Solved

Microsoft Network Server: Digitally sign Communications (always) needs to be Disabled but is Greyed out

Posted on 2004-10-08
7
1,305 Views
Last Modified: 2008-01-09

Hello,

I have a new install with a new HP Server with SBS 2003, The client has purchased a Canon Photocopy / Scanner machine that needs to log in to the network but it cannot. The tech showed me some document that states that "Microsoft Network Server: Digitally sign Communications (always)" needs to be Disabled.

When I go to Group Policy Object Editor and try to edit this value it's greyed out and I cannot edit it.

Please see the URL with a screenshot:

Any ideas on how to edit this greyed out setting?

Somebody told me that I cannot because this setting appears at a higher level and I must edit it there, whatever that means.

Thanks,

Lasareath

http://38.161.195.8/Group%20Policy%20Problem.JPG
0
Comment
Question by:Lasareath
  • 4
  • 3
7 Comments
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 12264853
The different Icon for the policy setting (in the console, not the properties page) that looks like two computers and a scroll means thatthe policy is set at a higher level -likely at the Default Domain Security policy.

You will need to look at the policies this inherits from and change the setting there.

You should be able to type 'gpresult' at a command prompt to see what policies are being applied to this machine and then check those. but like I said it is likely the Default Domain Security policy.

Dave Dietz
0
 

Author Comment

by:Lasareath
ID: 12269078
Ok, Thx Dave, I will be at the Client's site on Monday or Tuesday, I will try it then and let you know.
0
 

Author Comment

by:Lasareath
ID: 12298426
Hi Dave,

Here's a ascii capture of the "gpresult", It's all greek to me, Anything in there that you can see that can help me?

Thx,

Lasareath



Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 10/13/2004 at 10:11:49 AM



RSOP data for CGLAW\administrator on CGLAW-FS1 : Logging Mode
--------------------------------------------------------------

OS Type:                     Microsoft(R) Windows(R) Server 2003 for Small Business Server
OS Configuration:            Primary Domain Controller
OS Version:                  5.2.3790
Terminal Server Mode:        Remote Administration
Site Name:                   Default-First-Site-Name
Roaming Profile:            
Local Profile:               C:\Documents and Settings\Administrator
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
    CN=CGLAW-FS1,OU=Domain Controllers,DC=CGLAW,DC=local
    Last time Group Policy was applied: 10/13/2004 at 10:07:39 AM
    Group Policy was applied from:      cglaw-fs1.CGLAW.local
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        CGLAW
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        Small Business Server Auditing Policy
        Default Domain Controllers Policy
        Small Business Server Client Computer
        Small Business Server Remote Assistance Policy
        Small Business Server Lockout Policy
        Small Business Server Domain Password Policy
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Small Business Server Internet Connection Firewall
            Filtering:  Denied (WMI Filter)
            WMI Filter: PreSP2

        Local Group Policy
            Filtering:  Not Applied (Empty)

        Small Business Server Windows Firewall
            Filtering:  Denied (WMI Filter)
            WMI Filter: PostSP2

    The computer is a part of the following security groups
    -------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        BUILTIN\Users
        BUILTIN\Pre-Windows 2000 Compatible Access
        Windows Authorization Access Group
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        This Organization
        CGLAW-FS1$
        Domain Controllers
        Exchange Domain Servers
        NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
        Exchange Enterprise Servers
       

USER SETTINGS
--------------
    CN=Administrator,CN=Users,DC=CGLAW,DC=local
    Last time Group Policy was applied: 10/13/2004 at 9:16:46 AM
    Group Policy was applied from:      cglaw-fs1.CGLAW.local
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        CGLAW
    Domain Type:                        Windows 2000
   
    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Small Business Server Internet Connection Firewall
            Filtering:  Denied (WMI Filter)
            WMI Filter: PreSP2

        Small Business Server Lockout Policy
            Filtering:  Disabled (GPO)

        Small Business Server Client Computer
            Filtering:  Not Applied (Empty)

        Small Business Server Remote Assistance Policy
            Filtering:  Disabled (GPO)

        Local Group Policy
            Filtering:  Not Applied (Empty)

        Small Business Server Windows Firewall
            Filtering:  Denied (WMI Filter)
            WMI Filter: PostSP2

        Small Business Server Domain Password Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Administrators
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        This Organization
        LOCAL
        Group Policy Creator Owners
        Domain Admins
        Software Distribution Users
        CGUSERS
        Schema Admins
        Enterprise Admins
        SBS Report Users
        SBS Mobile Users
       
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 12299755
It's got to be in one of these policies:

Small Business Server Auditing Policy
Default Domain Controllers Policy
Small Business Server Client Computer
Small Business Server Remote Assistance Policy
Small Business Server Lockout Policy
Small Business Server Domain Password Policy
Default Domain Policy

Best bet is the Default Domain Policy.

You will need to access a Domain Controller and look at the settings in the Defult Domain Policy.  The setting you are looking for is likely defined there and will either need to be set to the appropriate settings for the traget machine, or better yet, set to undefined so that it can be set locally at each machine.

Dave Dietz
0
 

Author Comment

by:Lasareath
ID: 12373109
Hey Dave,

Wow!!, I'm just too confused :(, I did run gpedit.msc and I found it greyed out still.

I did find an editable Microsoft Network Server: Digitally sign Communications, and I set it to disable

But if I run gpedit.msc it's still greyed out and enabled

I did a gpupdate /force and restarted the server with no luck either

Any other toughts?

Thanks,

Lasareath
0
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 500 total points
ID: 12373499
Which policy did you find the editable setting in?

Dave Dietz
0
 

Author Comment

by:Lasareath
ID: 12374520
Hey Dave,

I did some more searching through EE and found somebody who had a similar problem as me and they used GPMC.msc to disable any group policys.

Within this app I was able to see all levels of the poily I needed to disable and I just disabled every single one and rebooted and woolaa it's disabled now!!

Thanks!!!

Lasareath
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now