need a way to import 2000 gp into 2003 server

TheMSsForum.com: The Microsoft Software Forum

i want to know is there a way to import a default gp for 2000sever into my
new 2003 domain ...reason is that with the default domain gp all my wks are
lock down (limited access and right ) and i can not seem to raised the
level example no permisson to manage netowrk settings, make vpn
connections, install applications .......this is what i want in the future
but for now im locking laptops down with the 2003 gp and all my users a
crying .....please help
Top

Re: need a way to import 2000 gp into 2003 server by Steven

Steven
Sat Jun 26 13:30:19 CDT 2004

By default there are no user configuration settings defined on Group Policy when you
set up a domain. Computer/security policy settings are defined mostly in Local
Security Policy and Domain Controller Security Policy [mainly user rights
assignments] for domain controllers , while domain policy defining account/password
policies. What you are talking about seems to be mostly an issue with user group
membership in that users need to be administrators on their local computers to do all
that you mention [in W2K]. If it suits your needs you can add the users domain
account to their local administrators or power users group on their computer. You can
use "restricted groups" in security policy at the OU level to modify the membership
of the local administrators/power users groups of computers in the OU. First I would
try adding users to the Network Configuration Operators group on their local
computers to allow them to manage networking properties and consider using Group
Policy to publish or assign .msi applications to them before letting them all be
local administrators. Users usually do cry when they can't clutter up their computers
with unathorized applications, file swapping programs, chat programs, spyware,
etc. --- Steve


"ajay" <jgrace@digitelusa.net> wrote in message
news:O1f%233O6WEHA.1888@TK2MSFTNGP11.phx.gbl...
> i want to know is there a way to import a default gp for 2000sever into my
> new 2003 domain ...reason is that with the default domain gp all my wks are
> lock down (limited access and right ) and i can not seem to raised the
> level example no permisson to manage netowrk settings, make vpn
> connections, install applications .......this is what i want in the future
> but for now im locking laptops down with the 2003 gp and all my users a
> crying .....please help
>
>


Top

Re: need a way to import 2000 gp into 2003 server by ajay

ajay
Sun Jun 27 13:04:14 CDT 2004

thank you so much for the reply

i have the default dc policy and the default domain policy added to my AD
should i delete or remove the default domain policy and just leave the one
for DC
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:%gjDc.97952$2i5.69247@attbi_s52...
> By default there are no user configuration settings defined on Group
Policy when you
> set up a domain. Computer/security policy settings are defined mostly in
Local
> Security Policy and Domain Controller Security Policy [mainly user rights
> assignments] for domain controllers , while domain policy defining
account/password
> policies. What you are talking about seems to be mostly an issue with user
group
> membership in that users need to be administrators on their local
computers to do all
> that you mention [in W2K]. If it suits your needs you can add the users
domain
> account to their local administrators or power users group on their
computer. You can
> use "restricted groups" in security policy at the OU level to modify the
membership
> of the local administrators/power users groups of computers in the OU.
First I would
> try adding users to the Network Configuration Operators group on their
local
> computers to allow them to manage networking properties and consider using
Group
> Policy to publish or assign .msi applications to them before letting them
all be
> local administrators. Users usually do cry when they can't clutter up
their computers
> with unathorized applications, file swapping programs, chat programs,
spyware,
> etc. --- Steve
>
>
> "ajay" <jgrace@digitelusa.net> wrote in message
> news:O1f%233O6WEHA.1888@TK2MSFTNGP11.phx.gbl...
> > i want to know is there a way to import a default gp for 2000sever into
my
> > new 2003 domain ...reason is that with the default domain gp all my wks
are
> > lock down (limited access and right ) and i can not seem to raised the
> > level example no permisson to manage netowrk settings, make vpn
> > connections, install applications .......this is what i want in the
future
> > but for now im locking laptops down with the 2003 gp and all my users a
> > crying .....please help
> >
> >
>
>


Top

Re: need a way to import 2000 gp into 2003 server by Steven

Steven
Sun Jun 27 17:04:13 CDT 2004

No. Never remove your default policies. The domain policy applies to the domain while
the domain controller policy applies only to the domain controller container where
all the domain controllers are by default. However any policy setting "defined" at
the domain level will also apply to the domain controller container if the same
setting is not defined in the domain controller policy. Note that mostly that will
only be computer configuration as users by default do not exists in the domain
controller container, nor should they be moved into it. --- Steve


