issue is with the local policy

J

james

We have 4 servers STIRNF301, STIRNF302, STIRSG301,
STIRSG302 that were initially a part of the EITE domain,
and they were then removed from the domain.

The issue is with the local policies on these boxes.
These servers are still getting their policy from the
domain controllers when we run (gpresult).
-------
Gpresult has;
Last time Group Policy was applied: Tuesday, July 22, 2003
at 10:45am, Group Policy was applied from:
mtb0120bsmad2.eite.irs.gov
------
These servers are no longer listed in Active Directory
(Users & Computers), though they are still listed in the
lmhost and DNS as part of the domain.

On the domain controllers, we:
Ran dcdiag /v—no errors
Ran netdiag fix /v—no errors

On the standalone servers we ran netdiag—no errors.

When we try to change the local policy of the box, for
Audit Events (account logon and directory service access)
it will not change to Success/Failure, it seems to be
overwritten by a bogus policy.

The specific policy we are having trouble with is Audit
Account Logon Events. Do we have to run clear DNS cache
and check the winlogon registry keys?

Thanks.
James
 
O

Oren Nizri

-----Original Message-----
We have 4 servers STIRNF301, STIRNF302, STIRSG301,
STIRSG302 that were initially a part of the EITE domain,
and they were then removed from the domain.

The issue is with the local policies on these boxes.
These servers are still getting their policy from the
domain controllers when we run (gpresult).
-------
Gpresult has;
Last time Group Policy was applied: Tuesday, July 22, 2003
at 10:45am, Group Policy was applied from:
mtb0120bsmad2.eite.irs.gov
------
These servers are no longer listed in Active Directory
(Users & Computers), though they are still listed in the
lmhost and DNS as part of the domain.

On the domain controllers, we:
Ran dcdiag /v-no errors
Ran netdiag fix /v-no errors

On the standalone servers we ran netdiag-no errors.

When we try to change the local policy of the box, for
Audit Events (account logon and directory service access)
it will not change to Success/Failure, it seems to be
overwritten by a bogus policy.

The specific policy we are having trouble with is Audit
Account Logon Events. Do we have to run clear DNS cache
and check the winlogon registry keys?

Thanks.
James

.
Click to expand...

check if you are still see the server at "AD site and
services" - delete them

try to follow microsoft article to remove those server :
article no. 216498

Best Regards

Oren Nizri

for my VBScript site : http://scripts.mutsonline.com

for security site : www.secureIT.co.il
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Domain Security Policy vs. OU specific Policy 1
Win2000 DC logon with domain admin account problem 3
GPO for Local accounts on DC 1
Domain Controller Security Policy not overriding the Local Security Policy 3
Group Policy Problem 8
Group Policy as "preference" does not apply 2
Policys will not apply 5
Computer Policy doesn't finish applying before Welcome to Windows 1

Top