Security Basics mailing list archives
RE: AD Policy audit tool for Windows 2000
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Wed, 31 May 2006 14:57:07 -0400
True, but there are issues if you administrate GPMC for W2K and W2K3 servers from an XP box (and vice-versa), so read up on this in the MS Knowledgebase. Basically, things that XP supports locally might overwrite settings made to the server from other GPMC mgmt computers. Make sure everything is patched and you should be safe. As an additional safety measure, if I manage servers from an GPMC-installed console on XP, always do it from there. The problems start when you switch between creating group policy from XP and server mgmt computers. Locally kept information about the server-side group policies will not be stored on the server, and if GPO's are modified, created, applied elsewhere, the other mgmt workstations do not have the information. Research before you manage servers from XP computers. The whole issue might be solved now with the latest patches, but it was a bear over the last few years. Roger ***************************************************************** *Roger A. Grimes, InfoWorld, Security Columnist *CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada... *email: roger_grimes () infoworld com or roger () banneretcs com *Author of Professional Windows Desktop and Server Hardening (Wrox) *http://www.amazon.com/gp/product/0764599909 ***************************************************************** -----Original Message----- From: Raoul Armfield [mailto:armfield () amnh org] Sent: Wednesday, May 31, 2006 2:22 PM To: Koolk3 Cc: jfvanmeter () comcast net; Roger A. Grimes; security-basics () securityfocus com Subject: Re: AD Policy audit tool for Windows 2000 I was under the impression that as long as you installed GPMC on a windows XP computer you could manage the group policy on any domain controller whether it is 2000 or 2003 -- Raoul Armfield rarmfield at amnh dot org
Current thread:
- RE: AD Policy audit tool for Windows 2000 Roger Onken (Jun 01)
- <Possible follow-ups>
- Re: AD Policy audit tool for Windows 2000 Raoul Armfield (Jun 01)
- RE: AD Policy audit tool for Windows 2000 Roger A. Grimes (Jun 01)
- RE: AD Policy audit tool for Windows 2000 Steven Lundberg (Jun 01)
- RE: AD Policy audit tool for Windows 2000 Roger A. Grimes (Jun 02)