Toon posts:

Group policies worden niet voor alle gebruikers geupdate

Pagina: 1
Acties:

maandag 14 december 2009 09:39

Acties:
  • lawkexarib
  • Registratie: Maart 2009
  • Laatst online: 28-11-2025

lawkexarib

Topicstarter
Goedenmorgen allemaal,

Zoals de naam van de topic al aangeeft, loop ik tegen een aparte probleem aan.

Onze omgeving:
Servers: Windows server 2008 R2 x64
Clients: Windows Vista SP1 & SP2 x86


In AD heb ik een groep aangemaakt (workshopgebruikers) en er zitten 6 gebruikers in deze groep. Voor deze groep heb ik een aparte OU aangemaakt om het overzicht te houden. Vervolgens link ik aan de workshopOU een GPO met wat instelling. Hierbij maak ik gebruik van user configuration en dan preferences.

Voor alle gebruikers heb ik een snelkoppeling aangemaakt gebaseerd op user-profiel. Dat wil zeggen, wanneer een workshopgebruiker ergens inlogt, dan krijgt hij op zijn bureaublad een snelkoppeling naar een bestand op het netwerk. Tot zover gaat het iig goed. Maar wanneer ik een extra snelkoppeling toevoeg of deze extra snelkoppeling aanpas, dan geldt deze aanpassing blijkbaar niet voor alle gebruikers...

Ik zie bij workshopgebruiker6 2 snelkoppeling op bureaublad. Eentje van deze snelkoppeling doet het niet. Bij workshopgebruiker2 zie ik netjes 2 snelkoppeling en beide doen het wel.

Ik hoop dat mijn verhaal duidelijk is.

Ik hoor graag jullie reacties waar ik kan zoeken of ik iets over het hoofd zie.

Mvg

maandag 14 december 2009 09:42

Acties:
  • ksmedts
  • Registratie: Januari 2002
  • Laatst online: 16-12-2021

ksmedts

heb je al eens geprobeerd de nieuwe gpo's geforceerd te laden met gpupdate /force

maandag 14 december 2009 09:43

Acties:
  • m3gA
  • Registratie: Juni 2002
  • Laatst online: 27-01 15:58

m3gA

Probeer eens een result met GPMC te draaien? kijken wat er mis gaat. Wat staat er in de eventlog?

maandag 14 december 2009 09:44

Acties:
  • lawkexarib
  • Registratie: Maart 2009
  • Laatst online: 28-11-2025

lawkexarib

Topicstarter
Hallo Ab_dullah,

Bedankt voor jouw reactie. Ik heb idd meerdere malen geforceerd. Iedere keer als ik iets wijzig, dan voer ik volgende commando op de server uit: gpupdate /force. Hierna word ik uitgelogd en op deze client voer ik het zelfde uit.
Sorry dat het niet erbij stond.

maandag 14 december 2009 09:45

Acties:

Verwijderd

worden alle policies wel ingeladen?

gpresult /v , evt output naar een txt: gpresult /v > c:\gpresult.txt

maandag 14 december 2009 09:46

Acties:
  • jjbstolk
  • Registratie: September 2001
  • Laatst online: 19:31

jjbstolk

gpresult gedraaid? Kan je precies wat wel niet wordt uitgevoerd!

maandag 14 december 2009 10:14

Acties:
  • lawkexarib
  • Registratie: Maart 2009
  • Laatst online: 28-11-2025

lawkexarib

Topicstarter
Hallo allemaal,

Zojuist heb ik gpresults gedraaid, maar vreemd genoeg zie ik helemaal geen workshopOU tussen staan, terwijl ik deze wel tussen heb staan. hieronder een foto van de tree:

Afbeeldingslocatie: http://img442.imageshack.us/img442/4021/gpresults.jpg


Hieronder staan hele gpresults


***=bedrijfsnaam


Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 14-12-2009 at 9:58:55


RSOP data for *****\administrator on DC02 : Logging Mode
---------------------------------------------------------

OS Configuration: Primary Domain Controller
OS Version: 6.1.7600
Site Name: Default-First-Site-Name
Roaming Profile: N/A
Local Profile: C:\Users\mohamed
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
CN=DC02,OU=Domain Controllers,DC=InfoReports,DC=local
Last time Group Policy was applied: 14-12-2009 at 9:55:06
Group Policy was applied from: DC02.InfoReports.local
Group Policy slow link threshold: 500 kbps
Domain Name: INFOREPORTS
Domain Type: Windows 2000

Applied Group Policy Objects
-----------------------------
Small Business Server Auditing Policy
Default Domain Controllers Policy
Small Business Server Folder Redirection
Small Business Server Client Computer
Small Business Server Domain Password Policy
Small Business Server Remote Assistance Policy
Small Business Server Lockout Policy
Default Domain Policy

