Link to home
Start Free TrialLog in
Avatar of AaronDitto
AaronDitto

asked on

Effective Policy Settings???

I've been having issues connecting a specific machine on our network, and giving access to the machine to everyone.   This one machine is the only one on the network that can't be accessed.  Although, it can be seen through the Windows Network, and on our Domain Controller.  I can ping it, and get a response. I've localized the problem to be in the Local Security Settings.

Using "secpol.msc" to access the Local Security Settings, and under the User Rights Assignment Policy, the first Option is  "Access this computer from the network."  

I've tried everything from Authenticated Users\ Administrators\ Service \ and Everyone for the setting, but it only applies to the Local Policy Setting.  Is there a way I can change the "Effective Policy Setting"?  I've noticed on the other machines that this option un Effective Settings is checked for Everyone, But it is grayed out on the machine we can't reach.

How would I go about setting the Effective Policy Setting to Everyone, so that this machine can be accessed on the Network?

Also, the error message that I get when I try to connect to this machine from another is:  "Logon Failure: The user has not been given the requested logon type for this computer."  

Any help would be greatly appreciated.

Aaron Ditto

Avatar of ShineOn
ShineOn
Flag of United States of America image

Just a side comment, no offense intended, and not to be accepted as an answer.

If you are running a Windows network with a Domain, why do you want to do peer-to-peer file sharing? It never ceases to amaze me how many people do not take advantage of having an actual file server on their network, but rather insist on doing peer-to-peer sharing.

Do you have a daily backup of all of your workstations that are sharing files with other folx?

Easy don't make it "right."

End of side comment.  Ignore it if you so desire.
Avatar of AaronDitto
AaronDitto

ASKER

Hahaha...

   I totally share your point. But.....  I'm not needing this for peer-to-peer file sharing. I'm sharing a printer, that needs to be accessed from other people in the building.  :-)  

So...  did you have any helpful information or did you just want to comment?  :-)

Aaron Ditto
I was commenting.  Glad to hear you want to device-share rather than file-share.  If this doesn't get resolved for you here (I have nothing for you in that regard) then:

In my opinion, sharing a local printer is a drag on the local PC's resources.  I never liked doing that, in any environment.  I think everyone would be happier if you threw a JetDirect print server in that area, to make the printer a shared device.  If need be, get a mini-switch to split out your ethernet connection.  All of this stuff is getting so cheap, it's worth it to save the effort and negative effects on the workstation, and you don't have to worry about whether or not someone will shut down the PC that is sharing the printer.  Then you can have your print server control the JetDirect and printer resources centrally, like a Print Server should...

My opinion, again, and you can ignore it if you wish.  


Hmm...


Good point.  We have several print servers, and the printer that needs to be shared is running over TCP/IP connection, so I will just try to use one of the other servers to run the printer instead.  

But , I would still really like to resolve this issue with my machine. Mainly for the educational experience. Because like I said, I've never seen anything like this, and I have no clue on how to fix it. I've looked all over the net, and can't find any other documentation on this error, and how to change the Effective Policy instead of the Local Policy.

Any help?

Aaron Ditto
Hmmm back.  I'll have to think on that a bit.  Some other Expert may have an answer for you before I get back to you...
It would seem that the effective policy is the result of your policy settings and how the order you apply them in.

I am having a similar issue where a ftp site was compromized ( turned into a little hackers pup with amongst other things a full freddy mercury cd colledtion ), anyhow, the admin freaked a little and in a momnet of panic locked the server so tight that no one but admin can log into the FTP. Now, I have to undo it ... same problem, log on localy has a local policy and a effective policy.

Once I solve my problem I will tell you how to solve yours, since I know it's the same thing ( greyed out effective policy ) Just gimme a hour.
suplementary to above :
When working with account policies and user rights assignment, you'll often want to view the effective policy on a local system. The effective policy is the policy being enforced and, the effective policy depends on the order in which you apply the policies.

more :
Effective policy describes the combined local, domain, and organizational unit policies for each setting. This distinction is made because local policy settings can be overwritten by domain or OU policy settings. The order of precedence for policies is from lowest to highest:

• Local Policy
 
• Domain Policy
 
• OU Policy
 

Local Policy has the least precedence and the OU that directly contains the computer has the highest precedence.The effective policy column displays the security policy in effect based on these precedence rules.

More notes to consider :
When you OK the policy change, policy propagation is triggered, which causes an effective policy to be computed (based on any overriding domain or OU policies) and applied to the system. Status regarding this policy propagation is available in the application event log.

Right-click Security Settings (in the left pane), and then click Reload.
Reloading the local policy updates the effective policy in the user interface. Depending on domain or OU policies that are in effect, the effective policy may or may not have changed on your computer.

Ok .. after crawling round Micro$oft sites for a hour I feel like I need a bath ! I dont normaly feel like slaging off some one, but this time I am not sure if I need to blame M$ or the admin.

Anyhow, You have your local policies, that is easy to find, you know how already, but that gets over written by your domain policy (yep, even if the domain policy is set on the same mechene like mine was, a totaly stand alone server ) so console > ad remove snapinz, group policy, DONT JUST OK .... browse ...select domain controllers. Now do your thing, then head back to the previous snap in,  right-click Security Settings (in the left pane), and then click Reload. .... BUT WAIT ( infomercial voice ) THERES MORE ! Even if it's the same stand alone server, there is still the OU policy that could be overiding both the local and domain ! This is the hard one to find ..... *deep breath* Console > add snapz > Group Policy > Browze > All ....and there you should see Default Domain Controllers Policy.

After doing all the ok's , do your changes .... but reloading does actualy not do the trick 4 me .... you need to re-boot ( or maybe wait for policy expiary and automatic reload .... no time ? REBOOT )

Let me know if this help you... it did the trick 4 me.
ASKER CERTIFIED SOLUTION
Avatar of Xorb
Xorb
Flag of South Africa image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I heard your voice Xorb, and I awoke.
Thanks ('',)