"ajay" <jgrace@digitelusa.net> wrote in message
news:u9$yzGHXEHA.556@tk2msftngp13.phx.gbl...
> thank you so much for the reply
>
> i have the default dc policy and the default domain policy added to my AD
> should i delete or remove the default domain policy and just leave the one
> for DC
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:%gjDc.97952$2i5.69247@attbi_s52...
> > By default there are no user configuration settings defined on Group
> Policy when you
> > set up a domain. Computer/security policy settings are defined mostly in
> Local
> > Security Policy and Domain Controller Security Policy [mainly user rights
> > assignments] for domain controllers , while domain policy defining
> account/password
> > policies. What you are talking about seems to be mostly an issue with user
> group
> > membership in that users need to be administrators on their local
> computers to do all
> > that you mention [in W2K]. If it suits your needs you can add the users
> domain
> > account to their local administrators or power users group on their
> computer. You can
> > use "restricted groups" in security policy at the OU level to modify the
> membership
> > of the local administrators/power users groups of computers in the OU.
> First I would
> > try adding users to the Network Configuration Operators group on their
> local
> > computers to allow them to manage networking properties and consider using
> Group
> > Policy to publish or assign .msi applications to them before letting them
> all be
> > local administrators. Users usually do cry when they can't clutter up
> their computers
> > with unathorized applications, file swapping programs, chat programs,
> spyware,
> > etc. --- Steve
> >
> >
> > "ajay" <jgrace@digitelusa.net> wrote in message
> > news:O1f%233O6WEHA.1888@TK2MSFTNGP11.phx.gbl...
> > > i want to know is there a way to import a default gp for 2000sever into
> my
> > > new 2003 domain ...reason is that with the default domain gp all my wks
> are
> > > lock down (limited access and right ) and i can not seem to raised the
> > > level example no permisson to manage netowrk settings, make vpn
> > > connections, install applications .......this is what i want in the
> future
> > > but for now im locking laptops down with the 2003 gp and all my users a
> > > crying .....please help
> > >
> > >
> >
> >
>
>


Top

Re: need a way to import 2000 gp into 2003 server by ajay

ajay
Sun Jun 27 20:09:28 CDT 2004

ok thanks well tell me this..... im in AD and we have at the domain level
...default domain gp and default dc gp linked... Is this default DC gp
supose to be linked there or only under the OU for DC's could this be my
problem
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:xvHDc.126337$0y.46952@attbi_s03...
> No. Never remove your default policies. The domain policy applies to the
domain while
> the domain controller policy applies only to the domain controller
container where
> all the domain controllers are by default. However any policy setting
"defined" at
> the domain level will also apply to the domain controller container if the
same
> setting is not defined in the domain controller policy. Note that mostly
that will
> only be computer configuration as users by default do not exists in the
domain
> controller container, nor should they be moved into it. --- Steve
>
>
> "ajay" <jgrace@digitelusa.net> wrote in message
> news:u9$yzGHXEHA.556@tk2msftngp13.phx.gbl...
> > thank you so much for the reply
> >
> > i have the default dc policy and the default domain policy added to my
AD
> > should i delete or remove the default domain policy and just leave the
one
> > for DC
> > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> > news:%gjDc.97952$2i5.69247@attbi_s52...
> > > By default there are no user configuration settings defined on Group
> > Policy when you
> > > set up a domain. Computer/security policy settings are defined mostly
in
> > Local
> > > Security Policy and Domain Controller Security Policy [mainly user
rights
> > > assignments] for domain controllers , while domain policy defining
> > account/password
> > > policies. What you are talking about seems to be mostly an issue with
user
> > group
> > > membership in that users need to be administrators on their local
> > computers to do all
> > > that you mention [in W2K]. If it suits your needs you can add the
users
> > domain
> > > account to their local administrators or power users group on their
> > computer. You can
> > > use "restricted groups" in security policy at the OU level to modify
the
> > membership
> > > of the local administrators/power users groups of computers in the OU.
> > First I would
> > > try adding users to the Network Configuration Operators group on their
> > local
> > > computers to allow them to manage networking properties and consider
using
> > Group
> > > Policy to publish or assign .msi applications to them before letting
them
> > all be
> > > local administrators. Users usually do cry when they can't clutter up
> > their computers
> > > with unathorized applications, file swapping programs, chat programs,
> > spyware,
> > > etc. --- Steve
> > >
> > >
> > > "ajay" <jgrace@digitelusa.net> wrote in message
> > > news:O1f%233O6WEHA.1888@TK2MSFTNGP11.phx.gbl...
> > > > i want to know is there a way to import a default gp for 2000sever
into
> > my
> > > > new 2003 domain ...reason is that with the default domain gp all my
wks
> > are
> > > > lock down (limited access and right ) and i can not seem to raised
the
> > > > level example no permisson to manage netowrk settings, make vpn
> > > > connections, install applications .......this is what i want in the
> > future
> > > > but for now im locking laptops down with the 2003 gp and all my
users a
> > > > crying .....please help
> > > >
> > > >
> > >
> > >
> >
> >
>
>


