[win2kforum] Re: Repost of order of Policies and profiles
- From: Mitch <wuzzle1@xxxxxxxxx>
- To: win2kforum@xxxxxxxxxxxxx
- Date: Fri, 4 May 2001 00:00:07 -0700 (PDT)
It is unfortunately when techspeak is spouted and even
worse when it is misleading. Nesting of OU's is
allowed in both mixed mode and native mode, perhaps
Mr. Kramer meant group nesting which is only allowed
in native mode.
--- "L.W. Kramer" <lwkramer@xxxxxxxxxx> wrote:
>
> Search for white papers on GPO's on
> msdn.microsoft.com.
> Remember that nt4 and 9x machines behave exactly as
> they did before - Group
> policies do not apply to them. They use the old
> system policies on the
> NETLOGON share. Some exceptions to this are the IE
> settings which are
> picked up as if you had used the IEAK to set up IE
> configurations.
>
> Also remember that "Nested" OU's (and thus
> hierarchical inheritance of
> GPO's) are not in effect until you switch the system
> to Native mode. Along
> those lines, bear in mind that the MS-recommended
> topology for Exchange
> 2000 to support nt/9x users is to put the ex2000 box
> in it's own CHILD
> domain in Native mode, and let it trust the parent
> mixed mode domain which
> can support ex5.0 boxes that do not understand
> distribution groups...
> pretty hokey.
>
> For your 9x clients you MUST still use the old
> 'system policies' (poledit),
> and the 9x policies MUST be created on a 9x box. the
> only advantage to
> using an 2k server is that the Netlogon share is now
> part of the sysvol, as
> far as replication is concerned. This simplifies
> some of the admin
> nightmare, and you can more safely use %LOGONSERVER%
> as the path to the
> profiles if you place the profiles directory in the
> sysvol as well.
>
> L.
>
>
>
> >I posted this some time ago. Someone suggested that
> I past it again since I
> >did not get a response and it might have been
> missed.
> >
> >
> >
> >From: "Robert Davis" <sniper_lt@xxxxxxxxxxx>
> >Subject: [win2kforum] Order of priority between
> Polices and profiles
> >Date: Fri, 27 Apr 2001 20:15:08 -0000
> >
> >
> >I run a network with a win2k server connected to a
> 100Base-T network with 25
> >win98 clients. I have set a the registry of all the
> clients to validate user
> >logons to the network with the server.
> >
> >I have been trying to set up group policies for my
> users. I followed the
> >instructions at
> www.elkanter.net/security/security.htm. This is and
> >excellent tutorial on using system policy editor
> written by Stacey
> >Anderson-Redick.
> >
> >She start by saying that you need to edit the
> registry of each machine to
> >allow remote updates.
> >
> >I did that to 3 test machines.
> >
> >Then enable user profiles on each machines.
> >
> >I did that.
> >
> >Then she suggest creating and test user with only
> one setting that is to set
> >the windows wallpaper to sandstone.bmp. Then save
> that to a config.pol file
> >and copy it to the netlogon share of the server.
> This is just to test that
> >the config.pol file is being copied to the registry
> of the client. Then log
> >on as that test user to see if the wallpaper
> changed to sandstone.bmp
> >
> >I did that.
> >
> >The problem is that when I logged on as that test
> user. The wallpaper
> >changed briefly to sandstone. then changed back to
> the default light green
> >wall paper that I have every machine set to.
> >
> >I thought that maybe that user policy was being
> overridden but something
> >else.
> >
> >At www.globetrotting.com/winnt.pol.html its says
> the the "pecking order"
> >for Systems Policies is.
> >" 1. Machine, Machine Policies can over wrote the
> User/Group setting"
> >" 2. User, User Policies completely bypass Group
> policies( no precedence,
> >just replacement)"
> >" 3. Group..."
> >" 4. All of these can overide Profile Settings."
> >
> >Can someone tell me if this order is true?
> >
> >If this is true might it be that something in the
> local machine registry is
> >overiding the test users' policy and that is why
> the wallpaper is changing
> >back to light green default?
> >
> >I checked the local machine setting with systems
> policy editor and there is
> >no setting (check mark) for wall paper in the local
> machine setting.
> >
> >So I am stumped.
> >
> >TIA. Doing this is imperative so I can keep the
> users of my machines from
> >"customizing" the machines to there preferences and
> then another user in
> >another class comes along and his whole setup is
> different from the
> >teachers' machine.
> >
> >
>
>_________________________________________________________________
> >Get your FREE download of MSN Explorer at
> http://explorer.msn.com
> >
> >-----
> >
> >To unsubscribe, send a message to
> win2kforum-request@xxxxxxxxxxxxx and put
> >"unsubscribe" in the subject of the message.
> >To reach the administrator(s), send a message to
> >win2kforum-admins@xxxxxxxxxxxxxx
>
>
> -----
>
> To unsubscribe, send a message to
> win2kforum-request@xxxxxxxxxxxxx and put
> "unsubscribe" in the subject of the message.
> To reach the administrator(s), send a message to
win2kforum-admins@xxxxxxxxxxxxxx
__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/
-----
To unsubscribe, send a message to win2kforum-request@xxxxxxxxxxxxx and put
"unsubscribe" in the subject of the message.
To reach the administrator(s), send a message to
win2kforum-admins@xxxxxxxxxxxxxx
Other related posts:
