2 machines under GP no longer lock down/screensaver

[Taggert]

I am getting ready for some audits, so I am verifying all my security
settings. FOr almost a year, we have had group policy settings that force
all machines inactive for 15 minutes to lock down, fire up the screensaver,
and force user to ctrl-alt-del and sign back in when they return.

Now I find 2 machines, 1 the CEO of course, that do not ever time out or
lock down. Nothing of any interest in the event logs, no errors of any
sort, the login.scr file is still available on both machines.

Any thought on finding or resolving the problem? I have logged off, logged
on, run gpupdate with no errors, and I'm just not finding a resolution.


Anyone?

Thanks

 

[Vincent Xu [MSFT]]

Hi,

My understanding of your issue is: Group Policy are not applied to two
fixed computers.

1. Create a new OU for the two user (because I found the policy is set for
users. Correct me if I'm wrong)
2. Create a new GPO for this OU and set the lock down settings & screen
saver settings.
3. Reboot the two computers.
4. Run the following command on the client computer and let me know the GPO
name you use.

gpresult /z >c:\gp.txt

Note: Please send the gp.txt file to (e-mail address removed).

Thanks.

Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================

Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------

 

[Vincent Xu [MSFT]]

Hi ,

something found from your log:

1. Only the GPO Default Domain Policy is applied. This GPO is applied at
domain level.

2. Applied Group Policy Objects
-----------------------------
Default Domain Policy
MAIN

the GPO MAIN is not exists even it should.

In the Default Domain Policy, there are 7 GP applied. Please let me know
which GPs are applied.

I'm not sure why MAIN is not applied, please also let me know which GPs in
MAIN are applied.

Thanks.


Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------

X-Tomcat-ID: 44160988
References: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
From: (e-mail address removed) (Vincent Xu [MSFT])
Organization: Microsoft
Date: Fri, 22 Sep 2006 02:19:37 GMT
Subject: RE: 2 machines under GP no longer lock down/screensaver
X-Tomcat-NG: microsoft.public.win2000.group_policy
Message-ID: <[email protected]>
Newsgroups: microsoft.public.win2000.group_policy
Lines: 65
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.win2000.group_policy:40933
NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122

Hi,

My understanding of your issue is: Group Policy are not applied to two
fixed computers.

1. Create a new OU for the two user (because I found the policy is set for
users. Correct me if I'm wrong)
2. Create a new GPO for this OU and set the lock down settings & screen
saver settings.
3. Reboot the two computers.
4. Run the following command on the client computer and let me know the GPO
name you use.

gpresult /z >c:\gp.txt

Note: Please send the gp.txt file to (e-mail address removed).

Thanks.

Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================

Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------

From: "Taggert" <[email protected]>
Subject: 2 machines under GP no longer lock down/screensaver
Date: Thu, 21 Sep 2006 11:42:51 -0400
Lines: 18
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
X-RFC2646: Format=Flowed; Original
Message-ID: <[email protected]>
Newsgroups: microsoft.public.win2000.group_policy
NNTP-Posting-Host: adsl-070-147-109-164.sip.gnv.bellsouth.net 70.147.109.164
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.win2000.group_policy:40932
X-Tomcat-NG: microsoft.public.win2000.group_policy

I am getting ready for some audits, so I am verifying all my security
settings. FOr almost a year, we have had group policy settings that force
all machines inactive for 15 minutes to lock down, fire up the screensaver,
and force user to ctrl-alt-del and sign back in when they return.

Now I find 2 machines, 1 the CEO of course, that do not ever time out or
lock down. Nothing of any interest in the event logs, no errors of any
sort, the login.scr file is still available on both machines.

Any thought on finding or resolving the problem? I have logged off, logged
on, run gpupdate with no errors, and I'm just not finding a resolution.


Anyone?

Thanks