Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Microsoft Network Server: Digitally sign Communications (always) needs to be Disabled but is Greyed out

Posted on 2004-10-08
7
1,332 Views
Last Modified: 2008-01-09

Hello,

I have a new install with a new HP Server with SBS 2003, The client has purchased a Canon Photocopy / Scanner machine that needs to log in to the network but it cannot. The tech showed me some document that states that "Microsoft Network Server: Digitally sign Communications (always)" needs to be Disabled.

When I go to Group Policy Object Editor and try to edit this value it's greyed out and I cannot edit it.

Please see the URL with a screenshot:

Any ideas on how to edit this greyed out setting?

Somebody told me that I cannot because this setting appears at a higher level and I must edit it there, whatever that means.

Thanks,

Lasareath

http://38.161.195.8/Group%20Policy%20Problem.JPG 
0
Comment
Question by:Lasareath
  • 4
  • 3
7 Comments
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 12264853
The different Icon for the policy setting (in the console, not the properties page) that looks like two computers and a scroll means thatthe policy is set at a higher level -likely at the Default Domain Security policy.

You will need to look at the policies this inherits from and change the setting there.

You should be able to type 'gpresult' at a command prompt to see what policies are being applied to this machine and then check those. but like I said it is likely the Default Domain Security policy.

Dave Dietz
0
 

Author Comment

by:Lasareath
ID: 12269078
Ok, Thx Dave, I will be at the Client's site on Monday or Tuesday, I will try it then and let you know.
0
 

Author Comment

by:Lasareath
ID: 12298426
Hi Dave,

Here's a ascii capture of the "gpresult", It's all greek to me, Anything in there that you can see that can help me?

Thx,

Lasareath



Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 10/13/2004 at 10:11:49 AM



RSOP data for CGLAW\administrator on CGLAW-FS1 : Logging Mode
--------------------------------------------------------------

OS Type:                     Microsoft(R) Windows(R) Server 2003 for Small Business Server
OS Configuration:            Primary Domain Controller
OS Version:                  5.2.3790
Terminal Server Mode:        Remote Administration
Site Name:                   Default-First-Site-Name
Roaming Profile:            
Local Profile:               C:\Documents and Settings\Administrator
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
    CN=CGLAW-FS1,OU=Domain Controllers,DC=CGLAW,DC=local
    Last time Group Policy was applied: 10/13/2004 at 10:07:39 AM
    Group Policy was applied from:      cglaw-fs1.CGLAW.local
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        CGLAW
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        Small Business Server Auditing Policy
        Default Domain Controllers Policy
        Small Business Server Client Computer
        Small Business Server Remote Assistance Policy
        Small Business Server Lockout Policy
        Small Business Server Domain Password Policy
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Small Business Server Internet Connection Firewall
            Filtering:  Denied (WMI Filter)
            WMI Filter: PreSP2

        Local Group Policy
            Filtering:  Not Applied (Empty)

        Small Business Server Windows Firewall
            Filtering:  Denied (WMI Filter)
            WMI Filter: PostSP2

    The computer is a part of the following security groups
    -------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        BUILTIN\Users
        BUILTIN\Pre-Windows 2000 Compatible Access
        Windows Authorization Access Group
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        This Organization
        CGLAW-FS1$
        Domain Controllers
        Exchange Domain Servers
        NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
        Exchange Enterprise Servers
       

USER SETTINGS
--------------
    CN=Administrator,CN=Users,DC=CGLAW,DC=local
    Last time Group Policy was applied: 10/13/2004 at 9:16:46 AM
    Group Policy was applied from:      cglaw-fs1.CGLAW.local
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        CGLAW
    Domain Type:                        Windows 2000
   
    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Small Business Server Internet Connection Firewall
            Filtering:  Denied (WMI Filter)
            WMI Filter: PreSP2

        Small Business Server Lockout Policy
            Filtering:  Disabled (GPO)

        Small Business Server Client Computer
            Filtering:  Not Applied (Empty)

        Small Business Server Remote Assistance Policy
            Filtering:  Disabled (GPO)

        Local Group Policy
            Filtering:  Not Applied (Empty)

        Small Business Server Windows Firewall
            Filtering:  Denied (WMI Filter)
            WMI Filter: PostSP2

        Small Business Server Domain Password Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Administrators
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        This Organization
        LOCAL
        Group Policy Creator Owners
        Domain Admins
        Software Distribution Users
        CGUSERS
        Schema Admins
        Enterprise Admins
        SBS Report Users
        SBS Mobile Users
       
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 12299755
It's got to be in one of these policies:

Small Business Server Auditing Policy
Default Domain Controllers Policy
Small Business Server Client Computer
Small Business Server Remote Assistance Policy
Small Business Server Lockout Policy
Small Business Server Domain Password Policy
Default Domain Policy

Best bet is the Default Domain Policy.

You will need to access a Domain Controller and look at the settings in the Defult Domain Policy.  The setting you are looking for is likely defined there and will either need to be set to the appropriate settings for the traget machine, or better yet, set to undefined so that it can be set locally at each machine.

Dave Dietz
0
 

Author Comment

by:Lasareath
ID: 12373109
Hey Dave,

Wow!!, I'm just too confused :(, I did run gpedit.msc and I found it greyed out still.

I did find an editable Microsoft Network Server: Digitally sign Communications, and I set it to disable

But if I run gpedit.msc it's still greyed out and enabled

I did a gpupdate /force and restarted the server with no luck either

Any other toughts?

Thanks,

Lasareath
0
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 500 total points
ID: 12373499
Which policy did you find the editable setting in?

Dave Dietz
0
 

Author Comment

by:Lasareath
ID: 12374520
Hey Dave,

I did some more searching through EE and found somebody who had a similar problem as me and they used GPMC.msc to disable any group policys.

Within this app I was able to see all levels of the poily I needed to disable and I just disabled every single one and rebooted and woolaa it's disabled now!!

Thanks!!!

Lasareath
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question