The only reason I can think of why this is the case is that the service's permissions have been mucked up to the point that not even GP can modify its configuration. This can happen. You might want to at using sc.exe with the sdset parameter to try and reset them to something similar to another service. In terms of your other question, try using the /persistent:no option when you map the drive. Darren From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Asaf Efrati Sent: Thursday, August 07, 2008 6:07 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Securing The Network & Messenger Service Hey Darren, I tried a reboot, no go. The gpo is configured correctly and there are no conflicts. I am unsure as to how this service got disabled before. But I can't enable it using Gpo. Another question I have (if its all right in the same thread) Is: how can I determine that if I another work station of one of my users To access my own computer using RUN and entering the full path like so \\192.168.xx.xxx\c$ <file:///\\192.168.xx.xxx\c$> I then enter my admin user and password, when I am done I use the "x" to close the window, My problem is that the next time the user enters his "RUN" command he can use what I entered and access my computer No question asked. How can I disable this auto-credentials saving? Thank you, Asaf Efrati | IT & Security | eToro A 32 Habarzel St. Tel Aviv 69710, Israel M +972 545671587 F +9723 7686712 W www.eToro.com etoro-logo If you have received this email message in error, please notify the sender immediately by telephone or return email and refrain from taking any action relating to the content of the email. Thereafter, please destroy the original message without making a copy. You may not use the content of the email without first obtaining prior written consent from the sender. You may not forward this email to anyone other than the sender for notification purposes. From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia Sent: Tuesday, August 05, 2008 8:22 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Securing The Network & Messenger Service Asaf- Its possible that you could need a reboot for the change to take effect. Darren From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Asaf Efrati Sent: Tuesday, August 05, 2008 10:21 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Securing The Network & Messenger Service Ok, I did the check for some of the computers and the GPO they are getting are from the domain and seems to configure the Messenger part of the gpo correctly But the service stays in "disabled" status. Darren thanks in advance you've been a big help. This goes to the rest too, every question asked And every answer given just serves to increase my Knowledge of this great tool. Thank you, Asaf Efrati | System | eToro A 32 Habarzel St. Tel Aviv 69710, Israel M +972 545671587 F +9723 7686712 W www.eToro.com If you have received this email message in error, please notify the sender immediately by telephone or return email and refrain from taking any action relating to the content of the email. Thereafter, please destroy the original message without making a copy. You may not use the content of the email without first obtaining prior written consent from the sender. You may not forward this email to anyone other than the sender for notification purposes. _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia Sent: Tuesday, August 05, 2008 17:08 To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Securing The Network & Messenger Service You can run GPMC's Results Wizard remotely against a system. From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Asaf Efrati Sent: Tuesday, August 05, 2008 8:47 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Securing The Network & Messenger Service OK thanks, I will try it. Not sure if it will work though, I think I need to disable a few things first. I didn't allow users to open the mmc In author mode. Thank you, Asaf Efrati | System | eToro A 32 Habarzel St. Tel Aviv 69710, Israel M +972 545671587 F +9723 7686712 W www.eToro.com If you have received this email message in error, please notify the sender immediately by telephone or return email and refrain from taking any action relating to the content of the email. Thereafter, please destroy the original message without making a copy. You may not use the content of the email without first obtaining prior written consent from the sender. You may not forward this email to anyone other than the sender for notification purposes. _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia Sent: Tuesday, August 05, 2008 16:40 To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Securing The Network & Messenger Service Run RSOP on those problem systems. See if they think they received the domain policy. If not, then there may be something else going on there. From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Asaf Efrati Sent: Tuesday, August 05, 2008 8:33 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Securing The Network & Messenger Service Ok, so why problem is this, every computer gets the Gpo Etc, but some of the computers still have the service in DISABLED. Shouldn't the gpo change to enable messenger change it to automatic or something? Because I do want to use net send. Thank you, Asaf Efrati | System | eToro A 32 Habarzel St. Tel Aviv 69710, Israel M +972 545671587 F +9723 7686712 W www.eToro.com If you have received this email message in error, please notify the sender immediately by telephone or return email and refrain from taking any action relating to the content of the email. Thereafter, please destroy the original message without making a copy. You may not use the content of the email without first obtaining prior written consent from the sender. You may not forward this email to anyone other than the sender for notification purposes. _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia Sent: Tuesday, August 05, 2008 16:32 To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Securing The Network & Messenger Service Yes, a domain-based GPO would override any local GPO for the service startup type. Darren From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Asaf Efrati Sent: Tuesday, August 05, 2008 5:00 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Securing The Network & Messenger Service In order to allow NET SEND I enabled under the Gpo the messenger service, but strange enough not every computer got the change, or rather the local policy is disabling it. If a service is in "DISABLED" will a Gpo change to enable it will change it? Thank you, Asaf Efrati | System | eToro A 32 Habarzel St. Tel Aviv 69710, Israel M +972 545671587 F +9723 7686712 W www.eToro.com If you have received this email message in error, please notify the sender immediately by telephone or return email and refrain from taking any action relating to the content of the email. Thereafter, please destroy the original message without making a copy. You may not use the content of the email without first obtaining prior written consent from the sender. You may not forward this email to anyone other than the sender for notification purposes. _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia Sent: Tuesday, August 05, 2008 04:41 To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Securing The Network & Messenger Service Sorry-just saw this. What exactly are you doing to allow Net Send? I would guess that allowing net send should have nothing to do with live messenger working or not (unless Live Messenger relies on the Alerter service but if its enabled , that should not impact IM). As for disabling Wireless, you can't really do that as a function of whether it's on your network or not. If you are worried about users connecting to non-corporate WAPs while they are in the office, then GP against XP clients won't help you much. The Wireless Policy that is supported on XP is pretty limited. Vista is better at this. You might be able to do some kind of IPSec tunnel while on the corporate network that prevents non corporate networks from accessing your internal network, but it would take some work. Darren From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Asaf Efrati Sent: Sunday, August 03, 2008 9:05 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Securing The Network & Messenger Service Hey everyone, I am trying to make my network more secure, I tried looking at a few things who left me puzzled as they didn't seem to work. I am trying to enable NET SEND and at the same time deny users the ability to use live messenger, those options didn't work. Further more I am trying to force disabling of Wireless on laptops connected to my network, I didn't find any effective way of doing that through GPO. Any thoughts? Thank you, Asaf Efrati | IT & Security | eToro W www.eToro.com etoro-logo If you have received this email message in error, please notify the sender immediately by telephone or return email and refrain from taking any action relating to the content of the email. Thereafter, please destroy the original message without making a copy. You may not use the content of the email without first obtaining prior written consent from the sender. You may not forward this email to anyone other than the sender for notification purposes.