|
Home > Archive > alt.certification.mcse > December 2003 > Group Policy - What am i doing wrong?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Group Policy - What am i doing wrong?
|
|
| Denis Cooper 2003-12-12, 9:25 am |
| Hi,
I am testing the group policy in my lab...I am trying something very simple
at the moment but can't even get that to work and i don't know why!
Setup as follows:
Win2K Server - PDC
WinXP Pro Connected to Win2K Server
-GP On Win2K - only one setup, and have disabled the desktop icons (or
enabled the do not show desktop icons)
But it doesn't seem to work. From what i can tell, the permissions are okay,
but it just keeps showing the icons.
Any help greatly appreciated....
Thanks
--
Denis Cooper
MCP, Network+, A+
| |
| HouseVod 2003-12-12, 10:25 am |
| There is a checker for GPO's on XP.
Drop to DOS (command prompt, start, run cmd) and type in 'gpresult' without
the quotes
it will give you what policy is in effect and may give you some pointers of
whats wrong.
House
"Denis Cooper" <denis@fivebirchhouse.eclipse.co.uk> wrote in message
news:1071237661.255502@ananke.eclipse.net.uk...
> Hi,
>
> I am testing the group policy in my lab...I am trying something very
simple
> at the moment but can't even get that to work and i don't know why!
>
> Setup as follows:
>
> Win2K Server - PDC
> WinXP Pro Connected to Win2K Server
>
> -GP On Win2K - only one setup, and have disabled the desktop icons (or
> enabled the do not show desktop icons)
>
> But it doesn't seem to work. From what i can tell, the permissions are
okay,
> but it just keeps showing the icons.
>
> Any help greatly appreciated....
>
> Thanks
>
>
> --
> Denis Cooper
> MCP, Network+, A+
>
>
| |
| Denis Cooper 2003-12-12, 4:25 pm |
| i did that just now....
here is the result:
C:\>gpresult
Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 12/12/2003 at 20:44:49
RSOP results for FIVEBIRCHHOUSE\Peter on CHARLOTTEPC : Logging Mode
--------------------------------------------------------------------
OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: FIVEBIRCHHOUSE
Domain Type: Windows 2000
Site Name: Default-First-Site
Roaming Profile: \\denispc\users\Peter
Local Profile: C:\Documents and Settings\Peter.FIVEBIRCHHOUSE
Connected over a slow link?: Yes
COMPUTER SETTINGS
------------------
Last time Group Policy was applied: 12/12/2003 at 20:38:48
Group Policy was applied from: denispc.fivebirchhouse.local
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
N/A
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The computer is a part of the following security groups:
--------------------------------------------------------
BUILTIN\Administrators
Everyone
NT AUTHORITY\Authenticated Users
USER SETTINGS
--------------
Last time Group Policy was applied: 12/12/2003 at 20:40:52
Group Policy was applied from: denispc.fivebirchhouse.local
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
Default Domain Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups:
----------------------------------------------------
Domain Users
Everyone
BUILTIN\Users
LOCAL
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
C:\>
Any help?
"HouseVod" <news@housevod.com> wrote in message
news:brcii3$ju4$1@visp.bt.co.uk...
> There is a checker for GPO's on XP.
>
> Drop to DOS (command prompt, start, run cmd) and type in 'gpresult'
without
> the quotes
>
> it will give you what policy is in effect and may give you some pointers
of
> whats wrong.
>
> House
>
> "Denis Cooper" <denis@fivebirchhouse.eclipse.co.uk> wrote in message
> news:1071237661.255502@ananke.eclipse.net.uk...
> simple
> okay,
>
>
| |
| Denis Cooper 2003-12-12, 6:25 pm |
| Just a quick update, i rebooted the server, logged on as admin, and get no
icons on the desktop - so it's like the xp computer does not pick up the gp
from the server?
"Denis Cooper" <denis@fivebirchhouse.eclipse.co.uk> wrote in message
news:1071262011.380752@ananke.eclipse.net.uk...
