RE: AD Policy audit tool for Windows 2000

["Roger A. Grimes" <roger () banneretcs com>]

True, but there are issues if you administrate GPMC for W2K and W2K3
servers from an XP box (and vice-versa), so read up on this in the MS
Knowledgebase. Basically, things that XP supports locally might
overwrite settings made to the server from other GPMC mgmt computers.
Make sure everything is patched and you should be safe.

As an additional safety measure, if I manage servers from an
GPMC-installed console on XP, always do it from there. The problems
start when you switch between creating group policy from XP and server
mgmt computers.  Locally kept information about the server-side group
policies will not be stored on the server, and if GPO's are modified,
created, applied elsewhere, the other mgmt workstations do not have the
information.

Research before you manage servers from XP computers. The whole issue
might be solved now with the latest patches, but it was a bear over the
last few years.

Roger

*****************************************************************
*Roger A. Grimes, InfoWorld, Security Columnist 
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada...
*email: roger_grimes () infoworld com or roger () banneretcs com
*Author of Professional Windows Desktop and Server Hardening (Wrox)
*http://www.amazon.com/gp/product/0764599909
*****************************************************************



-----Original Message-----
From: Raoul Armfield [mailto:armfield () amnh org] 
Sent: Wednesday, May 31, 2006 2:22 PM
To: Koolk3
Cc: jfvanmeter () comcast net; Roger A. Grimes;
security-basics () securityfocus com
Subject: Re: AD Policy audit tool for Windows 2000

I was under the impression that as long as you installed GPMC on a
windows XP computer you could manage the group policy on any domain
controller whether it is 2000 or 2003

--
Raoul Armfield
rarmfield at amnh dot org