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Small Business Server Internet Connection Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PreSP2

Local Group Policy
Filtering: Not Applied (Empty)

Small Business Server Windows Firewall
Filtering: Disabled (GPO)

The computer is a part of the following security groups
-------------------------------------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
Terminal Server License Servers
Windows Authorization Access Group
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
This Organization
DC02$
Domain Controllers
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
Denied RODC Password Replication Group
System Mandatory Level

Resultant Set Of Policies for Computer
---------------------------------------

Software Installations
----------------------
N/A

Startup Scripts
---------------
N/A

Shutdown Scripts
----------------
N/A

Account Policies
----------------
GPO: Default Domain Policy
Policy: MaxRenewAge
Computer Setting: 7

GPO: Small Business Server Lockout Policy
Policy: LockoutDuration
Computer Setting: 10

GPO: Small Business Server Domain Password Policy
Policy: MaximumPasswordAge
Computer Setting: 42

GPO: Small Business Server Domain Password Policy
Policy: MinimumPasswordAge
Computer Setting: N/A

GPO: Small Business Server Lockout Policy
Policy: ResetLockoutCount
Computer Setting: 10

GPO: Default Domain Policy
Policy: MaxServiceAge
Computer Setting: 600

GPO: Small Business Server Lockout Policy
Policy: LockoutBadCount
Computer Setting: 50

GPO: Default Domain Policy
Policy: MaxClockSkew
Computer Setting: 5

GPO: Default Domain Policy
Policy: MaxTicketAge
Computer Setting: 10

GPO: Small Business Server Domain Password Policy
Policy: PasswordHistorySize
Computer Setting: 24

GPO: Small Business Server Domain Password Policy
Policy: MinimumPasswordLength
Computer Setting: 7

Audit Policy
------------
GPO: Default Domain Controllers Policy
Policy: AuditPolicyChange
Computer Setting: Success

GPO: Default Domain Controllers Policy
Policy: AuditAccountManage
Computer Setting: Success

GPO: Default Domain Controllers Policy
Policy: AuditObjectAccess
Computer Setting: No Auditing

GPO: Small Business Server Auditing Policy
Policy: AuditDSAccess
Computer Setting: No Auditing

GPO: Default Domain Controllers Policy
Policy: AuditPrivilegeUse
Computer Setting: No Auditing

GPO: Default Domain Controllers Policy
Policy: AuditProcessTracking
Computer Setting: No Auditing

GPO: Default Domain Controllers Policy
Policy: AuditAccountLogon
Computer Setting: Success

GPO: Small Business Server Auditing Policy
Policy: AuditLogonEvents
Computer Setting: Success, Failure

GPO: Default Domain Controllers Policy
Policy: AuditSystemEvents
Computer Setting: Success

User Rights
-----------
GPO: Default Domain Controllers Policy
Policy: SyncAgentPrivilege
Computer Setting: N/A

GPO: Default Domain Controllers Policy
Policy: MachineAccountPrivilege
Computer Setting: Authenticated Users

GPO: Default Domain Controllers Policy
Policy: ChangeNotifyPrivilege
Computer Setting: Pre-Windows 2000 Compatible Access
Authenticated Users
Administrators
Everyone
****\SQLServer2005DTSUser$DC01
****\SQLServer2005SQLAgentUser$DC01$MSSQLSERVER
****\SQLServer2005MSSQLUser$DC01$MSSQLSERVER
****\SQLServer2005MSFTEUser$DC01$MSSQLSERVER
****\SQLServer2005MSSQLUser$DC01$MICROSOFT##SSEE

GPO: Default Domain Controllers Policy
Policy: IncreaseBasePriorityPrivilege
Computer Setting: Administrators

GPO: Default Domain Controllers Policy
Policy: CreateTokenPrivilege
Computer Setting: N/A

GPO: Default Domain Controllers Policy
Policy: TakeOwnershipPrivilege
Computer Setting: Administrators

GPO: Default Domain Controllers Policy
Policy: DenyInteractiveLogonRight
Computer Setting: ****\SBS STS Worker
****\SUPPORT_388945a0
****\SBS Remote Operators
****\SQLDebugger

GPO: Default Domain Controllers Policy
Policy: RestorePrivilege
Computer Setting: Server Operators
Backup Operators
Administrators

GPO: Default Domain Controllers Policy
Policy: DebugPrivilege
Computer Setting: Administrators

GPO: Default Domain Controllers Policy
Policy: SystemTimePrivilege
Computer Setting: Server Operators
Administrators
LOCAL SERVICE

GPO: Default Domain Controllers Policy
Policy: SecurityPrivilege
Computer Setting: Administrators
****\Exchange Enterprise Servers
****\Exchange Servers