> i did that just now....
>
> here is the result:
>
> C:\>gpresult
>
> Microsoft (R) Windows (R) XP Operating System Group Policy Result tool
v2.0
> Copyright (C) Microsoft Corp. 1981-2001
>
> Created On 12/12/2003 at 20:44:49
>
>
> RSOP results for FIVEBIRCHHOUSE\Peter on CHARLOTTEPC : Logging Mode
> --------------------------------------------------------------------
>
> OS Type: Microsoft Windows XP Professional
> OS Configuration: Member Workstation
> OS Version: 5.1.2600
> Domain Name: FIVEBIRCHHOUSE
> Domain Type: Windows 2000
> Site Name: Default-First-Site
> Roaming Profile: \\denispc\users\Peter
> Local Profile: C:\Documents and
Settings\Peter.FIVEBIRCHHOUSE
> Connected over a slow link?: Yes
>
>
> COMPUTER SETTINGS
> ------------------
>
> Last time Group Policy was applied: 12/12/2003 at 20:38:48
> Group Policy was applied from: denispc.fivebirchhouse.local
> Group Policy slow link threshold: 500 kbps
>
> Applied Group Policy Objects
> -----------------------------
> N/A
>
> The following GPOs were not applied because they were filtered out
> -------------------------------------------------------------------
> Local Group Policy
> Filtering: Not Applied (Empty)
>
> The computer is a part of the following security groups:
> --------------------------------------------------------
> BUILTIN\Administrators
> Everyone
> NT AUTHORITY\Authenticated Users
>
>
> USER SETTINGS
> --------------
>
> Last time Group Policy was applied: 12/12/2003 at 20:40:52
> Group Policy was applied from: denispc.fivebirchhouse.local
> Group Policy slow link threshold: 500 kbps
>
> Applied Group Policy Objects
> -----------------------------
> Default Domain Policy
>
> The following GPOs were not applied because they were filtered out
> -------------------------------------------------------------------
> Local Group Policy
> Filtering: Not Applied (Empty)
>
> The user is a part of the following security groups:
> ----------------------------------------------------
> Domain Users
> Everyone
> BUILTIN\Users
> LOCAL
> NT AUTHORITY\INTERACTIVE
> NT AUTHORITY\Authenticated Users
>
> C:\>
>
> Any help?
> "HouseVod" <news@housevod.com> wrote in message
> news:brcii3$ju4$1@visp.bt.co.uk...
> without
> of
>
>
| |
| Denis Cooper 2003-12-12, 6:25 pm |
| Just a quick update, i rebooted the server, logged on as admin, and get no
icons on the desktop - so it's like the xp computer does not pick up the gp
from the server?
"Denis Cooper" <denis@fivebirchhouse.eclipse.co.uk> wrote in message
news:1071262011.380752@ananke.eclipse.net.uk...
> i did that just now....
