need a way to import 2000 gp into 2003 server

Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.security,microsoft.public.windows.group_policy (More info?)

i want to know is there a way to import a default gp for 2000sever into my
new 2003 domain ...reason is that with the default domain gp all my wks are
lock down (limited access and right ) and i can not seem to raised the
level example no permisson to manage netowrk settings, make vpn
connections, install applications .......this is what i want in the future
but for now im locking laptops down with the 2003 gp and all my users a
crying .....please help
5 answers Last reply
More about need import 2000 2003 server
  1. Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.security,microsoft.public.windows.group_policy (More info?)

    By default there are no user configuration settings defined on Group Policy when you
    set up a domain. Computer/security policy settings are defined mostly in Local
    Security Policy and Domain Controller Security Policy [mainly user rights
    assignments] for domain controllers , while domain policy defining account/password
    policies. What you are talking about seems to be mostly an issue with user group
    membership in that users need to be administrators on their local computers to do all
    that you mention [in W2K]. If it suits your needs you can add the users domain
    account to their local administrators or power users group on their computer. You can
    use "restricted groups" in security policy at the OU level to modify the membership
    of the local administrators/power users groups of computers in the OU. First I would
    try adding users to the Network Configuration Operators group on their local
    computers to allow them to manage networking properties and consider using Group
    Policy to publish or assign .msi applications to them before letting them all be
    local administrators. Users usually do cry when they can't clutter up their computers
    with unathorized applications, file swapping programs, chat programs, spyware,
    etc. --- Steve


    "ajay" <jgrace@digitelusa.net> wrote in message
    news:O1f%233O6WEHA.1888@TK2MSFTNGP11.phx.gbl...
    > i want to know is there a way to import a default gp for 2000sever into my
    > new 2003 domain ...reason is that with the default domain gp all my wks are
    > lock down (limited access and right ) and i can not seem to raised the
    > level example no permisson to manage netowrk settings, make vpn
    > connections, install applications .......this is what i want in the future
    > but for now im locking laptops down with the 2003 gp and all my users a
    > crying .....please help
    >
    >
  2. Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.security,microsoft.public.windows.group_policy (More info?)

    thank you so much for the reply

    i have the default dc policy and the default domain policy added to my AD
    should i delete or remove the default domain policy and just leave the one
    for DC
    "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
    news:%gjDc.97952$2i5.69247@attbi_s52...
    > By default there are no user configuration settings defined on Group
    Policy when you
    > set up a domain. Computer/security policy settings are defined mostly in
    Local
    > Security Policy and Domain Controller Security Policy [mainly user rights
    > assignments] for domain controllers , while domain policy defining
    account/password
    > policies. What you are talking about seems to be mostly an issue with user
    group
    > membership in that users need to be administrators on their local
    computers to do all
    > that you mention [in W2K]. If it suits your needs you can add the users
    domain
    > account to their local administrators or power users group on their
    computer. You can
    > use "restricted groups" in security policy at the OU level to modify the
    membership
    > of the local administrators/power users groups of computers in the OU.
    First I would
    > try adding users to the Network Configuration Operators group on their
    local
    > computers to allow them to manage networking properties and consider using
    Group
    > Policy to publish or assign .msi applications to them before letting them
    all be
    > local administrators. Users usually do cry when they can't clutter up
    their computers
    > with unathorized applications, file swapping programs, chat programs,
    spyware,
    > etc. --- Steve
    >
    >
    > "ajay" <jgrace@digitelusa.net> wrote in message
    > news:O1f%233O6WEHA.1888@TK2MSFTNGP11.phx.gbl...
    > > i want to know is there a way to import a default gp for 2000sever into
    my
    > > new 2003 domain ...reason is that with the default domain gp all my wks
    are
    > > lock down (limited access and right ) and i can not seem to raised the
    > > level example no permisson to manage netowrk settings, make vpn
    > > connections, install applications .......this is what i want in the
    future
    > > but for now im locking laptops down with the 2003 gp and all my users a
    > > crying .....please help
    > >
    > >
    >
    >
  3. Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.security,microsoft.public.windows.group_policy (More info?)

