Archived from groups: microsoft.public.win2000.group_policy (
More info?)
Hi Ken
On your XP machine, go to Start > Run > type in MMC and hit enter. Go to
the File menu and select Add/Remove Snap-in. Click the Add button > scroll
through the list and select Group Policy > click Add. You can then click
Browse and look for the domain policy that you want to edit, select it, click
OK > Finish > Close > OK. Then you should see the Policy listed in the
management console.
d mac
"Ken B" wrote:
> Here's another good question late in the game... well, maybe not so good of
> a question... how can I manage domain group policies from my XP machine?
> When I go Start>Run>gpedit.msc, the window I get says "Local policy". I
> can't seem to run what I would think is gpmc.mmc/msc
>
> It's something probably really simple I'm missing...
>
> TIA
>
> K
>
> "Darren Mar-Elia" <dmanonymous@discussions.microsoft.com> wrote in message
> news:eBF6L6dpEHA.3592@TK2MSFTNGP14.phx.gbl...
> > I just checked this out and found the same behavior on my Win2K machine
> when
> > viewing an XP, SP2 policy--specifically those two Windows Firewall
> policies:
> >
> > Windows Firewall: Define program exceptions
> > Windows Firewall: Define port exceptions
> >
> > do not appear if I view the GPO from Win2K. Frankly, I think this is a bug
> > that you've found. I can see no reason, in looking at the ADM file, why
> they
> > should not appear. Maybe someone on this NG from Microsoft can check into
> > it?
> >
> >
> >
> > --
> > Darren Mar-Elia
> > MS-MVP-Windows Server--Group Policy
> > Check out
http://www.gpoguy.com -- The Windows Group Policy Information
> Hub:
> > FAQs, Whitepapers and Utilities for all things Group Policy-related
> >
> >
> >
> > "d mac" <dmac@discussions.microsoft.com> wrote in message
> > news:5B50E731-E7C6-4743-A926-7B57C9A4B775@microsoft.com...
> > > I'm glad I'm not the only one. I will definitely know if I find any
> > > fixes.
> > > For the time being, I'm enabling the policy through the workstation that
> > > has
> > > XP SP2 and it seems to be applying through the domain controllers,
> however
> > > the programs don't show up on the list in the Windows Firewall like I
> > > would
> > > expect. Can you see if this is the same experience for you? I'm
> guessing
> > > it's doing this because the policy isn't listed on the servers but still
> > > affects the machines as a policy.
> > >
> > > d mac
> > >
> > >
> > > "billj" wrote:
> > >
> > >> I've been facing the EXACT same issue since yesterday. If you come up
> > >> with a
> > >> solution, it would be great to post it here. I'll do the same.
> > >>
> > >> billj
> > >>
> > >> "d mac" wrote:
> > >>
> > >> > I imported the ADM files from the XP SP2 workstation and still some
> of
> > >> > the
> > >> > policies are missing (as mentioned below). I even imported the ADM
> > >> > files
> > >> > from the Microsoft website (at
> > >> >
> http://www.microsoft.com/downloads/details.aspx?FamilyID=92759d4b-7112-4b6c-ad4a-bbf3802a5c9b&DisplayLang=en)
> > >> > and still there are some missing.
> > >> >
> > >> > It seems like there might be certain policies that aren't compatible
> > >> > with
> > >> > Windows 2000 Server. Does anyone know what I should try next?
> > >> >
> > >> > Thanks,
> > >> >
> > >> > d mac
> > >> >
> > >> > "d mac" wrote:
> > >> >
> > >> > > Hi there,
> > >> > >
> > >> > > I downloaded the 842933 patch before opening the GPO on the XP SP2
> > >> > > workstation, so I haven't had any of the "The following entry in
> the
> > >> > > [strings] section is too long and has been truncated" errors. But
> I
> > >> > > still
> > >> > > have the issue where not all the policies are showing up on the
> > >> > > Windows 2000
> > >> > > Server vs. the XP SP2 workstation. Is this a known issue?