GPO: Default Domain Controllers Policy
Policy: ShutdownPrivilege
Computer Setting: Print Operators
Server Operators
Backup Operators
Administrators

GPO: Default Domain Controllers Policy
Policy: AuditPrivilege
Computer Setting: NETWORK SERVICE
LOCAL SERVICE

GPO: Default Domain Controllers Policy
Policy: InteractiveLogonRight
Computer Setting: ****\IUSR_DC01
Print Operators
Server Operators
Account Operators
Backup Operators
Administrators
****\IUSR_SBS01

GPO: Default Domain Controllers Policy
Policy: CreatePagefilePrivilege
Computer Setting: Administrators

GPO: Default Domain Controllers Policy
Policy: DenyNetworkLogonRight
Computer Setting: ****\SUPPORT_388945a0

GPO: Default Domain Controllers Policy
Policy: BatchLogonRight
Computer Setting: ***\Administrator
***\SQLServer2005MSFTEUser$DC01$MSSQLSERVER
***\IUSR_DC01
***\SUPPORT_388945a0
***\IIS_WPG
***\IWAM_SBS01
INFOREPORTS\IUSR_SBS01
LOCAL SERVICE
***\SQLDebugger
***\IWAM_DC01
***\SQLServer2005SQLAgentUser$DC01$MSSQLSERVER
***\SQLServer2005MSSQLUser$DC01$MSSQLSERVER
***\SQLServer2005MSSQLUser$DC01$MICROSOFT##SSEE

GPO: Default Domain Controllers Policy
Policy: LockMemoryPrivilege
Computer Setting: N/A

GPO: Default Domain Controllers Policy
Policy: NetworkLogonRight
Computer Setting: ***\IUSR_DC01
Pre-Windows 2000 Compatible Access
ENTERPRISE DOMAIN CONTROLLERS
Authenticated Users
Administrators
***\IWAM_SBS01
***\IUSR_SBS01
Everyone
***\IWAM_DC01

GPO: Default Domain Controllers Policy
Policy: CreatePermanentPrivilege
Computer Setting: N/A

GPO: Default Domain Controllers Policy
Policy: SystemProfilePrivilege
Computer Setting: Administrators

GPO: Default Domain Controllers Policy
Policy: TcbPrivilege
Computer Setting: N/A

GPO: Default Domain Controllers Policy
Policy: DenyBatchLogonRight
Computer Setting: N/A

GPO: Default Domain Controllers Policy
Policy: ServiceLogonRight
Computer Setting: ***\IUSR_DC01
***\SQLServer2005ReportServerUser$DC01$MSSQLSERVER
***\SQLServer2005MSOLAPUser$DC01$MSSQLSERVER
***\SQLServer2005MSFTEUser$DC01$MSSQLSERVER
***\SQLServer2005SQLBrowserUser$DC01
NETWORK SERVICE
***\Administrator
***\SQLServer2005DTSUser$DC01
***\SQLServer2005SQLAgentUser$DC01$MSSQLSERVER
***\SQLServer2005MSSQLUser$DC01$MSSQLSERVER
***\SQLServer2005NotificationServicesUser$DC01
***\BTUser
***\SQLServer2005MSSQLUser$DC01$MICROSOFT##SSEE

GPO: Default Domain Controllers Policy
Policy: RemoteShutdownPrivilege
Computer Setting: Server Operators
Administrators

GPO: Default Domain Controllers Policy
Policy: BackupPrivilege
Computer Setting: Server Operators
Backup Operators
Administrators

GPO: Default Domain Controllers Policy
Policy: EnableDelegationPrivilege
Computer Setting: Administrators

GPO: Default Domain Controllers Policy
Policy: UndockPrivilege
Computer Setting: Administrators

GPO: Default Domain Controllers Policy
Policy: SystemEnvironmentPrivilege
Computer Setting: Administrators

GPO: Default Domain Controllers Policy
Policy: DenyServiceLogonRight
Computer Setting: N/A

GPO: Default Domain Controllers Policy
Policy: LoadDriverPrivilege
Computer Setting: Print Operators
Administrators

GPO: Default Domain Controllers Policy
Policy: IncreaseQuotaPrivilege
Computer Setting: ***\SQLServer2005SQLAgentUser$DC01$MSSQLSERVER
***\IWAM_DC01
Administrators
***\IWAM_SBS01
NETWORK SERVICE
LOCAL SERVICE
***\SQLServer2005MSSQLUser$DC01$MSSQLSERVER
***\SQLServer2005MSFTEUser$DC01$MSSQLSERVER
***\SQLServer2005MSSQLUser$DC01$MICROSOFT##SSEE

GPO: Default Domain Controllers Policy
Policy: ProfileSingleProcessPrivilege
Computer Setting: Administrators

