I am getting ready for some audits, so I am verifying all my security
settings. FOr almost a year, we have had group policy settings that force
all machines inactive for 15 minutes to lock down, fire up the screensaver,
and force user to ctrl-alt-del and sign back in when they return.

Now I find 2 machines, 1 the CEO of course, that do not ever time out or
lock down. Nothing of any interest in the event logs, no errors of any
sort, the login.scr file is still available on both machines.

Any thought on finding or resolving the problem? I have logged off, logged
on, run gpupdate with no errors, and I'm just not finding a resolution.


Anyone?

Thanks

Hi,

My understanding of your issue is: Group Policy are not applied to two
fixed computers.

1. Create a new OU for the two user (because I found the policy is set for
users. Correct me if I'm wrong)
2. Create a new GPO for this OU and set the lock down settings & screen
saver settings.
3. Reboot the two computers.
4. Run the following command on the client computer and let me know the GPO
name you use.

gpresult /z >c:\gp.txt

Note: Please send the gp.txt file to v-(E-Mail Removed).

Thanks.

Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================

Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------
>>From: "Taggert" <(E-Mail Removed)>
>>Subject: 2 machines under GP no longer lock down/screensaver
>>Date: Thu, 21 Sep 2006 11:42:51 -0400
>>Lines: 18
>>X-Priority: 3
>>X-MSMail-Priority: Normal
>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
>>X-RFC2646: Format=Flowed; Original
>>Message-ID: <(E-Mail Removed)>
>>Newsgroups: microsoft.public.win2000.group_policy
>>NNTP-Posting-Host: adsl-070-147-109-164.sip.gnv.bellsouth.net
70.147.109.164
>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.win2000.group_policy:40932
>>X-Tomcat-NG: microsoft.public.win2000.group_policy
>>
>>I am getting ready for some audits, so I am verifying all my security
>>settings. FOr almost a year, we have had group policy settings that
force
>>all machines inactive for 15 minutes to lock down, fire up the
screensaver,
>>and force user to ctrl-alt-del and sign back in when they return.
>>
>>Now I find 2 machines, 1 the CEO of course, that do not ever time out or
>>lock down. Nothing of any interest in the event logs, no errors of any
>>sort, the login.scr file is still available on both machines.
>>
>>Any thought on finding or resolving the problem? I have logged off,
logged
>>on, run gpupdate with no errors, and I'm just not finding a resolution.
>>
>>
>>Anyone?
>>
>>Thanks
>>
>>
>>

Hi ,

something found from your log:

1. Only the GPO Default Domain Policy is applied. This GPO is applied at
domain level.

2. Applied Group Policy Objects
-----------------------------
Default Domain Policy
MAIN

the GPO MAIN is not exists even it should.

In the Default Domain Policy, there are 7 GP applied. Please let me know
which GPs are applied.

I'm not sure why MAIN is not applied, please also let me know which GPs in
MAIN are applied.

Thanks.


Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------
>>X-Tomcat-ID: 44160988
>>References: <(E-Mail Removed)>
>>MIME-Version: 1.0
>>Content-Type: text/plain
>>Content-Transfer-Encoding: 7bit
>>From: v-(E-Mail Removed) (Vincent Xu [MSFT])
>>Organization: Microsoft
>>Date: Fri, 22 Sep 2006 02:19:37 GMT
>>Subject: RE: 2 machines under GP no longer lock down/screensaver
>>X-Tomcat-NG: microsoft.public.win2000.group_policy
>>Message-ID: <(E-Mail Removed)>
>>Newsgroups: microsoft.public.win2000.group_policy
>>Lines: 65
>>Path: TK2MSFTNGXA01.phx.gbl
>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.win2000.group_policy:40933
>>NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122
>>
>>Hi,
>>
>>My understanding of your issue is: Group Policy are not applied to two
>>fixed computers.
>>
>>1. Create a new OU for the two user (because I found the policy is set
for
>>users. Correct me if I'm wrong)
>>2. Create a new GPO for this OU and set the lock down settings & screen
>>saver settings.
>>3. Reboot the two computers.
>>4. Run the following command on the client computer and let me know the
GPO
>>name you use.
>>
>>gpresult /z >c:\gp.txt
>>
>>Note: Please send the gp.txt file to v-(E-Mail Removed).
>>
>>Thanks.
>>
>>Best regards,
>>
>>Vincent Xu
>>Microsoft Online Partner Support
>>
>>======================================================
>>
>>Get Secure! - www.microsoft.com/security
>>======================================================
>>When responding to posts, please "Reply to Group" via your newsreader so
>>that others
>>may learn and benefit from this issue.
>>======================================================
>>This posting is provided "AS IS" with no warranties,and confers no
rights.
>>======================================================
>>
>>
>>
>>--------------------
>>>>From: "Taggert" <(E-Mail Removed)>
>>>>Subject: 2 machines under GP no longer lock down/screensaver
>>>>Date: Thu, 21 Sep 2006 11:42:51 -0400
>>>>Lines: 18
>>>>X-Priority: 3
>>>>X-MSMail-Priority: Normal
>>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
>>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
>>>>X-RFC2646: Format=Flowed; Original
>>>>Message-ID: <(E-Mail Removed)>
>>>>Newsgroups: microsoft.public.win2000.group_policy
>>>>NNTP-Posting-Host: adsl-070-147-109-164.sip.gnv.bellsouth.net
>>70.147.109.164
>>>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
>>>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.win2000.group_policy:40932
>>>>X-Tomcat-NG: microsoft.public.win2000.group_policy
>>>>
>>>>I am getting ready for some audits, so I am verifying all my security
>>>>settings. FOr almost a year, we have had group policy settings that
>>force
>>>>all machines inactive for 15 minutes to lock down, fire up the
>>screensaver,
>>>>and force user to ctrl-alt-del and sign back in when they return.
>>>>
>>>>Now I find 2 machines, 1 the CEO of course, that do not ever time out
or
>>>>lock down. Nothing of any interest in the event logs, no errors of any
>>>>sort, the login.scr file is still available on both machines.
>>>>
>>>>Any thought on finding or resolving the problem? I have logged off,
>>logged
>>>>on, run gpupdate with no errors, and I'm just not finding a resolution.
>>>>
>>>>
>>>>Anyone?
>>>>
>>>>Thanks
>>>>
>>>>
>>>>
>>
>>