>
> here is the result:
>
> C:\>gpresult
>
> Microsoft (R) Windows (R) XP Operating System Group Policy Result tool
v2.0
> Copyright (C) Microsoft Corp. 1981-2001
>
> Created On 12/12/2003 at 20:44:49
>
>
> RSOP results for FIVEBIRCHHOUSE\Peter on CHARLOTTEPC : Logging Mode
> --------------------------------------------------------------------
>
> OS Type: Microsoft Windows XP Professional
> OS Configuration: Member Workstation
> OS Version: 5.1.2600
> Domain Name: FIVEBIRCHHOUSE
> Domain Type: Windows 2000
> Site Name: Default-First-Site
> Roaming Profile: \\denispc\users\Peter
> Local Profile: C:\Documents and
Settings\Peter.FIVEBIRCHHOUSE
> Connected over a slow link?: Yes
>
>
> COMPUTER SETTINGS
> ------------------
>
> Last time Group Policy was applied: 12/12/2003 at 20:38:48
> Group Policy was applied from: denispc.fivebirchhouse.local
> Group Policy slow link threshold: 500 kbps
>
> Applied Group Policy Objects
> -----------------------------
> N/A
>
> The following GPOs were not applied because they were filtered out
> -------------------------------------------------------------------
> Local Group Policy
> Filtering: Not Applied (Empty)
>
> The computer is a part of the following security groups:
> --------------------------------------------------------
> BUILTIN\Administrators
> Everyone
> NT AUTHORITY\Authenticated Users
>
>
> USER SETTINGS
> --------------
>
> Last time Group Policy was applied: 12/12/2003 at 20:40:52
> Group Policy was applied from: denispc.fivebirchhouse.local
> Group Policy slow link threshold: 500 kbps
>
> Applied Group Policy Objects
> -----------------------------
> Default Domain Policy
>
> The following GPOs were not applied because they were filtered out
> -------------------------------------------------------------------
> Local Group Policy
> Filtering: Not Applied (Empty)
>
> The user is a part of the following security groups:
> ----------------------------------------------------
> Domain Users
> Everyone
> BUILTIN\Users
> LOCAL
> NT AUTHORITY\INTERACTIVE
> NT AUTHORITY\Authenticated Users
>
> C:\>
>
> Any help?
> "HouseVod" <news@housevod.com> wrote in message
> news:brcii3$ju4$1@visp.bt.co.uk...
> without
> of
>
>
| |
| Marlin Munrow 2003-12-13, 8:25 am |
| You may simply need to run some basic maintenance to get GPO to apply
as expected.
Key item is DNS here. I'd suggest you take a good look at your DC's
event logs and see if you have any other more serious problems.
Do you have my documents redirected ?
I see you are using a roaming profile. Are you enforcing the desktop
in your lab (ntuser.man) ?
It seems you've got slow link detection on and that under these
circumstances you may not get some things to apply such as software
installation for one.
You can disable slow link detection as a troubleshooting mechanism and
see if you get your icons back (albeit very slow logon)
You'll undoubtedly see some other strange things happening as the XP
client starts running home to Mommie - the lack of icons sounds very
familiar. Do you have a poor link to the DC? (suspect poor cable /
NIC).
Also, you may want to see if you can ping the DC with a packet of 4096
ping 10.10.10.10 -l 4096
This is how slow link is tested for if you're not expecting slow link.
If you've a firewall between the client and the DC you may find that
the slow link test will always give "slow" response especially if the
firewall restricts the packet size of the ping.
The process of applying policies may be set to load every time you log
on meaning that some policy items may never get downloaded.
I really recommend that you get hold of the new GPMC.msi
http://www.microsoft.com/downloads/...&displaylang=en
this tool can really help show you where your Group Policy errors lie
especially if you've established a "no override" or "block policy
inheritance" wrongly by accident.
On Fri, 12 Dec 2003 22:22:55 -0000, "Denis Cooper"
<denis@fivebirchhouse.eclipse.co.uk> wrote:
>Just a quick update, i rebooted the server, logged on as admin, and get no
>icons on the desktop - so it's like the xp computer does not pick up the gp
>from the server?
>"Denis Cooper" <denis@fivebirchhouse.eclipse.co.uk> wrote in message
>news:1071262011.380752@ananke.eclipse.net.uk...
>v2.0
>Settings\Peter.FIVEBIRCHHOUSE
>
| |
| Steven L Umbach 2003-12-13, 11:26 am |
| In situations like this, I recommend that you check the networking
configuration of both computers and the health of the domain controller. Run
netdiag first on the domain controller and then dcdiag looking for any
failed tests. Then run netdiag on the XP Pro computer. A number of tests are
run and failed tests may indicate what the problem is. These tools are
located on the install cdrom in the support/tools folder where you will need
to run setup and are extremely useful. Also make sure that you are logging
onto the domain and not the local machine on the XP machine. Generally it is
not a good idea to use the ICF built in firewall if lan access is needed.
