Archived from groups: microsoft.public.win2000.security (More info?)
Since this mixes security and networking, I am posting this in both
groups.
I am running under a Windows 2000 domain. I have a domain group that
is setup to logon locally to each Non-DC server. Everything was setup
and working.
To enhance the security of our network, our web servers were moved to a
different VLAN and most ports were blocked between the VLANs.
Everything continued to work.
Recently, I had to rebuild one of our web servers. I was able to setup
everything except the logon locally piece. In the Local Security
Policy, I try to add my Domain Group, but the "effective check" never
appears. Local is checked, but effective is not. All other aspects of
the Local Security Policy on this server look the same as the other web
server in the VLAN. The other server still works and all the users can
log into it.
My first question is this: Do I need to have certain ports open
between a server and the domain controller in order to make the rule
effective? I do not have any trouble bringing up the domain in any of
the drop-down lists. I can select my domain group. It appears to add
properly, but it never becomes active. I have tried to create a local
group, and I have tried to add individual users (local and domain).
None of them will become effective. I have tried to add additional
users and groups to the other server and I have the same problem. This
is what leads me to believe it is a networking issue and not a server
issue. The server that I have not modified is showing the same
problems.
Is there something else I could be missing?
Any help you can provide will be much appreciated.
Thanks,
Selmer80
Since this mixes security and networking, I am posting this in both
groups.
I am running under a Windows 2000 domain. I have a domain group that
is setup to logon locally to each Non-DC server. Everything was setup
and working.
To enhance the security of our network, our web servers were moved to a
different VLAN and most ports were blocked between the VLANs.
Everything continued to work.
Recently, I had to rebuild one of our web servers. I was able to setup
everything except the logon locally piece. In the Local Security
Policy, I try to add my Domain Group, but the "effective check" never
appears. Local is checked, but effective is not. All other aspects of
the Local Security Policy on this server look the same as the other web
server in the VLAN. The other server still works and all the users can
log into it.
My first question is this: Do I need to have certain ports open
between a server and the domain controller in order to make the rule
effective? I do not have any trouble bringing up the domain in any of
the drop-down lists. I can select my domain group. It appears to add
properly, but it never becomes active. I have tried to create a local
group, and I have tried to add individual users (local and domain).
None of them will become effective. I have tried to add additional
users and groups to the other server and I have the same problem. This
is what leads me to believe it is a networking issue and not a server
issue. The server that I have not modified is showing the same
problems.
Is there something else I could be missing?
Any help you can provide will be much appreciated.
Thanks,
Selmer80
Facebook
Twitter
Instagram