List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: Fw: [ActiveDir] Security Group Policy Not Applying

Prev Next

You are not authorized to post a reply.

Author

Messages

AD00000854 User is Offline

Posts:0

09/14/2005 5:45 AM
Hi All, One small query in this regard.. The problem i was facing because of one domain local group added in the restricted group in the default domain controller policy. Can we have global group defined in the restricted groups in the default domain controller policy instead of domain local group ?? Regards, Sudhir Kaushal Systems Engineer (GIS) Computer Sciences Corporation. India - + 91 120 2582323 Ext. 2649 Denmark - + 45 70100024 Ext. 2649 You never win Silver, You lose Gold ---------------------------------------------------------------------------------------- This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. ---------------------------------------------------------------------------------------- ----- Forwarded by Sudhir Kaushal/GIS/CSC on 09/14/2005 11:11 AM ----- Sudhir Kaushal/GIS/CSC @CSC Sent by: ActiveDir-owner 09/14/2005 10:36 AM Please respond to ActiveDir To: ActiveDir@xxxxxxxxxxxxxxxxxx cc: Subject: RE: [ActiveDir] Security Group Policy Not Applying Hi All, Thanks to everyone for guiding me to the solution. It was because of the restricted group policy on the DC's to control the domain group membership. I removed it and updated the GP.and it worked. Have a nice day... :-) Regards, Sudhir Kaushal Systems Engineer (GIS) Computer Sciences Corporation. India - + 91 120 2582323 Ext. 2649 Denmark - + 45 70100024 Ext. 2649 You never win Silver, You lose Gold ---------------------------------------------------------------------------------------- This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. ---------------------------------------------------------------------------------------- "Darren Mar-Elia" Sent by: ActiveDir-owner 09/13/2005 10:29 PM Please respond to ActiveDir To: cc: Subject: RE: [ActiveDir] Security Group Policy Not Applying Unless you are entering the group as free text (i.e. just typing it in). Couple of points here. Using restricted group policy on DCs to control domain group membership is bad news. I would simply avoid it. This particular error indicates that you are trying to add a group to a domain local group that is from another domain, and that this is not allowed--at least not on a domain local group. I would go into the Restricted Groups policies that are applying to your DCs (either linked to the Domain Controllers OU or to the Domain) and figure which policy is doing this. You can also run rsop.msc on the DC in question to see which GPO is delivering the winning restricted groups policy. Darren -----Original Message----- From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of jpsalemi@xxxxxxxxxxxxxxxxxxx Sent: Tuesday, September 13, 2005 6:13 AM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: RE: [ActiveDir] Security Group Policy Not Applying It sounds like a restricted groups policy being attempted wrong.....But, from what I've seen, it won't even let you try that. John Sudhir Kaushal To Sent by: ActiveDir@xxxxxxxxxxxxxxxxxx ActiveDir-owner@m cc ail.activedir.org Subject RE: [ActiveDir] Security Group 09/13/2005 07:39 Policy Not Applying AM Please respond to ActiveDir@xxxxxxx tivedir.org Thanks for the response.. However i have already checked this and all the related policies in win2003 are not defined in my case.. :-( Regards, Sudhir Kaushal Systems Engineer (GIS) Computer Sciences Corporation. India - + 91 120 2582323 Ext. 2649 Denmark - + 45 70100024 Ext. 2649 You never win Silver, You lose Gold ---------------------------------------------------------------------------------------- This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. ---------------------------------------------------------------------------------------- To: Sent by: ActiveDir-owner cc: Subject: RE: [ActiveDir] Security Group Policy Not Applying 09/13/2005 06:00 PM Please respond to ActiveDir http://www.eventid.net/display.asp?eventid=1202&eventno=348&source=SceCli&pha se=1 Look at the 0x4b8 section. HTH Sincerely, DÃ¨jÃ¬ AkÃ³mÃ¶lÃ¡fÃ©, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Sudhir Kaushal Sent: Tue 9/13/2005 5:10 AM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: [ActiveDir] Security Group Policy Not Applying Hi all I'm having an issue with ONE of my DC's (Win2003) not applying a group policy object. in the event viewer of the DC's i'm getting this errors after every 5 min Event id: 1202 "Security policies were propagated with warning. 0x4b8 : An extended error has occurred." When I drill down to the clients winlogon.log file i see the following entry Error 0 to send the control flag 1 over to server. Make a local copy of \\domain.dom\sysvol\domain.dom\Policies\{31B2F340-0160-11D2-945F-00C04FB984F9 }\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf. GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND ) Process GP template gpt00000.dom. This is not the last GPO. The log file also specifies: Warning 2 - The system cannnot find the file specified. cannot find the remote desktop users. Configure the remote desktop users. add \group name Error 8520 - A local group cannot have another cross domain local group as member. Has anyone ever seen this error and/or know what the solution is. Regards, Sudhir Kaushal Systems Engineer (GIS) Computer Sciences Corporation. India - + 91 120 2582323 Ext. 2649 Denmark - + 45 70100024 Ext. 2649 "You never win Silver, You lose Gold" ----------------------------------------------------------------------------- ----------- This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. ----------------------------------------------------------------------------- ----------- List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ .+-wi0-+Ö¬@Bm+v*ËŠEÖ«rzm Vry&-4ibb

You are not authorized to post a reply.

Forums >ActiveDir Mail List Archive >List Archives > Fw: [ActiveDir] Security Group Policy Not Applying

ActiveForums 3.7

Syndicate

Friends

List Archives

List Archives

Friends

Members

Articles

Related Links

Ads