Another often overlooked point about Group Policy is that the computer/user
must be in a container within he scope of influence of a GPO. In other words
if you create a OU with a new GPO. The defined settings in that GPO will
only apply to computer/user accounts in that OU or sub OU's. There is an
exception when loopback procesing is used, but that is not the norm and is
reserved for special situations. --- Steve
http://support.microsoft.com/defaul...Ben-us%3B250842
http://support.microsoft.com/defaul...Ben-us%3B321708
http://support.microsoft.com/defaul...Ben-us%3B291382 --- proper
dns configration is critcal.
"Denis Cooper" <denis@fivebirchhouse.eclipse.co.uk> wrote in message
news:1071267659.353957@ananke.eclipse.net.uk...
> Just a quick update, i rebooted the server, logged on as admin, and get no
> icons on the desktop - so it's like the xp computer does not pick up the
gp
> from the server?
> "Denis Cooper" <denis@fivebirchhouse.eclipse.co.uk> wrote in message
> news:1071262011.380752@ananke.eclipse.net.uk...
> v2.0
> Settings\Peter.FIVEBIRCHHOUSE
pointers[color=blue]
(or[color=blue]
are[color=blue]
>
>
>
| |
| Denis Cooper 2003-12-13, 3:26 pm |
| Thanks for all this....
I did a secedit /refreshpolicy on machine and user on the DC, but this did
not seem to help.
I still seem to get a really slow connection though - takes about 3 or 4
mins to log on, i gues this could be because the pc's are a little old?
I did ping DC -l 4096 and it came back fine.
DCDIAG and NETDIAG - are they self explanatory as i don't remember coming
accross these in either 70-210 or 70-215?
Thanks again.
It looks like it is working now. I don't know what it was, maybe the gp had
not refreshed correctly. I did do a secpol /
"Steven L Umbach" <sumbach@nospam-ameritech.net> wrote in message
news:APGCb.11707$aw2.6086251@newssrv26.news.prodigy.com...
> In situations like this, I recommend that you check the networking
> configuration of both computers and the health of the domain controller.
Run
> netdiag first on the domain controller and then dcdiag looking for any
> failed tests. Then run netdiag on the XP Pro computer. A number of tests
are
> run and failed tests may indicate what the problem is. These tools are
> located on the install cdrom in the support/tools folder where you will
need
> to run setup and are extremely useful. Also make sure that you are logging
> onto the domain and not the local machine on the XP machine. Generally it
is
> not a good idea to use the ICF built in firewall if lan access is needed.
> Another often overlooked point about Group Policy is that the
computer/user
> must be in a container within he scope of influence of a GPO. In other
words
> if you create a OU with a new GPO. The defined settings in that GPO will
> only apply to computer/user accounts in that OU or sub OU's. There is an
> exception when loopback procesing is used, but that is not the norm and is
> reserved for special situations. --- Steve
>
> http://support.microsoft.com/defaul...Ben-us%3B250842
> http://support.microsoft.com/defaul...Ben-us%3B321708
> http://support.microsoft.com/defaul...Ben-us%3B291382 ---
proper
> dns configration is critcal.
>
> "Denis Cooper" <denis@fivebirchhouse.eclipse.co.uk> wrote in message
> news:1071267659.353957@ananke.eclipse.net.uk...
