?
Solved

Effective Policy Settings???

Posted on 2003-12-03
14
Medium Priority
?
2,312 Views
Last Modified: 2007-12-19
I've been having issues connecting a specific machine on our network, and giving access to the machine to everyone.   This one machine is the only one on the network that can't be accessed.  Although, it can be seen through the Windows Network, and on our Domain Controller.  I can ping it, and get a response. I've localized the problem to be in the Local Security Settings.

Using "secpol.msc" to access the Local Security Settings, and under the User Rights Assignment Policy, the first Option is  "Access this computer from the network."  

I've tried everything from Authenticated Users\ Administrators\ Service \ and Everyone for the setting, but it only applies to the Local Policy Setting.  Is there a way I can change the "Effective Policy Setting"?  I've noticed on the other machines that this option un Effective Settings is checked for Everyone, But it is grayed out on the machine we can't reach.

How would I go about setting the Effective Policy Setting to Everyone, so that this machine can be accessed on the Network?

Also, the error message that I get when I try to connect to this machine from another is:  "Logon Failure: The user has not been given the requested logon type for this computer."  

Any help would be greatly appreciated.

Aaron Ditto

0
Comment
Question by:AaronDitto
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 3
14 Comments
 
LVL 35

Expert Comment

by:ShineOn
ID: 9870050
Just a side comment, no offense intended, and not to be accepted as an answer.

If you are running a Windows network with a Domain, why do you want to do peer-to-peer file sharing? It never ceases to amaze me how many people do not take advantage of having an actual file server on their network, but rather insist on doing peer-to-peer sharing.

Do you have a daily backup of all of your workstations that are sharing files with other folx?

Easy don't make it "right."

End of side comment.  Ignore it if you so desire.
0
 

Author Comment

by:AaronDitto
ID: 9870248
Hahaha...

   I totally share your point. But.....  I'm not needing this for peer-to-peer file sharing. I'm sharing a printer, that needs to be accessed from other people in the building.  :-)  

So...  did you have any helpful information or did you just want to comment?  :-)

Aaron Ditto
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9870354
I was commenting.  Glad to hear you want to device-share rather than file-share.  If this doesn't get resolved for you here (I have nothing for you in that regard) then:

In my opinion, sharing a local printer is a drag on the local PC's resources.  I never liked doing that, in any environment.  I think everyone would be happier if you threw a JetDirect print server in that area, to make the printer a shared device.  If need be, get a mini-switch to split out your ethernet connection.  All of this stuff is getting so cheap, it's worth it to save the effort and negative effects on the workstation, and you don't have to worry about whether or not someone will shut down the PC that is sharing the printer.  Then you can have your print server control the JetDirect and printer resources centrally, like a Print Server should...

My opinion, again, and you can ignore it if you wish.  
0
Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

 

Author Comment

by:AaronDitto
ID: 9870519


Hmm...


Good point.  We have several print servers, and the printer that needs to be shared is running over TCP/IP connection, so I will just try to use one of the other servers to run the printer instead.  

But , I would still really like to resolve this issue with my machine. Mainly for the educational experience. Because like I said, I've never seen anything like this, and I have no clue on how to fix it. I've looked all over the net, and can't find any other documentation on this error, and how to change the Effective Policy instead of the Local Policy.

Any help?

Aaron Ditto
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9873061
Hmmm back.  I'll have to think on that a bit.  Some other Expert may have an answer for you before I get back to you...
0
 
LVL 2

Expert Comment

by:Xorb
ID: 10705067
It would seem that the effective policy is the result of your policy settings and how the order you apply them in.

I am having a similar issue where a ftp site was compromized ( turned into a little hackers pup with amongst other things a full freddy mercury cd colledtion ), anyhow, the admin freaked a little and in a momnet of panic locked the server so tight that no one but admin can log into the FTP. Now, I have to undo it ... same problem, log on localy has a local policy and a effective policy.

Once I solve my problem I will tell you how to solve yours, since I know it's the same thing ( greyed out effective policy ) Just gimme a hour.
0
 
LVL 2

Expert Comment

by:Xorb
ID: 10705083
suplementary to above :
When working with account policies and user rights assignment, you'll often want to view the effective policy on a local system. The effective policy is the policy being enforced and, the effective policy depends on the order in which you apply the policies.

0
 
LVL 2

Expert Comment

by:Xorb
ID: 10705099
more :
Effective policy describes the combined local, domain, and organizational unit policies for each setting. This distinction is made because local policy settings can be overwritten by domain or OU policy settings. The order of precedence for policies is from lowest to highest:

• Local Policy
 
• Domain Policy
 
• OU Policy
 

Local Policy has the least precedence and the OU that directly contains the computer has the highest precedence.The effective policy column displays the security policy in effect based on these precedence rules.

0
 
LVL 2

Expert Comment

by:Xorb
ID: 10705677
More notes to consider :
When you OK the policy change, policy propagation is triggered, which causes an effective policy to be computed (based on any overriding domain or OU policies) and applied to the system. Status regarding this policy propagation is available in the application event log.

Right-click Security Settings (in the left pane), and then click Reload.
Reloading the local policy updates the effective policy in the user interface. Depending on domain or OU policies that are in effect, the effective policy may or may not have changed on your computer.

Ok .. after crawling round Micro$oft sites for a hour I feel like I need a bath ! I dont normaly feel like slaging off some one, but this time I am not sure if I need to blame M$ or the admin.

Anyhow, You have your local policies, that is easy to find, you know how already, but that gets over written by your domain policy (yep, even if the domain policy is set on the same mechene like mine was, a totaly stand alone server ) so console > ad remove snapinz, group policy, DONT JUST OK .... browse ...select domain controllers. Now do your thing, then head back to the previous snap in,  right-click Security Settings (in the left pane), and then click Reload. .... BUT WAIT ( infomercial voice ) THERES MORE ! Even if it's the same stand alone server, there is still the OU policy that could be overiding both the local and domain ! This is the hard one to find ..... *deep breath* Console > add snapz > Group Policy > Browze > All ....and there you should see Default Domain Controllers Policy.

After doing all the ok's , do your changes .... but reloading does actualy not do the trick 4 me .... you need to re-boot ( or maybe wait for policy expiary and automatic reload .... no time ? REBOOT )

Let me know if this help you... it did the trick 4 me.
0
 
LVL 2

Accepted Solution

by:
Xorb earned 500 total points
ID: 12366746
I seem to have been the only one to even atempt giving a solution .... though we'll never know if it was the solution @ all ( unless AaronDitto wakes up )
0
 

Author Comment

by:AaronDitto
ID: 12429783
I heard your voice Xorb, and I awoke.
0
 
LVL 2

Expert Comment

by:Xorb
ID: 12430609
Thanks ('',)
0

Featured Post

ATEN's HDBaseT Presentation at InfoComm 2017

Hear ATEN Product Manager YT Liang review HDBaseT technology, highlighting ATEN’s latest solutions as they relate to real-world applications during her presentation at the HDBaseT booth at InfoComm 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question