[Search for users]
[Overall Top Noters]
[List of all Conferences]
[Download this site]
| Title: | Windows NT |
| Notice: | See note 15.0 for HCL location |
| Moderator: | TARKIN::LIN�.com::FOLEY |
|
| Created: | Thu Oct 31 1991 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 6086 |
| Total number of notes: | 31449 |
I have a customer with 8-10k users on a distributed network of about 6 domains
with
trust relationships established between them all. In one domain there is a PDC
and
a BDC serving 1k users or so, 95% of which are members of a group 'students'
among
other groups.
I'm trying to implement a group based policy using the netlogon served
'ntconfig.pol'
configured with specific restrictions on the group 'students' but no changes
to
default user or machine settings. Although each user has a login script, a
roaming
profile, and a home directory defined on the server, the only place I can get
the
profile to stick to a user (and take affect) is with the user logging on to
the PDC.
On any of the workstations (nt4 ws sp2), the profiles work, the home dir's
work, and
the login scripts work, but the policies are ignored.
I've set this up at home and in the office, and cant get it to fail, but
setting it
up on site, I cant get it to work :-)
Any pointers to overrides that might cause policies not to be seen, or known
problems, or tools to allow monitoring of the login process more analytically
than
watching 'it happen' (ie logs of what is done with profile, policy, script
etc.)
or any other hints would be appreciated.
ta ...Rob
[Posted by WWW Notes gateway]
| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 5721.1 | | CSC32::K_MEADOWS | | Thu Feb 20 1997 05:17 | 8 |
|
One way is to set up auditing on the ntconfig.pol file and maybe the
netlogon directory to see if the user is even trying to access the file.
According to MS, the ntconfig.pol will come from the user's logon
domain, not the computer domain so if you have the multiple domain
configuration with one system that has all the accounts, that is where
the ntconfig.pol should reside.
|
| 5721.2 | Re .1 | NETRIX::"[email protected]" | Rob | Thu Feb 20 1997 15:52 | 20 |
|
Did I mention it's a FAT filesystem on the PDC/BDC ?
I raised the suggestion of running NTFS on the system partition,
but the customer was clear on the fact they didnt want NTFS ...
My next option was using tcpdump to follow the logon sequence,
at a packet level, but I was interested in following an easier
path if one existed :-)
In the call I logged with Microsoft, they informed me that SP2
for NT4 fixed this exact problem .... hmmm one wonders if the
ntconfig.pol and ntconfig.pol.txt both looking like the same file
in explorer (the .txt doesnt show) is causing a strange problem
that manifests only on a FATFS ...
Thanks ...
Rob
[Posted by WWW Notes gateway]
|