no[color=blue]
> gp
-------------------------------------------------------------------[color=blue]
-------------------------------------------------------------------[color=blue]
> pointers
very[color=blue]
why![color=blue]
> (or
> are
>
>
| |
| Steven L Umbach 2003-12-13, 4:25 pm |
| I doubt the slow connection has anything to do with slow machines, but it
may be indicative of networking connection or configuration issue. Looking
in Event Viewer for possible problems is always a good idea when experincing
problems. The main culprit is usually dns misconfiguration caused by either
the domain controller not pointing to itself in tcp/ip properties and/or the
domain member machines not pointing to the domain controller for their dns
resolutuion. Never have an ISP dns server configured in the tcp/ip
properties of any domain computer or you will experience strange and
intemittent problems. It is also possible to logon to a domain computer via
cached credentials [enabled in a default installation] when a domain
controller can not be contacted which will delay the logon process. The
"set" command will tell you what machine you are logged onto - local machine
[if credentials were cached while tring to logon to the domain] or domain
controller. I don't know what exam covers netdiag and dcdiag, but those are
two tools you want to use a lot for troubleshooting. Pinging the dc by name
is a good thing to try but I also suggest you learn to use nslookup as
described in the KB below to check that your domain workstation can resolve
domain controller srv records such as _ldap._tcp.dc._msdcs.domain_name. ---
Steve
http://support.microsoft.com/defaul...kb;en-us;816587
"Denis Cooper" <denis@fivebirchhouse.eclipse.co.uk> wrote in message
news:1071343360.537665@ananke.eclipse.net.uk...
> Thanks for all this....
>
> I did a secedit /refreshpolicy on machine and user on the DC, but this did
> not seem to help.
>
> I still seem to get a really slow connection though - takes about 3 or 4
> mins to log on, i gues this could be because the pc's are a little old?
>
> I did ping DC -l 4096 and it came back fine.
>
> DCDIAG and NETDIAG - are they self explanatory as i don't remember coming
> accross these in either 70-210 or 70-215?
>
> Thanks again.
>
> It looks like it is working now. I don't know what it was, maybe the gp
had
> not refreshed correctly. I did do a secpol /
> "Steven L Umbach" <sumbach@nospam-ameritech.net> wrote in message
> news:APGCb.11707$aw2.6086251@newssrv26.news.prodigy.com...
> Run
> are
> need
logging[color=blue]
it[color=blue]
> is
needed.[color=blue]
> computer/user
> words
is[color=blue]
> proper
get[color=blue]
> no
the[color=blue]
tool[color=blue]
out[color=blue]
> -------------------------------------------------------------------
out[color=blue]
> -------------------------------------------------------------------
'gpresult'[color=blue]
message[color=blue]
> very
> why!
icons[color=blue]
permissions[color=blue]
>
>
| |
| Marlin Munrow 2003-12-13, 6:25 pm |
| Interesting results (especially Secedit which is only win2K and not
XP) - if the machine was just left on for 45 + minutes it may have
cleared itself by pulling down the policy eventually.
Glad its sorted but I have to agree with Steven - much better put than
I did.
You may want to lookup "gpupdate /force" as a command line for XP
clients rather than SECEDIT /REFRESHPOLICY Machine_Policy.
As for being in the courseware for 215 - I dont recall it either but I
do recall seeing it in whitepapers as I studied for the exams 216/217.
BTW how's the weather in my home County Devon ?
On Sat, 13 Dec 2003 19:25:57 -0000, "Denis Cooper"
<denis@fivebirchhouse.eclipse.co.uk> wrote:
>Thanks for all this....
>
>I did a secedit /refreshpolicy on machine and user on the DC, but this did
>not seem to help.
>
>I still seem to get a really slow connection though - takes about 3 or 4
>mins to log on, i gues this could be because the pc's are a little old?
>
>I did ping DC -l 4096 and it came back fine.
>
>DCDIAG and NETDIAG - are they self explanatory as i don't remember coming
>accross these in either 70-210 or 70-215?
>
>Thanks again.
>
>It looks like it is working now. I don't know what it was, maybe the gp had
>not refreshed correctly. I did do a secpol /
>"Steven L Umbach" <sumbach@nospam-ameritech.net> wrote in message
>news:APGCb.11707$aw2.6086251@newssrv26.news.prodigy.com...
>Run
>are
>need
>is
>computer/user
>words
>proper
>no
> -------------------------------------------------------------------
> -------------------------------------------------------------------
>very
>why!
>
| |
| Denis Cooper 2003-12-13, 9:25 pm |
| Thanks for all your help guys, it's really appreciated.
