I have a 2003 domain server two an OU for my servers and an OU for
workstations.
Recently an external auditor suggested we use the logon message (Default
Domain Policy\computer configuration\windows settings\security settings\local
policies\security options\Interactive Logon\Message text for all users
attempting to log on). The problem is that when this setting is turned on in
the default domain policy it applies to my sever OU, and we have a server we
reboot every night and automatically logs on because it has to run a
communication program for our users. With that setting in the domain policy
the server reboots and waits for an OK on the message and the communication
program doesn't run because it runs from the startup folder. If i make a
policy for the message text in the workstation OU the default domain police
overrides it and none of our workstations sho the message.

How can i set the message logon text only for workstations and not
servers?

Move the group policy from the default domain to the OU with the
workstations in it.


hth
DDS

"Chip pellegrino" <(E-Mail Removed)> wrote in
message news:21EB4368-0360-4413-B1C7-(E-Mail Removed)...
>I have a 2003 domain server two an OU for my servers and an OU for
> workstations.
> Recently an external auditor suggested we use the logon message (Default
> Domain Policy\computer configuration\windows settings\security
> settings\local
> policies\security options\Interactive Logon\Message text for all users
> attempting to log on). The problem is that when this setting is turned on
> in
> the default domain policy it applies to my sever OU, and we have a server
> we
> reboot every night and automatically logs on because it has to run a
> communication program for our users. With that setting in the domain
> policy
> the server reboots and waits for an OK on the message and the
> communication
> program doesn't run because it runs from the startup folder. If i make a
> policy for the message text in the workstation OU the default domain
> police
> overrides it and none of our workstations sho the message.
>
> How can i set the message logon text only for workstations and not
> servers?
>
>

I can't move the default domain policy to the workstations OU because the
default domain policy has security settings that need to be applied to all
computers ieassword length,password history etc. The Logon Message is not
set in the default domain policy so i don't know why the workstation OU
policy is getting overriden by the default domain policy.

Should i block the policy inheritance at the workstation OU and then
link the default policy to the workstations OU and change the order of the
policies, but leave it in the default domain OU too?

"Danny Sanders" wrote:

> Move the group policy from the default domain to the OU with the
> workstations in it.
>
>
> hth
> DDS
>
> "Chip pellegrino" <(E-Mail Removed)> wrote in
> message news:21EB4368-0360-4413-B1C7-(E-Mail Removed)...
> >I have a 2003 domain server two an OU for my servers and an OU for
> > workstations.
> > Recently an external auditor suggested we use the logon message (Default
> > Domain Policy\computer configuration\windows settings\security
> > settings\local
> > policies\security options\Interactive Logon\Message text for all users
> > attempting to log on). The problem is that when this setting is turned on
> > in
> > the default domain policy it applies to my sever OU, and we have a server
> > we
> > reboot every night and automatically logs on because it has to run a
> > communication program for our users. With that setting in the domain
> > policy
> > the server reboots and waits for an OK on the message and the
> > communication
> > program doesn't run because it runs from the startup folder. If i make a
> > policy for the message text in the workstation OU the default domain
> > police
> > overrides it and none of our workstations sho the message.
> >
> > How can i set the message logon text only for workstations and not
> > servers?
> >
> >
>

What I meant was remove the settings for the logon message from the default
domain GPO, create a new group policy on the workstation OU with the logon
message setting .