    No. Never remove your default policies. The domain policy applies to the domain while
    the domain controller policy applies only to the domain controller container where
    all the domain controllers are by default. However any policy setting "defined" at
    the domain level will also apply to the domain controller container if the same
    setting is not defined in the domain controller policy. Note that mostly that will
    only be computer configuration as users by default do not exists in the domain
    controller container, nor should they be moved into it. --- Steve


    "ajay" <jgrace@digitelusa.net> wrote in message
    news:u9$yzGHXEHA.556@tk2msftngp13.phx.gbl...
    > thank you so much for the reply
    >
    > i have the default dc policy and the default domain policy added to my AD
    > should i delete or remove the default domain policy and just leave the one
    > for DC
    > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
    > news:%gjDc.97952$2i5.69247@attbi_s52...
    > > By default there are no user configuration settings defined on Group
    > Policy when you
    > > set up a domain. Computer/security policy settings are defined mostly in
    > Local
    > > Security Policy and Domain Controller Security Policy [mainly user rights
    > > assignments] for domain controllers , while domain policy defining
    > account/password
    > > policies. What you are talking about seems to be mostly an issue with user
    > group
    > > membership in that users need to be administrators on their local
    > computers to do all
    > > that you mention [in W2K]. If it suits your needs you can add the users
    > domain
    > > account to their local administrators or power users group on their
    > computer. You can
    > > use "restricted groups" in security policy at the OU level to modify the
    > membership
    > > of the local administrators/power users groups of computers in the OU.
    > First I would
    > > try adding users to the Network Configuration Operators group on their
    > local
    > > computers to allow them to manage networking properties and consider using
    > Group
    > > Policy to publish or assign .msi applications to them before letting them
    > all be
    > > local administrators. Users usually do cry when they can't clutter up
    > their computers
    > > with unathorized applications, file swapping programs, chat programs,
    > spyware,
    > > etc. --- Steve
    > >
    > >
    > > "ajay" <jgrace@digitelusa.net> wrote in message
    > > news:O1f%233O6WEHA.1888@TK2MSFTNGP11.phx.gbl...
    > > > i want to know is there a way to import a default gp for 2000sever into
    > my
    > > > new 2003 domain ...reason is that with the default domain gp all my wks
    > are
    > > > lock down (limited access and right ) and i can not seem to raised the
    > > > level example no permisson to manage netowrk settings, make vpn
    > > > connections, install applications .......this is what i want in the
    > future
    > > > but for now im locking laptops down with the 2003 gp and all my users a
    > > > crying .....please help
    > > >
    > > >
    > >
    > >
    >
    >
  4. Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.security,microsoft.public.windows.group_policy (More info?)

    ok thanks well tell me this..... im in AD and we have at the domain level
    ....default domain gp and default dc gp linked... Is this default DC gp
    supose to be linked there or only under the OU for DC's could this be my
    problem
    "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
    news:xvHDc.126337$0y.46952@attbi_s03...
    > No. Never remove your default policies. The domain policy applies to the
    domain while
    > the domain controller policy applies only to the domain controller
    container where
    > all the domain controllers are by default. However any policy setting
    "defined" at
    > the domain level will also apply to the domain controller container if the
    same
    > setting is not defined in the domain controller policy. Note that mostly
    that will
    > only be computer configuration as users by default do not exists in the
    domain
    > controller container, nor should they be moved into it. --- Steve
    >
    >
    > "ajay" <jgrace@digitelusa.net> wrote in message
    > news:u9$yzGHXEHA.556@tk2msftngp13.phx.gbl...
    > > thank you so much for the reply
    > >
    > > i have the default dc policy and the default domain policy added to my
    AD
    > > should i delete or remove the default domain policy and just leave the
    one
    > > for DC
    > > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
    > > news:%gjDc.97952$2i5.69247@attbi_s52...
    > > > By default there are no user configuration settings defined on Group
    > > Policy when you
    > > > set up a domain. Computer/security policy settings are defined mostly
    in
    > > Local
    > > > Security Policy and Domain Controller Security Policy [mainly user
    rights
    > > > assignments] for domain controllers , while domain policy defining
    > > account/password
    > > > policies. What you are talking about seems to be mostly an issue with
    user
    > > group
    > > > membership in that users need to be administrators on their local
    > > computers to do all
    > > > that you mention [in W2K]. If it suits your needs you can add the
    users
    > > domain
    > > > account to their local administrators or power users group on their
    > > computer. You can
    > > > use "restricted groups" in security policy at the OU level to modify
    the
    > > membership
    > > > of the local administrators/power users groups of computers in the OU.
    > > First I would
    > > > try adding users to the Network Configuration Operators group on their
    > > local
    > > > computers to allow them to manage networking properties and consider
    using
    > > Group
    > > > Policy to publish or assign .msi applications to them before letting
    them
    > > all be
    > > > local administrators. Users usually do cry when they can't clutter up
    > > their computers
    > > > with unathorized applications, file swapping programs, chat programs,
    > > spyware,
    > > > etc. --- Steve
    > > >
    > > >
    > > > "ajay" <jgrace@digitelusa.net> wrote in message
    > > > news:O1f%233O6WEHA.1888@TK2MSFTNGP11.phx.gbl...
    > > > > i want to know is there a way to import a default gp for 2000sever
    into
    > > my
    > > > > new 2003 domain ...reason is that with the default domain gp all my
    wks
    > > are
    > > > > lock down (limited access and right ) and i can not seem to raised
    the
    > > > > level example no permisson to manage netowrk settings, make vpn
    > > > > connections, install applications .......this is what i want in the
    > > future
    > > > > but for now im locking laptops down with the 2003 gp and all my
    users a
    > > > > crying .....please help
    > > > >
    > > > >
    > > >
    > > >
    > >
    > >
    >
    >
  5. Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.security,microsoft.public.windows.group_policy (More info?)