Some of what you have said has confused me a little, but i am sure i will
learn this as i move to the 217 and 216 exams. I have my 70-210 and should
be getting my 70-215 very soon after Christmas.
Im down in Birmingham, so im not sure what its like over in Devon. But other
hear its raining, cold horrible, need i go on....
I do have one question for you both though (then i'll leave you in peace -
or atleast i'll try) - DNS, if you don't put the ISP DNS in server
properties, then what do you put in, the Server IP address - but then i take
it i need to setup the windows DNS server - which at the moment, i have not
really covered....
Thanks,
I'm going to print the white papers off and have a read of them over the
next few days.
I'm assuming that the majority of this knowldege will be covered in the
future exams - or atleast i hpe so..
Thanks
"Marlin Munrow" <MarlinMunrow-the-PFY@gonefission.com> wrote in message
news:su3ntvs4d7v8a1ije7cu4cmv2
rg346ifuu@4ax.com...
> Interesting results (especially Secedit which is only win2K and not
> XP) - if the machine was just left on for 45 + minutes it may have
> cleared itself by pulling down the policy eventually.
>
> Glad its sorted but I have to agree with Steven - much better put than
> I did.
>
> You may want to lookup "gpupdate /force" as a command line for XP
> clients rather than SECEDIT /REFRESHPOLICY Machine_Policy.
>
> As for being in the courseware for 215 - I dont recall it either but I
> do recall seeing it in whitepapers as I studied for the exams 216/217.
>
> BTW how's the weather in my home County Devon ?
>
>
> On Sat, 13 Dec 2003 19:25:57 -0000, "Denis Cooper"
> <denis@fivebirchhouse.eclipse.co.uk> wrote:
>
did[color=blue]
had[color=blue]
controller.[color=blue]
tests[color=blue]
logging[color=blue]
it[color=blue]
needed.[color=blue]
will[color=blue]
an[color=blue]
is[color=blue]
get[color=blue]
the[color=blue]
tool[color=blue]
> --------------------------------------------------------------------
denispc.fivebirchhouse.local[color=blue]
out[color=blue]
denispc.fivebirchhouse.local[color=blue]
out[color=blue]
'gpresult'[color=blue]
message[color=blue]
icons[color=blue]
permissions[color=blue]
>
| |
| Marlin Munrow 2003-12-14, 5:25 am |
| In the AD server's NIC properties if you enter your ISP's DNS servers
whenever the server tries to resolve an internet address it will ask
your ISP so you need to point it at itself if it has DNS installed if
not install DNS.
Its likely you already have DNS installed otherwise your AD would
likely not work at all. You just might have no zones set up.
If you've not installed DNS as part of the installation of your Active
Directory then you will need to do so (unless you have a valid dns
domain name and your ISP's DNS server supports SRV records - this
isnt very likely.
If you've not installed DNS you can do so through add/remove Software,
Add/remove Windows Components from control panel. You'll need to dig
to find it.
http://support.microsoft.com/?kbid=237675
If it isnt installed, Once completed, by far the easiest option is to
use the Configure this Server wizard in the DNS application - accessed
from the shortcut menu - and then to choose forward lookup zone and
make it active directory integrated.
Clients should point at your internal DNS server as their DNS server
and your server needs to point to itself (maybe with the second DNS
entry showing your ISP's DNS and maybe you could enable forwarders -
its hard to advise without knowing your config)
I love Labmice for good backgrounders
http://www.labmice.net/ActiveDirectory/AD_install.htm
Good luck on 216/217!
On Sun, 14 Dec 2003 01:26:35 -0000, "Denis Cooper"
<denis@fivebirchhouse.eclipse.co.uk> wrote:
[color=blue]
>Thanks for all your help guys, it's really appreciated.
>
>Some of what you have said has confused me a little, but i am sure i will
>learn this as i move to the 217 and 216 exams. I have my 70-210 and should
>be getting my 70-215 very soon after Christmas.
