Solved

Effective Policy Settings???

Posted on 2003-12-03
14
2,282 Views
Last Modified: 2007-12-19
I've been having issues connecting a specific machine on our network, and giving access to the machine to everyone.   This one machine is the only one on the network that can't be accessed.  Although, it can be seen through the Windows Network, and on our Domain Controller.  I can ping it, and get a response. I've localized the problem to be in the Local Security Settings.

Using "secpol.msc" to access the Local Security Settings, and under the User Rights Assignment Policy, the first Option is  "Access this computer from the network."  

I've tried everything from Authenticated Users\ Administrators\ Service \ and Everyone for the setting, but it only applies to the Local Policy Setting.  Is there a way I can change the "Effective Policy Setting"?  I've noticed on the other machines that this option un Effective Settings is checked for Everyone, But it is grayed out on the machine we can't reach.

How would I go about setting the Effective Policy Setting to Everyone, so that this machine can be accessed on the Network?

Also, the error message that I get when I try to connect to this machine from another is:  "Logon Failure: The user has not been given the requested logon type for this computer."  

Any help would be greatly appreciated.

Aaron Ditto

0
Comment
Question by:AaronDitto
  • 6
  • 3
  • 3
14 Comments
 
LVL 35

Expert Comment

by:ShineOn
Comment Utility
Just a side comment, no offense intended, and not to be accepted as an answer.

If you are running a Windows network with a Domain, why do you want to do peer-to-peer file sharing? It never ceases to amaze me how many people do not take advantage of having an actual file server on their network, but rather insist on doing peer-to-peer sharing.

Do you have a daily backup of all of your workstations that are sharing files with other folx?

Easy don't make it "right."

End of side comment.  Ignore it if you so desire.
0
 

Author Comment

by:AaronDitto
Comment Utility
Hahaha...

   I totally share your point. But.....  I'm not needing this for peer-to-peer file sharing. I'm sharing a printer, that needs to be accessed from other people in the building.  :-)  

So...  did you have any helpful information or did you just want to comment?  :-)

Aaron Ditto
0
 
LVL 35

Expert Comment

by:ShineOn
Comment Utility
I was commenting.  Glad to hear you want to device-share rather than file-share.  If this doesn't get resolved for you here (I have nothing for you in that regard) then:

In my opinion, sharing a local printer is a drag on the local PC's resources.  I never liked doing that, in any environment.  I think everyone would be happier if you threw a JetDirect print server in that area, to make the printer a shared device.  If need be, get a mini-switch to split out your ethernet connection.  All of this stuff is getting so cheap, it's worth it to save the effort and negative effects on the workstation, and you don't have to worry about whether or not someone will shut down the PC that is sharing the printer.  Then you can have your print server control the JetDirect and printer resources centrally, like a Print Server should...

My opinion, again, and you can ignore it if you wish.  
0
 

Author Comment

by:AaronDitto
Comment Utility


Hmm...


Good point.  We have several print servers, and the printer that needs to be shared is running over TCP/IP connection, so I will just try to use one of the other servers to run the printer instead.  

But , I would still really like to resolve this issue with my machine. Mainly for the educational experience. Because like I said, I've never seen anything like this, and I have no clue on how to fix it. I've looked all over the net, and can't find any other documentation on this error, and how to change the Effective Policy instead of the Local Policy.

Any help?

Aaron Ditto
0
 
LVL 35

Expert Comment

by:ShineOn
Comment Utility
Hmmm back.  I'll have to think on that a bit.  Some other Expert may have an answer for you before I get back to you...
0
 
LVL 2

Expert Comment

by:Xorb
Comment Utility
It would seem that the effective policy is the result of your policy settings and how the order you apply them in.

I am having a similar issue where a ftp site was compromized ( turned into a little hackers pup with amongst other things a full freddy mercury cd colledtion ), anyhow, the admin freaked a little and in a momnet of panic locked the server so tight that no one but admin can log into the FTP. Now, I have to undo it ... same problem, log on localy has a local policy and a effective policy.

Once I solve my problem I will tell you how to solve yours, since I know it's the same thing ( greyed out effective policy ) Just gimme a hour.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 2

Expert Comment

by:Xorb
Comment Utility
suplementary to above :
When working with account policies and user rights assignment, you'll often want to view the effective policy on a local system. The effective policy is the policy being enforced and, the effective policy depends on the order in which you apply the policies.

0
 
LVL 2

Expert Comment

by:Xorb
Comment Utility
more :
Effective policy describes the combined local, domain, and organizational unit policies for each setting. This distinction is made because local policy settings can be overwritten by domain or OU policy settings. The order of precedence for policies is from lowest to highest:

• Local Policy
 
• Domain Policy
 
• OU Policy
 

Local Policy has the least precedence and the OU that directly contains the computer has the highest precedence.The effective policy column displays the security policy in effect based on these precedence rules.

0
 
LVL 2

Expert Comment

by:Xorb
Comment Utility
More notes to consider :
When you OK the policy change, policy propagation is triggered, which causes an effective policy to be computed (based on any overriding domain or OU policies) and applied to the system. Status regarding this policy propagation is available in the application event log.

Right-click Security Settings (in the left pane), and then click Reload.
Reloading the local policy updates the effective policy in the user interface. Depending on domain or OU policies that are in effect, the effective policy may or may not have changed on your computer.

Ok .. after crawling round Micro$oft sites for a hour I feel like I need a bath ! I dont normaly feel like slaging off some one, but this time I am not sure if I need to blame M$ or the admin.

Anyhow, You have your local policies, that is easy to find, you know how already, but that gets over written by your domain policy (yep, even if the domain policy is set on the same mechene like mine was, a totaly stand alone server ) so console > ad remove snapinz, group policy, DONT JUST OK .... browse ...select domain controllers. Now do your thing, then head back to the previous snap in,  right-click Security Settings (in the left pane), and then click Reload. .... BUT WAIT ( infomercial voice ) THERES MORE ! Even if it's the same stand alone server, there is still the OU policy that could be overiding both the local and domain ! This is the hard one to find ..... *deep breath* Console > add snapz > Group Policy > Browze > All ....and there you should see Default Domain Controllers Policy.

After doing all the ok's , do your changes .... but reloading does actualy not do the trick 4 me .... you need to re-boot ( or maybe wait for policy expiary and automatic reload .... no time ? REBOOT )

Let me know if this help you... it did the trick 4 me.
0
 
LVL 2

Accepted Solution

by:
Xorb earned 125 total points
Comment Utility
I seem to have been the only one to even atempt giving a solution .... though we'll never know if it was the solution @ all ( unless AaronDitto wakes up )
0
 

Author Comment

by:AaronDitto
Comment Utility
I heard your voice Xorb, and I awoke.
0
 
LVL 2

Expert Comment

by:Xorb
Comment Utility
Thanks ('',)
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

I was recently sitting at a desk at work with one of my colleagues and needed some information on my home computer. He watched as I turned on my home computer, established a remote session into it, got the information I needed and then shut it down …
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now