?
Solved

Microsoft Network Server: Digitally sign Communications (always) needs to be Disabled but is Greyed out

Posted on 2004-10-08
7
Medium Priority
?
1,382 Views
Last Modified: 2008-01-09

Hello,

I have a new install with a new HP Server with SBS 2003, The client has purchased a Canon Photocopy / Scanner machine that needs to log in to the network but it cannot. The tech showed me some document that states that "Microsoft Network Server: Digitally sign Communications (always)" needs to be Disabled.

When I go to Group Policy Object Editor and try to edit this value it's greyed out and I cannot edit it.

Please see the URL with a screenshot:

Any ideas on how to edit this greyed out setting?

Somebody told me that I cannot because this setting appears at a higher level and I must edit it there, whatever that means.

Thanks,

Lasareath

http://38.161.195.8/Group%20Policy%20Problem.JPG 
0
Comment
Question by:Lasareath
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 12264853
The different Icon for the policy setting (in the console, not the properties page) that looks like two computers and a scroll means thatthe policy is set at a higher level -likely at the Default Domain Security policy.

You will need to look at the policies this inherits from and change the setting there.

You should be able to type 'gpresult' at a command prompt to see what policies are being applied to this machine and then check those. but like I said it is likely the Default Domain Security policy.

Dave Dietz
0
 

Author Comment

by:Lasareath
ID: 12269078
Ok, Thx Dave, I will be at the Client's site on Monday or Tuesday, I will try it then and let you know.
0
 

Author Comment

by:Lasareath
ID: 12298426
Hi Dave,

Here's a ascii capture of the "gpresult", It's all greek to me, Anything in there that you can see that can help me?

Thx,

Lasareath



Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 10/13/2004 at 10:11:49 AM



RSOP data for CGLAW\administrator on CGLAW-FS1 : Logging Mode
--------------------------------------------------------------

OS Type:                     Microsoft(R) Windows(R) Server 2003 for Small Business Server
OS Configuration:            Primary Domain Controller
OS Version:                  5.2.3790
Terminal Server Mode:        Remote Administration
Site Name:                   Default-First-Site-Name
Roaming Profile:            
Local Profile:               C:\Documents and Settings\Administrator
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
    CN=CGLAW-FS1,OU=Domain Controllers,DC=CGLAW,DC=local
    Last time Group Policy was applied: 10/13/2004 at 10:07:39 AM
    Group Policy was applied from:      cglaw-fs1.CGLAW.local
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        CGLAW
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        Small Business Server Auditing Policy
        Default Domain Controllers Policy
        Small Business Server Client Computer
        Small Business Server Remote Assistance Policy
        Small Business Server Lockout Policy
        Small Business Server Domain Password Policy
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Small Business Server Internet Connection Firewall
            Filtering:  Denied (WMI Filter)
            WMI Filter: PreSP2

        Local Group Policy
            Filtering:  Not Applied (Empty)

        Small Business Server Windows Firewall
            Filtering:  Denied (WMI Filter)
            WMI Filter: PostSP2

    The computer is a part of the following security groups
    -------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        BUILTIN\Users
        BUILTIN\Pre-Windows 2000 Compatible Access
        Windows Authorization Access Group
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        This Organization
        CGLAW-FS1$
        Domain Controllers
        Exchange Domain Servers
        NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
        Exchange Enterprise Servers
       

USER SETTINGS
--------------
    CN=Administrator,CN=Users,DC=CGLAW,DC=local
    Last time Group Policy was applied: 10/13/2004 at 9:16:46 AM
    Group Policy was applied from:      cglaw-fs1.CGLAW.local
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        CGLAW
    Domain Type:                        Windows 2000
   
    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Small Business Server Internet Connection Firewall
            Filtering:  Denied (WMI Filter)
            WMI Filter: PreSP2

        Small Business Server Lockout Policy
            Filtering:  Disabled (GPO)

        Small Business Server Client Computer
            Filtering:  Not Applied (Empty)

        Small Business Server Remote Assistance Policy
            Filtering:  Disabled (GPO)

        Local Group Policy
            Filtering:  Not Applied (Empty)

        Small Business Server Windows Firewall
            Filtering:  Denied (WMI Filter)
            WMI Filter: PostSP2

        Small Business Server Domain Password Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Administrators
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        This Organization
        LOCAL
        Group Policy Creator Owners
        Domain Admins
        Software Distribution Users
        CGUSERS
        Schema Admins
        Enterprise Admins
        SBS Report Users
        SBS Mobile Users
       
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 12299755
It's got to be in one of these policies:

Small Business Server Auditing Policy
Default Domain Controllers Policy
Small Business Server Client Computer
Small Business Server Remote Assistance Policy
Small Business Server Lockout Policy
Small Business Server Domain Password Policy
Default Domain Policy

Best bet is the Default Domain Policy.

You will need to access a Domain Controller and look at the settings in the Defult Domain Policy.  The setting you are looking for is likely defined there and will either need to be set to the appropriate settings for the traget machine, or better yet, set to undefined so that it can be set locally at each machine.

Dave Dietz
0
 

Author Comment

by:Lasareath
ID: 12373109
Hey Dave,

Wow!!, I'm just too confused :(, I did run gpedit.msc and I found it greyed out still.

I did find an editable Microsoft Network Server: Digitally sign Communications, and I set it to disable

But if I run gpedit.msc it's still greyed out and enabled

I did a gpupdate /force and restarted the server with no luck either

Any other toughts?

Thanks,

Lasareath
0
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 2000 total points
ID: 12373499
Which policy did you find the editable setting in?

Dave Dietz
0
 

Author Comment

by:Lasareath
ID: 12374520
Hey Dave,

I did some more searching through EE and found somebody who had a similar problem as me and they used GPMC.msc to disable any group policys.

Within this app I was able to see all levels of the poily I needed to disable and I just disabled every single one and rebooted and woolaa it's disabled now!!

Thanks!!!

Lasareath
0

Featured Post

How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question