>
>Im down in Birmingham, so im not sure what its like over in Devon. But other
>hear its raining, cold horrible, need i go on....
>
>I do have one question for you both though (then i'll leave you in peace -
>or atleast i'll try) - DNS, if you don't put the ISP DNS in server
>properties, then what do you put in, the Server IP address - but then i take
>it i need to setup the windows DNS server - which at the moment, i have not
>really covered....
>
>Thanks,
>
>I'm going to print the white papers off and have a read of them over the
>next few days.
>
>I'm assuming that the majority of this knowldege will be covered in the
>future exams - or atleast i hpe so..
>
>Thanks
>"Marlin Munrow" <MarlinMunrow-the-PFY@gonefission.com> wrote in message
> news:su3ntvs4d7v8a1ije7cu4cmv2
rg346ifuu@4ax.com...
<snip>
| |
| Steven L Umbach 2003-12-14, 7:25 am |
|
"Marlin Munrow" <MarlinMunrow-the-PFY@gonefission.com> wrote in message
news:accotv4s7tgslg0p3bn76is2h
pb32s702h@4ax.com...
> Clients should point at your internal DNS server as their DNS server
> and your server needs to point to itself (maybe with the second DNS
> entry showing your ISP's DNS and maybe you could enable forwarders -
> its hard to advise without knowing your config)
>
> I love Labmice for good backgrounders
>
> http://www.labmice.net/ActiveDirectory/AD_install.htm
>
> Good luck on 216/217!
>
> On Sun, 14 Dec 2003 01:26:35 -0000, "Denis Cooper"
> <denis@fivebirchhouse.eclipse.co.uk> wrote:
>
should[color=blue]
other[color=blue]
peace -[color=blue]
take[color=blue]
not[color=blue]
> <snip>
| |
| Steven L Umbach 2003-12-14, 7:25 am |
| Never list an ISP in the tcp/ip properties of any domain computer even down
the list. Always use forwarding or root hints to resolve internet names.
The rest of your advice was very good. --- Steve
http://support.microsoft.com/defaul...Ben-us%3B323380
"Marlin Munrow" <MarlinMunrow-the-PFY@gonefission.com> wrote in message
news:accotv4s7tgslg0p3bn76is2h
pb32s702h@4ax.com...
> Clients should point at your internal DNS server as their DNS server
> and your server needs to point to itself (maybe with the second DNS
> entry showing your ISP's DNS and maybe you could enable forwarders -
> its hard to advise without knowing your config)
>
> I love Labmice for good backgrounders
>
> http://www.labmice.net/ActiveDirectory/AD_install.htm
>
> Good luck on 216/217!
>
> On Sun, 14 Dec 2003 01:26:35 -0000, "Denis Cooper"
> <denis@fivebirchhouse.eclipse.co.uk> wrote:
>
should[color=blue]
other[color=blue]
peace -[color=blue]
take[color=blue]
not[color=blue]
> <snip>
| |
| Marlin Munrow 2003-12-14, 9:25 am |
| Hard to know what to advise without knowing the config. My assumption
is that this was a lab setup and using the ISP DNS as a fall-back
(Hence "maybe with the second DNS...". I dont agree fully with 323380
in this instance especially as we are talking Windows 2000 not 2k3.
If this were a commercial installation and running 2k3 then I'd agree
with you.
On Sun, 14 Dec 2003 11:22:14 GMT, "Steven L Umbach"
<sumbach@nospam-ameritech.net> wrote:
[color=blue]
>Never list an ISP in the tcp/ip properties of any domain computer even down
>the list. Always use forwarding or root hints to resolve internet names.
>The rest of your advice was very good. --- Steve
>
>http://support.microsoft.com/defaul...Ben-us%3B323380
>
>"Marlin Munrow" <MarlinMunrow-the-PFY@gonefission.com> wrote in message
> news:accotv4s7tgslg0p3bn76is2h
pb32s702h@4ax.com...
<SNIP>
|
|
|
|
|