Is there any firewall between servers and dc´s? What the event viewer says? Are they all the ports opened between (you can check meanwhile you execute the secedit command with a "netstat -a 2" to check if any port is blocked or SYN_SENT)?
gl
-----Original Message-----
From: Ken Hoover [mailto:ken.hoover (at) yale (dot) edu [email concealed]]
Sent: martes, 14 de diciembre de 2004 21:39
To: Peter Rodger
Cc: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Re: Group policy help needed!!!
Make sure that the clients can successfully ping a domain controller because the clients will do this as a test to verify connectivity before attempting to update group policy. If the ping fails for any reason (even though other traffic flows freely) then group policy will not be updated on the client.
We discovered this after we tried blocking ICMP ping last year.
- Ken Hoover
Peter Rodger wrote:
> Hi, all
>
> I pushed out audit policy and event log policy through group policy to
> all our servers (70). All server in the Servers OU.
> None of them got policy. I ran secedit many times.
>
> Can anyone point me why and the right direction?
>
> We are in windows 2K and XP environment.
>
> Thanks,
>
> Peter
>
>
--
Kenneth J. Hoover
Systems Programmer
Yale University ITS AM&T x2-1260
gl
-----Original Message-----
From: Ken Hoover [mailto:ken.hoover (at) yale (dot) edu [email concealed]]
Sent: martes, 14 de diciembre de 2004 21:39
To: Peter Rodger
Cc: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Re: Group policy help needed!!!
Make sure that the clients can successfully ping a domain controller because the clients will do this as a test to verify connectivity before attempting to update group policy. If the ping fails for any reason (even though other traffic flows freely) then group policy will not be updated on the client.
We discovered this after we tried blocking ICMP ping last year.
- Ken Hoover
Peter Rodger wrote:
> Hi, all
>
> I pushed out audit policy and event log policy through group policy to
> all our servers (70). All server in the Servers OU.
> None of them got policy. I ran secedit many times.
>
> Can anyone point me why and the right direction?
>
> We are in windows 2K and XP environment.
>
> Thanks,
>
> Peter
>
>
--
Kenneth J. Hoover
Systems Programmer
Yale University ITS AM&T x2-1260
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]