2 Windows XP, 1 Windows 2000 Domain, Security Settings Problem

G

Guest

Hello all,

I have a laptop and desktop computer running Windows XP SP2. Both are in a
Windows 2000 Server AD Domain. Everything was working fine until about two
weeks ago when I noticed that the desktop computer had it's Windows Firewall
Disabled, Security Center restricted (grayed out), and cannot be accessed
over the network by either the server or the laptop. So I go into the Local
Security Settings and find that the "Acces this computer from the network"
policy was blank. What I did was compare the two Local Security Settings from
both the laptop and desktop. However, the desktop settings from accessing
from the network would again be blank the next time I check.

This, along with the fact that my Security Center settings cannot be altered
because it gives me the "For your security, some settings are controlled by
Group Policy" message. I do not have any custom policy in place. I built the
server, configured DNS, created an AD domain, added the computers, added
users, and that's it, the simplest of server and domain configurations.

Is there any solution to this bizarre situation? Any hints or suggestions
greatly appreciated.

Only the desktop seems to be controlled by some rogue "Group Policy" whilst
the laptop retains it's local security policy in combination with the Domain
Policy.

Thanks in advanced.
 
M

MowGreen [MVP]

Was the Win 2K server updated with KB921883 yet ?
http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx
Vulnerability in Server Service Could Allow Remote Code Execution (921883)

There is an active exploit that uses this vulnerability to infect
unpatched systems ... *especially* Win 2K.

Microsoft Security Advisory (922437)
Exploit Code Published Affecting the Server Service
http://www.microsoft.com/technet/security/advisory/922437.mspx
and
http://isc.sans.org/diary.php?storyid=1597

Was KB921883 installed on the desktop ?

MowGreen [MVP 2003-2006]
===============
*-343-* FDNY
Never Forgotten
===============
 
G

Guest

Yes, I have reinstalled the hotfix on the server and verified that the
Windows XP desktop machine also has it installed via Add/Remove Programs.

MowGreen said:
Was the Win 2K server updated with KB921883 yet ?
http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx
Vulnerability in Server Service Could Allow Remote Code Execution (921883)

There is an active exploit that uses this vulnerability to infect
unpatched systems ... *especially* Win 2K.

Microsoft Security Advisory (922437)
Exploit Code Published Affecting the Server Service
http://www.microsoft.com/technet/security/advisory/922437.mspx
and
http://isc.sans.org/diary.php?storyid=1597

Was KB921883 installed on the desktop ?

MowGreen [MVP 2003-2006]
===============
*-343-* FDNY
Never Forgotten
===============


Thomas said:
Hello all,

I have a laptop and desktop computer running Windows XP SP2. Both are in a
Windows 2000 Server AD Domain. Everything was working fine until about two
weeks ago when I noticed that the desktop computer had it's Windows Firewall
Disabled, Security Center restricted (grayed out), and cannot be accessed
over the network by either the server or the laptop. So I go into the Local
Security Settings and find that the "Acces this computer from the network"
policy was blank. What I did was compare the two Local Security Settings from
both the laptop and desktop. However, the desktop settings from accessing
from the network would again be blank the next time I check.

This, along with the fact that my Security Center settings cannot be altered
because it gives me the "For your security, some settings are controlled by
Group Policy" message. I do not have any custom policy in place. I built the
server, configured DNS, created an AD domain, added the computers, added
users, and that's it, the simplest of server and domain configurations.

Is there any solution to this bizarre situation? Any hints or suggestions
greatly appreciated.

Only the desktop seems to be controlled by some rogue "Group Policy" whilst
the laptop retains it's local security policy in combination with the Domain
Policy.

Thanks in advanced.
Click to expand...
Click to expand...
 
S

Steven L Umbach

Hi Thomas.

Try running rsop.msc on those two computers to see if it shows any Group
Policy being applied for those settings and the enforcing Group Policy.
Note that when a domain level Group Policy is configured it will only
override local Group Policy or Local Security Policy for the settings that
are defined in that domain level Group Policy. In Windows XP if you can not
configure a Local Security Policy setting then that means that it is being
overridden by a domain level Group Policy. It is also possible for Group
Policy "like" settings to be implemented directly via the registry which is
often done by malware and spyware. You will also experience inconsistent
application of Group Policy if your domain DNS is not configured correctly
for domain controllers and domain clients. The link below explains how DNS
MUST be configured for an Active Directory domain. The support tools
netdiag, dcdiag, gpresult, and gpotool are all extremely helpful in checking
for health of domain configuration and troubleshooting Group Policy
problems.

Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;291382
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

2 Windows XP Platform, 1 Windows 2000 Domain, Security Policy Prob 3
can't modify local security settings 2
Error Message when opening Local Security Policy 1
wordpad unable to open rtf file - security warning - win xp sp3 64 bit 2
Local Security Policy - SECPOL.MSC 2
Group Policy Security setting could not be determined 4
AD Domain and user profiles 1
Domain Policies , Security Center and Windows Update 1

Top