> > >> > >
> > >> > > I will try Hunter's suggestion on manually importing the ADM files
> on
> > >> > > the
> > >> > > Windows 2000 server to see if that updates all the policies on the
> > >> > > domain
> > >> > > controllers to match the same amount showing on the XP SP2
> > >> > > workstation.
> > >> > >
> > >> > > I'll let you know how it goes.
> > >> > >
> > >> > > Thanks
> > >> > >
> > >> > > d mac
> > >> > >
> > >> > > "Bruce Sanderson" wrote:
> > >> > >
> > >> > > >
http://support.microsoft.com/?kbid=842933 documents this problem
> > >> > > > and has a
> > >> > > > patch available.
> > >> > > >
> > >> > > > --
> > >> > > > Bruce Sanderson MVP
> > >> > > >
> > >> > > > It's perfectly useless to know the right answer to the wrong
> > >> > > > question.
> > >> > > >
> > >> > > >
> > >> > > > "Hunter" <anonymous@discussions.microsoft.com> wrote in message
> > >> > > > news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
> > >> > > > > You might try gathering up the XP .adm templates, copying
> > >> > > > > them to temp folder on the 2000 DC. Then opening the A/D
> > >> > > > > Group policy on the 2000 box right click on the
> > >> > > > > Admisitrative templates container, choose add snap-in.
> > >> > > > >
> > >> > > > > It'll show the ones currently in use in the wnnt/inf
> > >> > > > > folder, Browse over to the new ones in the temp folder
> > >> > > > > and select add, it should ask you about overwriting etc.
> > >> > > > >
> > >> > > > > Choose yes.
> > >> > > > >
> > >> > > > > Once the new ones are copied in you will probably get a
> > >> > > > > bunch messages stating the new ones are too long or
> > >> > > > > something, but you'll have to hunt down an update for this
> > >> > > > > I think I found it at microsoft tech experts page on XP,
> > >> > > > > but it didn't seem to want to be found with search.
> > >> > > > >
> > >> > > > > Anyways, maybe that will help.
> > >> > > > >
> > >> > > > > Regards
> > >> > > > >
> > >> > > > > Hunter
> > >> > > > >
> > >> > > > >
> > >> > > > >
> > >> > > > >>-----Original Message-----
> > >> > > > >>I updated our GPO on our Windows 2000 domain controllers
> > >> > > > > with the latest ADM
> > >> > > > >>files from XP SP2. I did this by opening up the GPO on a
> > >> > > > > Windows XP Pro
> > >> > > > >>workstation with SP2 and it automatically replicated the
> > >> > > > > ADM files to our
> > >> > > > >>domain controllers. See document at
> > >> > > > >>http://www.microsoft.com/technet/prodtechnol/winxppro/main
> > >> > > > > tain/mangxpsp2/mngdepgp.mspx
> > >> > > > >>
> > >> > > > >>However, it seems like not all of the ADM files are
> > >> > > > > replicating to the
> > >> > > > >>Windows 2000 servers. For example, in the policy
> > >> > > > > path "Administrative
> > >> > > > >>Templates\Network\Network Connections\Windows
> > >> > > > > Firewall\Domain Profile" there
> > >> > > > >>are only 12 policies listed on the Windows 2000 Server
> > >> > > > > but on the XP SP2 box,
> > >> > > > >>there are 14 policies. The two that are missing are:
> > >> > > > >>
> > >> > > > >>Windows Firewall: Define program exceptions
> > >> > > > >>Windows Firewall: Define port exceptions
> > >> > > > >>
> > >> > > > >>Is this by design or is there something wrong with the
> > >> > > > > replication process?
> > >> > > > >>It would be nice to be able to define program exceptions
> > >> > > > > because there are a
> > >> > > > >>couple programs within our environment that won't work
> > >> > > > > unless we can exclude
> > >> > > > >>them. It would be preferable to do this through GP
> > >> > > > > instead of manually going
> > >> > > > >>to each machine and defining the program exceptions.
> > >> > > > >>
> > >> > > > >>Thanks,
> > >> > > > >>
> > >> > > > >>d mac
> > >> > > > >>.
> > >> > > > >>
> > >> > > >
> > >> > > >
> > >> > > >
> >
> >
>
>
>