Top

Re: need a way to import 2000 gp into 2003 server by Steven

Steven
Sun Jun 27 23:17:35 CDT 2004

In a default installation the domain policy is linked only to the domain container
and the domain controller policy to only the domain controller. --- Steve

"ajay" <jgrace@digitelusa.net> wrote in message
news:uaSqa0KXEHA.644@tk2msftngp13.phx.gbl...
> ok thanks well tell me this..... im in AD and we have at the domain level
> ...default domain gp and default dc gp linked... Is this default DC gp
> supose to be linked there or only under the OU for DC's could this be my
> problem
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:xvHDc.126337$0y.46952@attbi_s03...
> > No. Never remove your default policies. The domain policy applies to the
> domain while
> > the domain controller policy applies only to the domain controller
> container where
> > all the domain controllers are by default. However any policy setting
> "defined" at
> > the domain level will also apply to the domain controller container if the
> same
> > setting is not defined in the domain controller policy. Note that mostly
> that will
> > only be computer configuration as users by default do not exists in the
> domain
> > controller container, nor should they be moved into it. --- Steve
> >
> >
> > "ajay" <jgrace@digitelusa.net> wrote in message
> > news:u9$yzGHXEHA.556@tk2msftngp13.phx.gbl...
> > > thank you so much for the reply
> > >
> > > i have the default dc policy and the default domain policy added to my
> AD
> > > should i delete or remove the default domain policy and just leave the
> one
> > > for DC
> > > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> > > news:%gjDc.97952$2i5.69247@attbi_s52...
> > > > By default there are no user configuration settings defined on Group
> > > Policy when you
> > > > set up a domain. Computer/security policy settings are defined mostly
> in
> > > Local
> > > > Security Policy and Domain Controller Security Policy [mainly user
> rights
> > > > assignments] for domain controllers , while domain policy defining
> > > account/password
> > > > policies. What you are talking about seems to be mostly an issue with
> user
> > > group
> > > > membership in that users need to be administrators on their local
> > > computers to do all
> > > > that you mention [in W2K]. If it suits your needs you can add the
> users
> > > domain
> > > > account to their local administrators or power users group on their
> > > computer. You can
> > > > use "restricted groups" in security policy at the OU level to modify
> the
> > > membership
> > > > of the local administrators/power users groups of computers in the OU.
> > > First I would
> > > > try adding users to the Network Configuration Operators group on their
> > > local
> > > > computers to allow them to manage networking properties and consider
> using
> > > Group
> > > > Policy to publish or assign .msi applications to them before letting
> them
> > > all be
> > > > local administrators. Users usually do cry when they can't clutter up
> > > their computers
> > > > with unathorized applications, file swapping programs, chat programs,
> > > spyware,
> > > > etc. --- Steve
> > > >
> > > >
> > > > "ajay" <jgrace@digitelusa.net> wrote in message
> > > > news:O1f%233O6WEHA.1888@TK2MSFTNGP11.phx.gbl...
> > > > > i want to know is there a way to import a default gp for 2000sever
> into
> > > my
> > > > > new 2003 domain ...reason is that with the default domain gp all my
> wks
> > > are
> > > > > lock down (limited access and right ) and i can not seem to raised
> the
> > > > > level example no permisson to manage netowrk settings, make vpn
> > > > > connections, install applications .......this is what i want in the
> > > future
> > > > > but for now im locking laptops down with the 2003 gp and all my
> users a
> > > > > crying .....please help
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>


Top