div>
<div class="container"><div class="he1_expanded"><span
class="sectionTitle" tabindex="0">Windows Settings</span><a
class="expando" href="#"></a></div>
<div class="container"><div class="he2"><span class="sectionTitle"
tabindex="0">Security Settings</span><a class="expando"
href="#"></a></div>
        <div class="container"><div class="he3"><span
class="sectionTitle" tabindex="0">Account Policies/Password
Policy</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3"
cellpadding="0" cellspacing="0">
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th
scope="col">Winning GPO</th></tr>
<tr><td>Enforce password history</td><td>24 passwords
remembered</td><td>Default Domain Policy</td></tr>
<tr><td>Maximum password age</td><td>42 days</td><td>Default Domain
Policy</td></tr>
<tr><td>Minimum password age</td><td>1 days</td><td>Default Domain
Policy</td></tr>
<tr><td>Minimum password length</td><td>7 characters</td><td>Default
Domain Policy</td></tr>
<tr><td>Password must meet complexity
requirements</td><td>Enabled</td><td>Default Domain Policy</td></tr>
<tr><td>Store passwords using reversible
encryption</td><td>Disabled</td><td>Default Domain Policy</td></tr>
</table>
</div></div><div class="he3"><span class="sectionTitle"
tabindex="0">Account Policies/Account Lockout Policy</span><a
class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3"
cellpadding="0" cellspacing="0">
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th
scope="col">Winning GPO</th></tr>
<tr><td>Account lockout threshold</td><td>0 invalid logon
attempts</td><td>Default Domain Policy</td></tr>
</table>
</div></div><div class="he3"><span class="sectionTitle"
tabindex="0">Account Policies/Kerberos Policy</span><a class="expando"
href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3"
cellpadding="0" cellspacing="0">
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th
scope="col">Winning GPO</th></tr>
<tr><td>Enforce user logon
restrictions</td><td>Enabled</td><td>Default Domain Policy</td></tr>
<tr><td>Maximum lifetime for service ticket</td><td>600
minutes</td><td>Default Domain Policy</td></tr>
<tr><td>Maximum lifetime for user ticket</td><td>10
hours</td><td>Default Domain Policy</td></tr>
<tr><td>Maximum lifetime for user ticket renewal</td><td>7
days</td><td>Default Domain Policy</td></tr>
<tr><td>Maximum tolerance for computer clock synchronization</td><td>5
minutes</td><td>Default Domain Policy</td></tr>
</table>
</div></div><div class="he3"><span class="sectionTitle"
tabindex="0">Local Policies/Audit Policy</span><a class="expando"
href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3"
cellpadding="0" cellspacing="0">
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th
scope="col">Winning GPO</th></tr>
<tr><td>Audit account logon events</td><td>Success</td><td>Default
Domain Controllers Policy</td></tr>
<tr><td>Audit account management</td><td>No auditing</td><td>Default
Domain Controllers Policy</td></tr>
<tr><td>Audit directory service access</td><td>No
auditing</td><td>Default Domain Controllers Policy</td></tr>
<tr><td>Audit logon events</td><td>Success</td><td>Default Domain
Controllers Policy</td></tr>
<tr><td>Audit object access</td><td>No auditing</td><td>Default Domain
Controllers Policy</td></tr>
<tr><td>Audit policy change</td><td>No auditing</td><td>Default Domain
Controllers Policy</td></tr>
<tr><td>Audit privilege use</td><td>No auditing</td><td>Default Domain
Controllers Policy</td></tr>
<tr><td>Audit process tracking</td><td>No auditing</td><td>Default
Domain Controllers Policy</td></tr>
<tr><td>Audit system events</td><td>No auditing</td><td>Default Domain
Controllers Policy</td></tr>
</table>
</div></div><div class="he3"><span class="sectionTitle"
tabindex="0">Local Policies/User Rights Assignment</span><a
class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3"
cellpadding="0" cellspacing="0">
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th
scope="col">Winning GPO</th></tr>
<tr><td>Access this computer from the network</td><td>Administrators,
Authenticated Users, Everyone, ENTERPRISE DOMAIN CONTROLLERS,
Pre-Windows 2000 Compatible Access</td><td>Default Domain Controllers
Policy</td></tr>
<tr><td>Act as part of the operating system</td><td></td><td>Default
Domain Controllers Policy</td></tr>
<tr><td>Add workstations to domain</td><td>Authenticated
Users</td><td>Default Domain Controllers Policy</td></tr>
<tr><td>Adjust memory quotas for a process</td><td>Administrators,
LOCAL SERVICE, NETWORK SERVICE</td><td>Default Domain Controllers
Policy</td></tr>
<tr><td>Allow log on locally</td><td>Account Operators,
Administrators, Backup Operators, Server Operators, Print
Operators</td><td>Default Domain Controllers Policy</td></tr>
<tr><td>Back up files and directories</td><td>Administrators, Backup
Operators, Server Operators</td><td>Default Domain Controllers
Policy</td></tr>
<tr><td>Bypass traverse checking</td><td>Administrators, Authenticated
Users, Everyone, Pre-Windows 2000 Compatible Access</td><td>Default
Domain Controllers Policy</td></tr>
<tr><td>Change the system time</td><td>Administrators, Server
Operators</td><td>Default Domain Controllers Policy</td></tr>
<tr><td>Create a pagefile</td><td>Administrators</td><td>Default
Domain Controllers Policy</td></tr>
<tr><td>Create a token object</td><td></td><td>Default Domain
Controllers Policy</td></tr>
<tr><td>Create global objects</td><td>SERVICE,
Administrators</td><td>Default Domain Controllers Policy</td></tr>
<tr><td>Create permanent shared objects</td><td></td><td>Default
Domain Controllers Policy</td></tr>
<tr><td>Debug programs</td><td>Administrators</td><td>Default Domain
Controllers Policy</td></tr>
<tr><td>Deny access to this computer from the
network</td><td></td><td>Default Domain Controllers Policy</td></tr>
<tr><td>Deny log on as a batch job</td><td></td><td>Default Domain
Controllers Policy</td></tr>
<tr><td>Deny log on as a service</td><td></td><td>Default Domain
Controllers Policy</td></tr>
<tr><td>Deny log on locally</td><td></td><td>Default Domain
Controllers Policy</td></tr>
<tr><td>Enable computer and user accounts to be trusted for
delegation</td><td>Administrators</td><td>Default Domain Controllers
Policy</td></tr>
<tr><td>Force shutdown from a remote system</td><td>Administrators,
Server Operators</td><td>Default Domain Controllers Policy</td></tr>
<tr><td>Generate security audits</td><td>LOCAL SERVICE, NETWORK
SERVICE</td><td>Default Domain Controllers Policy</td></tr>
<tr><td>Impersonate a client after authentication</td><td>SERVICE,
Administrators</td><td>Default Domain Controllers Policy</td></tr>
<tr><td>Increase scheduling
priority</td><td>Administrators</td><td>Default Domain Controllers
Policy</td></tr>
<tr><td>Load and unload device
drivers</td><td>Administrators</td><td>Default Domain Controllers
Policy</td></tr>
<tr><td>Lock pages in memory</td><td></td><td>Default Domain
Controllers Policy</td></tr>
<tr><td>Log on as a batch job</td><td></td><td>Default Domain
Controllers Policy</td></tr>
<tr><td>Log on as a service</td><td></td><td>Default Domain
Controllers Policy</td></tr>
<tr><td>Manage auditing and security
log</td><td>Administrators</td><td>Default Domain Controllers
Policy</td></tr>
<tr><td>Modify firmware environment
values</td><td>Administrators</td><td>Default Domain Controllers
Policy</td></tr>
<tr><td>Profile single process</td><td>Administrators</td><td>Default
Domain Controllers Policy</td></tr>
<tr><td>Profile system
performance</td><td>Administrators</td><td>Default Domain Controllers
Policy</td></tr>
<tr><td>Remove computer from docking
station</td><td>Administrators</td><td>Default Domain Controllers
Policy</td></tr>
<tr><td>Replace a process level token</td><td>LOCAL SERVICE, NETWORK
SERVICE</td><td>Default Domain Controllers Policy</td></tr>
<tr><td>Restore files and directories</td><td>Administrators, Backup
Operators, Server Operators</td><td>Default Domain Controllers
Policy</td></tr>
<tr><td>Shut down the system</td><td>Account Operators,
Administrators, Backup Operators, Server Operators, Print
Operators</td><td>Default Domain Controllers Policy</td></tr>
<tr><td>Synchronize directory service data</td><td></td><td>Default
Domain Controllers Policy</td></tr>
<tr><td>Take ownership of files or other
objects</td><td>Administrators</td><td>Default Domain Controllers
Policy</td></tr>
</table>
</div></div><div class="he3"><span class="sectionTitle"
tabindex="0">Local Policies/Security Options</span><a class="expando"
href="#"></a></div>
<div class="container"><div class="he4h"><span class="sectionTitle"
tabindex="0">Domain Controller</span><a class="expando"
href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3"
cellpadding="0" cellspacing="0">
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th
scope="col">Winning GPO</th></tr>
<tr><td>Domain controller: LDAP server signing
requirements</td><td>None</td><td>Default Domain Controllers
Policy</td></tr>
</table>
</div></div><div class="he4h"><span class="sectionTitle"
tabindex="0">Domain Member</span><a class="expando"
href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3"
cellpadding="0" cellspacing="0">
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th
scope="col">Winning GPO</th></tr>
<tr><td>Domain member: Digitally encrypt or sign secure channel data
(always)</td><td>Enabled</td><td>Default Domain Controllers
Policy</td></tr>
</table>
</div></div><div class="he4h"><span class="sectionTitle"
tabindex="0">Microsoft Network Server</span><a class="expando"
href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3"
cellpadding="0" cellspacing="0">
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th
scope="col">Winning GPO</th></tr>
<tr><td>Microsoft network server: Digitally sign communications
(always)</td><td>Enabled</td><td>Default Domain Controllers
Policy</td></tr>
<tr><td>Microsoft network server: Digitally sign communications (if
client agrees)</td><td>Enabled</td><td>Default Domain Controllers
Policy</td></tr>
</table>
</div></div><div class="he4h"><span class="sectionTitle"
tabindex="0">Network Security</span><a class="expando"
href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3"
cellpadding="0" cellspacing="0">
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th
scope="col">Winning GPO</th></tr>
<tr><td>Network security: Force logoff when logon hours
expire</td><td>Disabled</td><td>Default Domain Policy</td></tr>
<tr><td>Network security: LAN Manager authentication
level</td><td>Send NTLM response only</td><td>Default Domain
Controllers Policy</td></tr>
</table>
</div></div></div><div class="he3"><span class="sectionTitle"
tabindex="0">Public Key Policies/Autoenrollment Settings</span><a
class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3"
cellpadding="0" cellspacing="0">
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th
scope="col">Winning GPO</th></tr>
<tr><td>Enroll certificates
automatically</td><td>Enabled</td><td>[Default setting]</td></tr>
<tr><td colspan="3"><table class="subtable3" cellpadding="0" cellspacing="0">
<tr><td scope="row">Renew expired certificates, update pending
certificates, and remove revoked
certificates</td><td>Disabled</td></tr>
<tr><td scope="row">Update certificates that use certificate
templates</td><td>Disabled</td></tr>
</table></td></tr></table>
</div></div><div class="he3"><span class="sectionTitle"
tabindex="0">Public Key Policies/Encrypting File System</span><a
class="expando" href="#"></a></div>
<div class="container"><div class="he4h"><span class="sectionTitle"
tabindex="0">Properties</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info"
cellpadding="0" cellspacing="0">
<tr><td scope="row"><b>Winning GPO</b></td><td>[Default setting]</td></tr>
</table>
</div><div class="he4i"><table class="subtable" cellpadding="0" cellspacing="0">
<tr><th scope="col">Policy</th><th scope="col">Setting</th></tr>
<tr><td>Allow users to encrypt files using Encrypting File System
(EFS)</td><td>Enabled</td></tr>
</table></div></div><div class="he4h"><span class="sectionTitle"
tabindex="0">Certificates</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3"
cellpadding="0" cellspacing="0"><tr><th scope="col">Issued To</th><th
scope="col">Issued By</th><th scope="col">Expiration Date</th><th
scope="col">Intended Purposes</th><th scope="col">Winning
GPO</th></tr>
<tr><td>Administrator</td><td>Administrator</td><td>3/6/2011 10:44:42
AM</td><td>File Recovery</td><td>Default Domain Policy</td></tr>
</table>
<br/>For additional information about individual settings, launch
Group Policy Object Editor.</div></div></div><div class="he3"><span
class="sectionTitle" tabindex="0">Public Key Policies/Trusted Root
Certification Authorities</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4h"><span class="sectionTitle"
tabindex="0">Properties</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info"
cellpadding="0" cellspacing="0">
<tr><td scope="row"><b>Winning GPO</b></td><td>[Default setting]</td></tr>
</table>
</div><div class="he4i"><table class="subtable" cellpadding="0" cellspacing="0">
<tr><th scope="col">Policy</th><th scope="col">Setting</th></tr>
<tr><td>Allow users to select new root certification authorities (CAs)
to trust</td><td>Enabled</td></tr>
<tr><td>Client computers can trust the following certificate
stores</td><td>Third-Party Root Certification Authorities and
Enterprise Root Certification Authorities</td></tr>
<tr><td>To perform certificate-based authentication of users and
computers, CAs must meet the following criteria</td><td>Registered in
Active Directory only</td></tr>
</table>
</div></div></div></div></div><div class="filler"></div>
<div class="he1_expanded"><span class="sectionTitle"
tabindex="0">Administrative Templates</span><a class="expando"
href="#"></a></div>
<div class="container"><div class="he3"><span class="sectionTitle"
tabindex="0">Extra Registry Settings</span><a class="expando"
href="#"></a></div>
<div class="container"><div class="he4i">Display names for some
settings cannot be found. You might be able to resolve this issue by
updating the .ADM files used by Group Policy
Management.<br/><br/><table class="info3" cellpadding="0"
cellspacing="0">
<tr><th scope="col">Setting</th><th scope="col">State</th><th
scope="col">Winning GPO</th></tr>
<tr><td>SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktop</td><td>1</td><td>Local
Group Policy</td></tr>
</table>
</div></div></div></div>
<div class="filler"></div>
<div class="he0_expanded"><span class="sectionTitle" tabindex="0">User
Configuration</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i">No settings defined.</div></div>
</div>
</body></html>
***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************

Other related posts: