Solved

Effective Policy Settings???

Posted on 2003-12-03
14
2,294 Views
Last Modified: 2007-12-19
I've been having issues connecting a specific machine on our network, and giving access to the machine to everyone.   This one machine is the only one on the network that can't be accessed.  Although, it can be seen through the Windows Network, and on our Domain Controller.  I can ping it, and get a response. I've localized the problem to be in the Local Security Settings.

Using "secpol.msc" to access the Local Security Settings, and under the User Rights Assignment Policy, the first Option is  "Access this computer from the network."  

I've tried everything from Authenticated Users\ Administrators\ Service \ and Everyone for the setting, but it only applies to the Local Policy Setting.  Is there a way I can change the "Effective Policy Setting"?  I've noticed on the other machines that this option un Effective Settings is checked for Everyone, But it is grayed out on the machine we can't reach.

How would I go about setting the Effective Policy Setting to Everyone, so that this machine can be accessed on the Network?

Also, the error message that I get when I try to connect to this machine from another is:  "Logon Failure: The user has not been given the requested logon type for this computer."  

Any help would be greatly appreciated.

Aaron Ditto

0
Comment
Question by:AaronDitto
  • 6
  • 3
  • 3
14 Comments
 
LVL 35

Expert Comment

by:ShineOn
ID: 9870050
Just a side comment, no offense intended, and not to be accepted as an answer.

If you are running a Windows network with a Domain, why do you want to do peer-to-peer file sharing? It never ceases to amaze me how many people do not take advantage of having an actual file server on their network, but rather insist on doing peer-to-peer sharing.

Do you have a daily backup of all of your workstations that are sharing files with other folx?

Easy don't make it "right."

End of side comment.  Ignore it if you so desire.
0
 

Author Comment

by:AaronDitto
ID: 9870248
Hahaha...

   I totally share your point. But.....  I'm not needing this for peer-to-peer file sharing. I'm sharing a printer, that needs to be accessed from other people in the building.  :-)  

So...  did you have any helpful information or did you just want to comment?  :-)

Aaron Ditto
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9870354
I was commenting.  Glad to hear you want to device-share rather than file-share.  If this doesn't get resolved for you here (I have nothing for you in that regard) then:

In my opinion, sharing a local printer is a drag on the local PC's resources.  I never liked doing that, in any environment.  I think everyone would be happier if you threw a JetDirect print server in that area, to make the printer a shared device.  If need be, get a mini-switch to split out your ethernet connection.  All of this stuff is getting so cheap, it's worth it to save the effort and negative effects on the workstation, and you don't have to worry about whether or not someone will shut down the PC that is sharing the printer.  Then you can have your print server control the JetDirect and printer resources centrally, like a Print Server should...

My opinion, again, and you can ignore it if you wish.  
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:AaronDitto
ID: 9870519


Hmm...


Good point.  We have several print servers, and the printer that needs to be shared is running over TCP/IP connection, so I will just try to use one of the other servers to run the printer instead.  

But , I would still really like to resolve this issue with my machine. Mainly for the educational experience. Because like I said, I've never seen anything like this, and I have no clue on how to fix it. I've looked all over the net, and can't find any other documentation on this error, and how to change the Effective Policy instead of the Local Policy.

Any help?

Aaron Ditto
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9873061
Hmmm back.  I'll have to think on that a bit.  Some other Expert may have an answer for you before I get back to you...
0
 
LVL 2

Expert Comment

by:Xorb
ID: 10705067
It would seem that the effective policy is the result of your policy settings and how the order you apply them in.

I am having a similar issue where a ftp site was compromized ( turned into a little hackers pup with amongst other things a full freddy mercury cd colledtion ), anyhow, the admin freaked a little and in a momnet of panic locked the server so tight that no one but admin can log into the FTP. Now, I have to undo it ... same problem, log on localy has a local policy and a effective policy.

Once I solve my problem I will tell you how to solve yours, since I know it's the same thing ( greyed out effective policy ) Just gimme a hour.
0
 
LVL 2

Expert Comment

by:Xorb
ID: 10705083
suplementary to above :
When working with account policies and user rights assignment, you'll often want to view the effective policy on a local system. The effective policy is the policy being enforced and, the effective policy depends on the order in which you apply the policies.

0
 
LVL 2

Expert Comment

by:Xorb
ID: 10705099
more :
Effective policy describes the combined local, domain, and organizational unit policies for each setting. This distinction is made because local policy settings can be overwritten by domain or OU policy settings. The order of precedence for policies is from lowest to highest:

• Local Policy
 
• Domain Policy
 
• OU Policy
 

Local Policy has the least precedence and the OU that directly contains the computer has the highest precedence.The effective policy column displays the security policy in effect based on these precedence rules.

0
 
LVL 2

Expert Comment

by:Xorb
ID: 10705677
More notes to consider :
When you OK the policy change, policy propagation is triggered, which causes an effective policy to be computed (based on any overriding domain or OU policies) and applied to the system. Status regarding this policy propagation is available in the application event log.

Right-click Security Settings (in the left pane), and then click Reload.
Reloading the local policy updates the effective policy in the user interface. Depending on domain or OU policies that are in effect, the effective policy may or may not have changed on your computer.

Ok .. after crawling round Micro$oft sites for a hour I feel like I need a bath ! I dont normaly feel like slaging off some one, but this time I am not sure if I need to blame M$ or the admin.

Anyhow, You have your local policies, that is easy to find, you know how already, but that gets over written by your domain policy (yep, even if the domain policy is set on the same mechene like mine was, a totaly stand alone server ) so console > ad remove snapinz, group policy, DONT JUST OK .... browse ...select domain controllers. Now do your thing, then head back to the previous snap in,  right-click Security Settings (in the left pane), and then click Reload. .... BUT WAIT ( infomercial voice ) THERES MORE ! Even if it's the same stand alone server, there is still the OU policy that could be overiding both the local and domain ! This is the hard one to find ..... *deep breath* Console > add snapz > Group Policy > Browze > All ....and there you should see Default Domain Controllers Policy.

After doing all the ok's , do your changes .... but reloading does actualy not do the trick 4 me .... you need to re-boot ( or maybe wait for policy expiary and automatic reload .... no time ? REBOOT )

Let me know if this help you... it did the trick 4 me.
0
 
LVL 2

Accepted Solution

by:
Xorb earned 125 total points
ID: 12366746
I seem to have been the only one to even atempt giving a solution .... though we'll never know if it was the solution @ all ( unless AaronDitto wakes up )
0
 

Author Comment

by:AaronDitto
ID: 12429783
I heard your voice Xorb, and I awoke.
0
 
LVL 2

Expert Comment

by:Xorb
ID: 12430609
Thanks ('',)
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question