hth
DDS


"Chip pellegrino" <(E-Mail Removed)> wrote in
message news:EF05A077-FCA7-4EAC-8578-(E-Mail Removed)...
> I can't move the default domain policy to the workstations OU because
> the
> default domain policy has security settings that need to be applied to all
> computers ieassword length,password history etc. The Logon Message is
> not
> set in the default domain policy so i don't know why the workstation OU
> policy is getting overriden by the default domain policy.
>
> Should i block the policy inheritance at the workstation OU and then
> link the default policy to the workstations OU and change the order of the
> policies, but leave it in the default domain OU too?
>
> "Danny Sanders" wrote:
>
>> Move the group policy from the default domain to the OU with the
>> workstations in it.
>>
>>
>> hth
>> DDS
>>
>> "Chip pellegrino" <(E-Mail Removed)> wrote in
>> message news:21EB4368-0360-4413-B1C7-(E-Mail Removed)...
>> >I have a 2003 domain server two an OU for my servers and an OU for
>> > workstations.
>> > Recently an external auditor suggested we use the logon message
>> > (Default
>> > Domain Policy\computer configuration\windows settings\security
>> > settings\local
>> > policies\security options\Interactive Logon\Message text for all users
>> > attempting to log on). The problem is that when this setting is turned
>> > on
>> > in
>> > the default domain policy it applies to my sever OU, and we have a
>> > server
>> > we
>> > reboot every night and automatically logs on because it has to run a
>> > communication program for our users. With that setting in the domain
>> > policy
>> > the server reboots and waits for an OK on the message and the
>> > communication
>> > program doesn't run because it runs from the startup folder. If i make
>> > a
>> > policy for the message text in the workstation OU the default domain
>> > police
>> > overrides it and none of our workstations sho the message.
>> >
>> > How can i set the message logon text only for workstations and not
>> > servers?
>> >
>> >
>>

Hello Chip,

Create a new GPO with that settings and link it to the OU where the workstations
are located, so only them are effected. Also you should not change the Default
domain and Default domain controllers policy, if you need other configuration
settings better create your own policy and linkit also to the domain or DC's
OU. So in case of failures you can easy go back to that both default settings
with just unlinking the new created policies.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I have a 2003 domain server two an OU for my servers and an OU for
> workstations.
> Recently an external auditor suggested we use the logon message
> (Default
> Domain Policy\computer configuration\windows settings\security
> settings\local
> policies\security options\Interactive Logon\Message text for all users
> attempting to log on). The problem is that when this setting is
> turned on in
> the default domain policy it applies to my sever OU, and we have a
> server we
> reboot every night and automatically logs on because it has to run a
> communication program for our users. With that setting in the domain
> policy
> the server reboots and waits for an OK on the message and the
> communication
> program doesn't run because it runs from the startup folder. If i make
> a
> policy for the message text in the workstation OU the default domain
> police
> overrides it and none of our workstations sho the message.
> How can i set the message logon text only for workstations and not
> servers?
>

This is how I set it up, but it doesn't seem to be working and I can't
understand why. The logon message is not set anywhere else other than the
policy for the workstation OU.

"Meinolf Weber [MVP-DS]" wrote:

> Hello Chip,
>
> Create a new GPO with that settings and link it to the OU where the workstations
> are located, so only them are effected.
>

See:
http://support.microsoft.com/search/...3comm=1&res=20



hth
DDS

"Chip pellegrino" <(E-Mail Removed)> wrote in
message news:97231DEE-DDFA-4D14-8F76-(E-Mail Removed)...
> This is how I set it up, but it doesn't seem to be working and I can't
> understand why. The logon message is not set anywhere else other than the
> policy for the workstation OU.
>
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello Chip,
>>
>> Create a new GPO with that settings and link it to the OU where the
>> workstations
>> are located, so only them are effected.
>>
>

Thanks for your help guys. I wasn't creating a new policy i was editing an
existing policy and it wasn't working. I created a new policy and it works
fine now.

"Danny Sanders" wrote:

> See:
> http://support.microsoft.com/search/...3comm=1&res=20
>
>
>
> hth
> DDS
>
> "Chip pellegrino" <(E-Mail Removed)> wrote in
> message news:97231DEE-DDFA-4D14-8F76-(E-Mail Removed)...
> > This is how I set it up, but it doesn't seem to be working and I can't
> > understand why. The logon message is not set anywhere else other than the
> > policy for the workstation OU.
> >
> > "Meinolf Weber [MVP-DS]" wrote:
> >
> >> Hello Chip,
> >>
> >> Create a new GPO with that settings and link it to the OU where the
> >> workstations
> >> are located, so only them are effected.
> >>
> >
>