    In a default installation the domain policy is linked only to the domain container
    and the domain controller policy to only the domain controller. --- Steve

    "ajay" <jgrace@digitelusa.net> wrote in message
    news:uaSqa0KXEHA.644@tk2msftngp13.phx.gbl...
    > ok thanks well tell me this..... im in AD and we have at the domain level
    > ...default domain gp and default dc gp linked... Is this default DC gp
    > supose to be linked there or only under the OU for DC's could this be my
    > problem
    > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
    > news:xvHDc.126337$0y.46952@attbi_s03...
    > > No. Never remove your default policies. The domain policy applies to the
    > domain while
    > > the domain controller policy applies only to the domain controller
    > container where
    > > all the domain controllers are by default. However any policy setting
    > "defined" at
    > > the domain level will also apply to the domain controller container if the
    > same
    > > setting is not defined in the domain controller policy. Note that mostly
    > that will
    > > only be computer configuration as users by default do not exists in the
    > domain
    > > controller container, nor should they be moved into it. --- Steve
    > >
    > >
    > > "ajay" <jgrace@digitelusa.net> wrote in message
    > > news:u9$yzGHXEHA.556@tk2msftngp13.phx.gbl...
    > > > thank you so much for the reply
    > > >
    > > > i have the default dc policy and the default domain policy added to my
    > AD
    > > > should i delete or remove the default domain policy and just leave the
    > one
    > > > for DC
    > > > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
    > > > news:%gjDc.97952$2i5.69247@attbi_s52...
    > > > > By default there are no user configuration settings defined on Group
    > > > Policy when you
    > > > > set up a domain. Computer/security policy settings are defined mostly
    > in
    > > > Local
    > > > > Security Policy and Domain Controller Security Policy [mainly user
    > rights
    > > > > assignments] for domain controllers , while domain policy defining
    > > > account/password
    > > > > policies. What you are talking about seems to be mostly an issue with
    > user
    > > > group
    > > > > membership in that users need to be administrators on their local
    > > > computers to do all
    > > > > that you mention [in W2K]. If it suits your needs you can add the
    > users
    > > > domain
    > > > > account to their local administrators or power users group on their
    > > > computer. You can
    > > > > use "restricted groups" in security policy at the OU level to modify
    > the
    > > > membership
    > > > > of the local administrators/power users groups of computers in the OU.
    > > > First I would
    > > > > try adding users to the Network Configuration Operators group on their
    > > > local
    > > > > computers to allow them to manage networking properties and consider
    > using
    > > > Group
    > > > > Policy to publish or assign .msi applications to them before letting
    > them
    > > > all be
    > > > > local administrators. Users usually do cry when they can't clutter up
    > > > their computers
    > > > > with unathorized applications, file swapping programs, chat programs,
    > > > spyware,
    > > > > etc. --- Steve
    > > > >
    > > > >
    > > > > "ajay" <jgrace@digitelusa.net> wrote in message
    > > > > news:O1f%233O6WEHA.1888@TK2MSFTNGP11.phx.gbl...
    > > > > > i want to know is there a way to import a default gp for 2000sever
    > into
    > > > my
    > > > > > new 2003 domain ...reason is that with the default domain gp all my
    > wks
    > > > are
    > > > > > lock down (limited access and right ) and i can not seem to raised
    > the
    > > > > > level example no permisson to manage netowrk settings, make vpn
    > > > > > connections, install applications .......this is what i want in the
    > > > future
    > > > > > but for now im locking laptops down with the 2003 gp and all my
    > users a
    > > > > > crying .....please help
    > > > > >
    > > > > >
    > > > >
    > > > >
    > > >
    > > >
    > >
    > >
    >
    >
Ask a new question

Read More

Policy Default Domain Microsoft Servers Windows