GPO: Default Domain Controllers Policy
Policy: AssignPrimaryTokenPrivilege
Computer Setting: ***\SQLServer2005MSFTEUser$DC01$MSSQLSERVER
***\IWAM_DC01
***\IWAM_SBS01
NETWORK SERVICE
LOCAL SERVICE
***\SQLServer2005SQLAgentUser$DC01$MSSQLSERVER
***\SQLServer2005MSSQLUser$DC01$MSSQLSERVER
***\SQLServer2005MSSQLUser$DC01$MICROSOFT##SSEE

Security Options
----------------
GPO: Small Business Server Domain Password Policy
Policy: PasswordComplexity
Computer Setting: Not Enabled

GPO: Small Business Server Domain Password Policy
Policy: ClearTextPassword
Computer Setting: Not Enabled

GPO: Default Domain Policy
Policy: ForceLogoffWhenHourExpire
Computer Setting: Not Enabled

GPO: Default Domain Policy
Policy: RequireLogonToChangePassword
Computer Setting: Not Enabled

GPO: Default Domain Policy
Policy: TicketValidateClient
Computer Setting: Enabled

GPO: Default Domain Controllers Policy
Policy: @wsecedit.dll,-59059
ValueName: MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel
Computer Setting: 2

GPO: Default Domain Controllers Policy
Policy: @wsecedit.dll,-59013
ValueName: MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity
Computer Setting: 1

GPO: Default Domain Controllers Policy
Policy: @wsecedit.dll,-59043
ValueName: MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature
Computer Setting: 1

GPO: Default Domain Controllers Policy
Policy: @wsecedit.dll,-59044
ValueName: MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature
Computer Setting: 1

GPO: Default Domain Controllers Policy
Policy: @wsecedit.dll,-59018
ValueName: MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal
Computer Setting: 1

Event Log Settings
------------------
N/A

Restricted Groups
-----------------
N/A

System Services
---------------
N/A

Registry Settings
-----------------
N/A

File System Settings
--------------------
N/A

Public Key Policies
-------------------
N/A

Administrative Templates
------------------------
GPO: Small Business Server Remote Assistance Policy
KeyName: software\policies\microsoft\windows NT\Terminal Services\RAUnsolicit\***\Domain Admins
Value: 73, 0, 78, 0, 70, 0, 79, 0, 82, 0, 69, 0, 80, 0, 79, 0, 82, 0, 84, 0, 83, 0, 92, 0, 68, 0, 111, 0, 109, 0, 97, 0, 105, 0, 110, 0, 32, 0, 65, 0, 100, 0, 109, 0, 105, 0, 110, 0, 115, 0, 0, 0
State: Enabled

GPO: Small Business Server Client Computer
KeyName: software\microsoft\windows nt\currentversion\winlogon\SyncForegroundPolicy
Value: 1, 0, 0, 0
State: Enabled

GPO: Default Domain Controllers Policy
KeyName: Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled
Value: 1, 0, 0, 0
State: Enabled

GPO: Default Domain Controllers Policy
KeyName: Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\DefaultLevel
Value: 0, 0, 4, 0
State: Enabled

GPO: Default Domain Controllers Policy
KeyName: Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{191cd7fa-f240-4a17-8986-94d480a6c8ca}\SaferFlags
Value: 0, 0, 0, 0
State: Enabled

GPO: Default Domain Controllers Policy
KeyName: Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{d2c34ab2-529a-46b2-b293-fc853fce72ea}\SaferFlags
Value: 0, 0, 0, 0
State: Enabled

GPO: Default Domain Controllers Policy
KeyName: Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{7272edfb-af9f-4ddf-b65b-e4282f2deefc}\SaferFlags
Value: 0, 0, 0, 0
State: Enabled

GPO: Default Domain Controllers Policy
KeyName: Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\PolicyScope
Value: 1, 0, 0, 0
State: Enabled

GPO: Small Business Server Client Computer
KeyName: software\microsoft\windows\currentversion\policies\explorer\NoWelcomeScreen
Value: 1, 0, 0, 0
State: Enabled

GPO: Small Business Server Client Computer
KeyName: software\policies\microsoft\windows\network connections\NC_AllowNetBridge_NLA
Value: 0, 0, 0, 0
State: Enabled

GPO: Default Domain Controllers Policy
KeyName: Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{191cd7fa-f240-4a17-8986-94d480a6c8ca}\Description
Value: 0, 0
State: Enabled

GPO: Default Domain Controllers Policy
KeyName: Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{8868b733-4b3a-48f8-9136-aa6d05d4fc83}\Description
Value: 0, 0
State: Enabled

GPO: Default Domain Controllers Policy
KeyName: Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{d2c34ab2-529a-46b2-b293-fc853fce72ea}\Description
Value: 0, 0
State: Enabled

GPO: Default Domain Controllers Policy
KeyName: Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{7272edfb-af9f-4ddf-b65b-e4282f2deefc}\Description
Value: 0, 0
State: Enabled

GPO: Small Business Server Remote Assistance Policy
KeyName: software\policies\microsoft\windows NT\Terminal Services\fAllowUnsolicitedFullControl
Value: 1, 0, 0, 0
State: Enabled

GPO: Small Business Server Remote Assistance Policy
KeyName: software\policies\microsoft\windows NT\Terminal Services\fAllowUnsolicited
Value: 1, 0, 0, 0
State: Enabled

GPO: Default Domain Controllers Policy
KeyName: Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{8868b733-4b3a-48f8-9136-aa6d05d4fc83}\SaferFlags
Value: 0, 0, 0, 0
State: Enabled

GPO: Small Business Server Client Computer
KeyName: software\policies\microsoft\windows\network connections\NC_ShowSharedAccessUI
Value: 0, 0, 0, 0
State: Enabled


USER SETTINGS
--------------
CN=*** ****,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=***,DC=local
Last time Group Policy was applied: 14-12-2009 at 8:07:03
Group Policy was applied from: DC02.***.local
Group Policy slow link threshold: 500 kbps
Domain Name: ***
Domain Type: Windows 2000

Applied Group Policy Objects
-----------------------------
Small Business Server Folder Redirection
Default Domain Policy

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Small Business Server Internet Connection Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PreSP2

Small Business Server Remote Assistance Policy
Filtering: Disabled (GPO)

Local Group Policy
Filtering: Not Applied (Empty)

Small Business Server Lockout Policy
Filtering: Disabled (GPO)

Small Business Server Client Computer
Filtering: Not Applied (Empty)

Small Business Server Domain Password Policy
Filtering: Not Applied (Empty)

Small Business Server Windows Firewall
Filtering: Disabled (GPO)

The user is a part of the following security groups
---------------------------------------------------
Domain Users
Everyone
Account Operators
Distributed COM Users
Remote Desktop Users
BUILTIN\Administrators
BUILTIN\Users
Print Operators
REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
BEHEER01_Software$ (MERLW)
NFU01_Local Admin
BEHEER01_Local Admin
NFU02_Local Admin
MAIL01_Local Admin
Server Admin
VPN Access
*** Support Group
PS01_Local Admin
TS01_Local Admin
FS01_Local Admin
Domain Admins
***BusinessI
Enterprise Admins
Virtual Server Administrators
SBS Mobile Users
Iedereen
SQL Server Administrators
Web Workplace Users
SBS Report Users
ReportingGroup {09388198-dc3b-4501-ae4d-234be7468469}
CERTSVC_DCOM_ACCESS
Denied RODC Password Replication Group
Offer Remote Assistance Helpers
UserGroup {09388198-dc3b-4501-ae4d-234be7468469}
ReportingGroup {4343ebcf-5cbf-437a-aa49-8de03d728f89}
UserGroup {4343ebcf-5cbf-437a-aa49-8de03d728f89}
High Mandatory Level

The user has the following security privileges
----------------------------------------------

Bypass traverse checking
Manage auditing and security log
Back up files and directories
Restore files and directories
Change the system time
Shut down the system
Force shutdown from a remote system
Take ownership of files or other objects
Debug programs
Modify firmware environment values
Profile system performance
Profile single process
Increase scheduling priority
Load and unload device drivers
Create a pagefile
Adjust memory quotas for a process
Remove computer from docking station
Perform volume maintenance tasks
Impersonate a client after authentication
Create global objects
Change the time zone
Create symbolic links
Enable computer and user accounts to be trusted for delegation
Increase a process working set
Add workstations to domain

Resultant Set Of Policies for User
-----------------------------------

Software Installations
----------------------
N/A

Logon Scripts
-------------
N/A

Logoff Scripts
--------------
N/A

Public Key Policies
-------------------
N/A

Administrative Templates
------------------------
N/A

Folder Redirection
------------------
N/A

Internet Explorer Browser User Interface
----------------------------------------
GPO: Default Domain Policy
Large Animated Bitmap Name: N/A
Large Custom Logo Bitmap Name: N/A
Title BarText: N/A
UserAgent Text: N/A
Delete existing toolbar buttons: No

Internet Explorer Connection
----------------------------
HTTP Proxy Server: N/A
Secure Proxy Server: N/A
FTP Proxy Server: N/A
Gopher Proxy Server: N/A
Socks Proxy Server: N/A
Auto Config Enable: No
Enable Proxy: No
Use same Proxy: No

Internet Explorer URLs
----------------------
GPO: Default Domain Policy
Home page URL: N/A
Search page URL: N/A
Online support page URL: N/A

Internet Explorer Security
--------------------------
Always Viewable Sites: N/A
Password Override Enabled: False

GPO: Default Domain Policy
Import the current Content Ratings Settings: No
Import the current Security Zones Settings: No
Import current Authenticode Security Information: No
Enable trusted publisher lockdown: No

Internet Explorer Programs
--------------------------
GPO: Default Domain Policy
Import the current Program Settings: No


Ik hoor graag jullie reacties.


Mvg

maandag 14 december 2009 10:43

Acties:

Verwijderd

ga eens stoeien met de modeling wizard en de group policy results.

kijk ook naar de instellingen zoals rechten, link enabled, block inherritance

maandag 14 december 2009 12:07

Acties:
  • lawkexarib
  • Registratie: Maart 2009
  • Laatst online: 28-11-2025

lawkexarib

Topicstarter
Hallo X.ExceL,

Heb de modeling wizard gedraaid en deze gaf de volgende foutmelding:

the client-side caught the unhandled exception 0x00000000C000005 inside: threadentry: client main: see trace file for more details.

Ik heb net even gegoogled, maar deze vind niets...

Overigens, bedankt voor deze tip, want deze feature kende ik niet :)

maandag 14 december 2009 13:41

Acties:
  • Question Mark
  • Registratie: Mei 2003
  • Laatst online: 01-02 16:06

Question Mark

Moderator SSC/WOS

F7 - Nee - Ja

lawkexarib schreef op maandag 14 december 2009 @ 09:39:
In AD heb ik een groep aangemaakt (workshopgebruikers) en er zitten 6 gebruikers in deze groep. Voor deze groep heb ik een aparte OU aangemaakt om het overzicht te houden. Vervolgens link ik aan de workshopOU een GPO met wat instelling. Hierbij maak ik gebruik van user configuration en dan preferences.
Gaat niet werken. GPO's worden toegepast op (de lokatie van) userobjecten, niet op (de lokatie van) groepen waar een userobject lid van is.

Je kunt dit oplossen door het GPO toe te passen op de OU waar de userobjecten zich bevinden en dan security-filtering zo instellen dat deze GPO enkel toegepast wordt op de groep "workshopgebruikers".

MCSE NT4/2K/2K3, MCTS, MCITP, CCA, CCEA, CCEE, CCIA, CCNA, CCDA, CCNP, CCDP, VCP, CEH + zwemdiploma A & B

maandag 14 december 2009 14:51

Acties:
  • lawkexarib
  • Registratie: Maart 2009
  • Laatst online: 28-11-2025

lawkexarib

Topicstarter
Hallo Questoin Mark,

Ik heb je reactie meerdere malen gelezen, maar begrijp toch niet zo goed.

Ik zal even uitleggen hoe ik het hier heb gedaan. Ik heb een workshopOU aangemaakt in de map user accounts. Daarna heb ik 6 gebruikers aangemaakt in deze OU. Deze 6 gebruikers zijn lid van de groep: workshopgebruikers. Deze groep zit in de security groups. In de GPMC heb ik een GPO aangemaakt en deze link ik aan de WorkshopOU zoals op de tweede foto wordt weergegeven.

Ik hoop dat het duidelijk is.

Hieronde wat foto's van de structuur:

[img=http://img140.imageshack.us/img140/8820/structuurusers.jpg]

[img=http://img163.imageshack.us/img163/8426/structuurgpo.jpg]


Mvg

[ Voor 7% gewijzigd door lawkexarib op 14-12-2009 14:53 ]

maandag 14 december 2009 15:00

Acties:
  • Question Mark
  • Registratie: Mei 2003
  • Laatst online: 01-02 16:06

Question Mark

Moderator SSC/WOS

F7 - Nee - Ja

Nee, dit zou wel moeten werken. Ik was in de veronderstelling dat enkel de group "workshopgebruikers" in de OU stond waar de GPO opstond, en dat de gebruikers in een andere OU stonden.

Ik zie echter in je schermafdrukken dat de zes gebruikers keurig in de OU staan, waar de GPO op gezet is.

JE RSOP (resultant set of policy) is echter niet zo handig:
RSOP data for *****\administrator on DC02 : Logging Mode
Deze RSOP is nl. door de administrator uitgevoerd. Log eens aan als een cursist en voor dan het commando eens uit. We willen immers weten wat de RSOP voor één van deze accounts is, niet voor de administrator :)

MCSE NT4/2K/2K3, MCTS, MCITP, CCA, CCEA, CCEE, CCIA, CCNA, CCDA, CCNP, CCDP, VCP, CEH + zwemdiploma A & B

maandag 14 december 2009 15:13

Acties:
  • Tags NL
  • Registratie: December 1999
  • Laatst online: 15-01 16:52

Tags NL

Harmful or Harmless?

Question Mark schreef op maandag 14 december 2009 @ 15:00:
Deze RSOP is nl. door de administrator uitgevoerd. Log eens aan als een cursist en voor dan het commando eens uit. We willen immers weten wat de RSOP voor één van deze accounts is, niet voor de administrator :)
Of doe het vanaf je eigen pc via MMC, File. Add/Remove Snapin, Resultant Set of Policy, Ok, Rechtermuisknop op Resultant Set of Policy, Generate RSoP data en dan de wizard doorlopen om voor die gebruiker op die pc de instellingen te laten zien. (Weet niet of MMC achtige dingen dicht staan voor gebruikers?)

https://powershellisfun.com

maandag 14 december 2009 15:56

Acties:
  • lawkexarib
  • Registratie: Maart 2009
  • Laatst online: 28-11-2025

lawkexarib

Topicstarter
Hoi,

As you ask, I run it:
C:\>gpresult /v

Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 12/14/2009 at 3:24:55 PM


RSOP data for INFOREPORTS\cursist6 on PC20 : Logging Mode
----------------------------------------------------------

OS Configuration: Member Workstation
OS Version: 6.0.6001
Site Name: N/A
Roaming Profile: N/A
Local Profile: C:\Users\cursist6
Connected over a slow link?: No


USER SETTINGS
--------------
CN=Cursist6,OU=WorkshopOU,OU=User Accounts,OU=Accounts,OU=InfoReports,DC=Inf
oReports,DC=local
Last time Group Policy was applied: 12/14/2009 at 3:22:46 PM
Group Policy was applied from: DC03.InfoReports.local
Group Policy slow link threshold: 500 kbps
Domain Name: INFOREPORTS
Domain Type: Windows 2000

Applied Group Policy Objects
-----------------------------
WorkshopOu
InfoReports Users GPO
Small Business Server Folder Redirection
Default Domain Policy

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Small Business Server Internet Connection Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PreSP2

Small Business Server Remote Assistance Policy
Filtering: Disabled (GPO)

Local Group Policy
Filtering: Not Applied (Empty)

Small Business Server Lockout Policy
Filtering: Disabled (GPO)

Small Business Server Client Computer
Filtering: Not Applied (Empty)

Small Business Server Domain Password Policy
Filtering: Not Applied (Empty)

Small Business Server Windows Firewall
Filtering: Disabled (GPO)

The user is a part of the following security groups
---------------------------------------------------
Domain Users
Everyone
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
InfoReports Users
Workshopgebruikers
InfoReportsBusinessI
CERTSVC_DCOM_ACCESS
Medium Mandatory Level

The user has the following security privileges
----------------------------------------------


Resultant Set Of Policies for User
-----------------------------------

Software Installations
----------------------
N/A

Logon Scripts
-------------
GPO: InfoReports Users GPO
Name: CheckOS.vbs
Parameters:
LastExecuted: 2:22:51 PM

Logoff Scripts
--------------
Public Key Policies
-------------------
N/A

Administrative Templates
------------------------
GPO: WorkshopOu
KeyName: Software\Policies\Microsoft\Windows\System\GroupPol
icyRefreshTimeOffset
Value: 40, 0, 0, 0
State: Enabled

GPO: WorkshopOu
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\
System\WallpaperStyle
Value: 48, 0, 0, 0
State: Enabled

GPO: WorkshopOu
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer\NoAutorun
Value: 1, 0, 0, 0
State: Enabled

GPO: WorkshopOu
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\
System\DisableChangePassword
Value: 1, 0, 0, 0
State: Enabled

GPO: WorkshopOu
KeyName: Software\Policies\Microsoft\Internet Explorer\Contr
ol Panel\Connection Settings
Value: 1, 0, 0, 0
State: Enabled

GPO: WorkshopOu
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer\NoDriveTypeAutoRun
Value: 255, 0, 0, 0
State: Enabled

GPO: WorkshopOu
KeyName: Software\Policies\Microsoft\Internet Explorer\Contr
ol Panel\Connwiz Admin Lock
Value: 1, 0, 0, 0
State: Enabled

GPO: WorkshopOu
KeyName: Software\Policies\Microsoft\Windows\System\GroupPol
icyRefreshTime
Value: 30, 0, 0, 0
State: Enabled

GPO: WorkshopOu
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\
System\DisableTaskMgr
Value: 1, 0, 0, 0
State: Enabled

GPO: WorkshopOu
KeyName: Software\Policies\Microsoft\Windows\RemovableStorag
eDevices\Deny_All
Value: 1, 0, 0, 0
State: Enabled

GPO: WorkshopOu
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\
System\Wallpaper
Value: 92, 0, 92, 0, 70, 0, 83, 0, 48, 0, 49, 0, 92, 0, 97
, 0, 99, 0, 104, 0, 116, 0, 101, 0, 114, 0, 103, 0, 114, 0, 111, 0, 110, 0, 100,
0, 92, 0, 119, 0, 97, 0, 108, 0, 108, 0, 112, 0, 97, 0, 112, 0, 101, 0, 114, 0,
46, 0, 106, 0, 112, 0, 103, 0, 0, 0
State: Enabled

GPO: WorkshopOu
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer\RestrictWelcomeCenter
Value: 1, 0, 0, 0
State: Enabled

GPO: WorkshopOu
KeyName: Software\Policies\Microsoft\Internet Explorer\Contr
ol Panel\ConnectionsTab
Value: 1, 0, 0, 0
State: Enabled

Folder Redirection
------------------
N/A

Internet Explorer Browser User Interface
----------------------------------------
GPO: WorkshopOu
Large Animated Bitmap Name: N/A
Large Custom Logo Bitmap Name: N/A
Title BarText: N/A
UserAgent Text: N/A
Delete existing toolbar buttons: No

Internet Explorer Connection
----------------------------
HTTP Proxy Server: N/A
Secure Proxy Server: N/A
FTP Proxy Server: N/A
Gopher Proxy Server: N/A
Socks Proxy Server: N/A
Auto Config Enable: No
Enable Proxy: No
Use same Proxy: No

HTTP Proxy Server: N/A
Secure Proxy Server: N/A
FTP Proxy Server: N/A
Gopher Proxy Server: N/A
Socks Proxy Server: N/A
Auto Config Enable: No
Enable Proxy: No
Use same Proxy: No

HTTP Proxy Server: 127.0.0.1:80
Secure Proxy Server: 127.0.0.1:80
FTP Proxy Server: 127.0.0.1:80
Gopher Proxy Server: 127.0.0.1:80
Socks Proxy Server: 127.0.0.1:80
Auto Config Enable: No
Enable Proxy: Yes
Use same Proxy: Yes

Internet Explorer URLs
----------------------
GPO: WorkshopOu
Home page URL: N/A
Search page URL: N/A
Online support page URL: N/A

Internet Explorer Security
--------------------------
Always Viewable Sites: N/A
Password Override Enabled: False

Always Viewable Sites: N/A
Password Override Enabled: False

Always Viewable Sites: N/A
Password Override Enabled: False

GPO: WorkshopOu
Import the current Content Ratings Settings: No
Import the current Security Zones Settings: No
Import current Authenticode Security Information: No
Enable trusted publisher lockdown: No

Internet Explorer Programs
--------------------------
GPO: WorkshopOu
Import the current Program Settings: No
====================================================================

Overigens, ik heb de modeling wizard nog gedraaid en deze geeft ook een foutmelding op de foto

[img=http://img696.imageshack.us/img696/5647/testresult.jpg]


In de appl-log staat de volgende fout erin:

Group Policy Shortcuts failed due to the error listed below and failed to log resultant set of policy information.


Additional information may have been logged. Review the application event log on the domain controller on which the simulation was run for events between 14-12-2009 11:54:00 and 14-12-2009 11:54:00.


the client-side caught the unhandled exception 0x00000000C000005 inside: threadentry: client main: see trace file for more details

Mvg

maandag 14 december 2009 16:01

Acties:
  • Question Mark
  • Registratie: Mei 2003
  • Laatst online: 01-02 16:06

Question Mark

Moderator SSC/WOS

F7 - Nee - Ja

Je policy wordt dus toegepast:
Applied Group Policy Objects
-----------------------------
WorkshopOu
InfoReports Users GPO
Small Business Server Folder Redirection
Default Domain Policy

MCSE NT4/2K/2K3, MCTS, MCITP, CCA, CCEA, CCEE, CCIA, CCNA, CCDA, CCNP, CCDP, VCP, CEH + zwemdiploma A & B

maandag 14 december 2009 16:06

Acties:
  • lawkexarib
  • Registratie: Maart 2009
  • Laatst online: 28-11-2025

lawkexarib

Topicstarter
Hallo,

Dat is idd wel vreemd, maar ik vraag mij af waarom bepaalde instellingen bij een gebruiker wil doorkomen en bij andere gebruikers niet.

Bedankt voor het nakijken.

Ik heb nog een kijkje genomen op:
http://social.technet.mic...2a-4e15-99b9-fc016104c198

Om eerlijk te zijn, werd ik niet veel wijzer van.
Pagina: 1
Reageer

Apple iPhone 17 LG OLED evo G5 Google Pixel 10 Samsung Galaxy S25 Star Wars: Outlaws Nintendo Switch 2 Apple AirPods Pro (2e generatie) Sony PlayStation 5 Pro

Tweakers is onderdeel van DPG Media B.V.
Alle rechten voorbehouden - Auteursrecht © 1998 - 2026 Hosting door TrueFullstaq