[gptalk] Re: How to stop Dc From processing the default gpo?

• From: "Asaf Efrati" <asafe@xxxxxxxxxxxxx>
• To: <gptalk@xxxxxxxxxxxxx>
• Date: Mon, 8 Sep 2008 17:55:09 +0300

Hey Alan,

 

Thanks for the replay.

What I mean is this: my dc is processing the default domain gpo INSTEAD of
the gpo I assigned to admin users.

It happens only when I log with the built-in domain account of
"Administrator" but not with my account "XXXXX" which is part of the Domain
admin group and a few other administrative groups.

The built-in "Administrator" account is a member of all the various groups,
all those groups and even the user itself is suppose to get the "Admin Gpo"
since it is forced and filtered by users/groups.

For some reason it doesn't happen, I guess my title was misleading since it
was more "Stop the built-in admin account I use to access my dc from
processing the default gpo" J

 

Thank you,

 

Asaf E | IT & Security | eToro

W www.eToro.com 

etoro-logo 

If you have received this email message in error, please notify the sender
immediately by telephone or return email and refrain from taking any action
relating to the content of the email. 

Thereafter, please destroy the original message without making a copy. You
may not use the content of the email without first obtaining prior written
consent from the sender. 

You may not forward this email to anyone other than the sender for
notification purposes. 

 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Alan & Margaret
Sent: Sunday, September 07, 2008 14:53
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: How to stop Dc From processing the default gpo?

 

Hi Asaf,

 

Just clarifying your statement. you mean that when you log on to the DC as
administrator, you receive all of the user components of the Default domain
GPO, but when you log on as a non administrator, you do not receive the user
components of the default domain GPO. 

 

I am a little confused by the title of your post. it suggests that your aim
is to stop the DC from processing the GPO.. Normally a user logging on to
the Domain Controller would expect the same policies to be applied as when
they log on to a normal machine (unless loopback is enabled)..

 

Have you checked event log to see if there are any messages?

 

Do you get the same behavior logging on to other machines?

 

If you are not getting anything on the event log, I would suggest enabling
detailed logging and check out the UserEnv log. It will at least tell you in
detail what is going on. See http://support.microsoft.com/kb/221833 The log
is a bit cryptic, so if you like, post the UserEnv log and we can look at it
for you

 

 

 

Alan Cuthbertson

 

 

 Policy Management Software (Now with ADMX and Preference support):-

http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml>
&f=pol_summary.shtml

 

ADM Template Editor(Now with ADMX support):-

http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml>
&f=adm_summary.shtml

 

Policy Log Reporter(Free)

http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml>
&f=policyreporter.shtml

 

 

 

  _____  

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Asaf Efrati
Sent: Sunday, 7 September 2008 7:11 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] How to stop Dc From processing the default gpo?

 

Hello,

 

I have a problem with my Gpo processing, for some reason although I have a
forced admin policy with the relevant admin accounts as the security
filtering (schema, domain etc)

For some reason my DC is processing the default domain Gpo when I log in as
administrator but not when I log in with my user.

I can't find any difference between the two.

The default domain Gpo is set to Authenticated users.

Any thoughts and help will be appreciated,

I am afraid to change things because I already had a few problems when
changing things globally J

 

Thank you,

 

Asaf E | IT & Security | eToro

W www.eToro.com 

etoro-logo 

If you have received this email message in error, please notify the sender
immediately by telephone or return email and refrain from taking any action
relating to the content of the email. 

Thereafter, please destroy the original message without making a copy. You
may not use the content of the email without first obtaining prior written
consent from the sender. 

You may not forward this email to anyone other than the sender for
notification purposes. 

 

 

• References:
  • [gptalk] How to stop Dc From processing the default gpo?
    • From: Asaf Efrati
  • [gptalk] Re: How to stop Dc From processing the default gpo?
    • From: Alan & Margaret

Other related posts:

• » [gptalk] How to stop Dc From processing the default gpo?
• » [gptalk] Re: How to stop Dc From processing the default gpo?
• » [gptalk] Re: How to stop Dc From processing the default gpo?

1. Home
2. gptalk
3. Archive
4. 09-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---