[THIN] Re: POLEDIT policy in an Active Directory

  • From: "Sullivan, Glenn" <GSullivan@xxxxxxxxxxxxxx>
  • To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
  • Date: Tue, 16 Jul 2002 15:07:05 -0400

If you are implying that the policies are being overridden by a different
policy, I don't think that is the case...

The problem is, the policy is not applied at all.  As I mentioned, I turned
on Object Access Auditing on that folder (success and failure), and there is
no successful or failed access to this file during logon...

But at lest you are confirming that (theoretically) it SHOULD work, since I
have not changed to Native Mode (still have at least one fully functional
NT4 BDC).

I will start with a reboot tonight (since I cannot confirm that the TS has
been rebooted since the AD came up) and go from there.

Thanks for all the advice,

Glenn Sullivan, MCSE+I  MCDBA
David Clark Company Inc.


-----Original Message-----
From: Ryan Gorman [mailto:Ryan@xxxxxxxxxxxxxx]
Sent: Tuesday, July 16, 2002 1:46 PM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: POLEDIT policy in an Active Directory


I can't see me previous post about "did you change your AD mode to Native"
just yet but check the last line of the following extract (I've posted this
before - it's a good document)


<extract>

How Policies Apply to Clients with Different Operating Systems
If you have a Windows NT 4.0 client in a workgroup or a domain, the only
policies that can apply are downlevel Windows NT 4.0 policy (POL) file
policies. 

If you have a standalone Windows 2000 client or member server, policies are
evaluated in the following order: 

Downlevel Windows NT 4.0 policy (POL) file 
Windows 2000 local GPO 
If you have a Windows 2000 client or member server in a mixed-mode domain,
policies are evaluated in the following order: 

Downlevel Windows NT 4.0 policy (POL) file 
Windows 2000 local GPO 
Site GPOs in priority order 
Domain GPOs in priority order 
Organizational Unit GPOs in priority order, applied in a hierarchical
fashion down the tree ending with the Organizational Unit that the computer
or user resides in 
As this extends the LSDOU process to include Windows NT 4.0 system policies,
this process is commonly written as 4LSDOU. 

If you have a Windows 2000 client or member server in a native-mode domain,
policies are evaluated in LSDOU order. 
</extract>

http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechn
ol/windows2000serv/maintain/gpo.asp

Ryan, not even a MCP but NT since 1996

-----Original Message-----
From: Sullivan, Glenn [mailto:GSullivan@xxxxxxxxxxxxxx] 
Sent: 16 July 2002 14:56
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] POLEDIT policy in an Active Directory


I am pulling my hair out here...

I had an NT4 domain.  My Win2K terminal server was happily pulling a unique
policy file from my file server, from a non-NETLOGON share.

Upgrade the NT4 domain to Active Directory...

Now it appears that the policy files in this unique location are not being
applied.  I double checked the NetworkPath and UpdateMode entries in the
registry, and they still point to the correct location, and UpdateMode is
still 2 (manual update).  But the policy is not being applied.

I turned on auditing on the folder where the policy file lives, and there
aren't even any failed Object Access audits; it is just ignoring the
registry settings completely!

Frankly, I intend to replace these with Group Policy, but wanted to do so
carefully, so I wanted to continue with my "Tried and tested" .POL files for
now.  Anyone have any suggestions?

BTW, I have not modified the default domain policy at all, and this TS is
currently in the "Computers" OU, with no special GPO's applied.  Vanilla
Active Directory install...

Thanks in advance,

Glenn Sullivan, MCSE+I  MCDBA
David Clark Company Inc.


________________________________________________________________________
This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________



===================================
This weeks Sponsor:
triCerat, Inc
ScrewDrivers fxp: Self Configuring Printer Driver with Bandwidth Control
Learn more at:
http://www.tricerat.com/?page=products&product=sdfxp

===================================
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm



===================================
This weeks Sponsor:
triCerat, Inc
ScrewDrivers fxp: Self Configuring Printer Driver with Bandwidth Control
Learn more at:
http://www.tricerat.com/?page=products&product=sdfxp

===================================
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm

Other related posts: