Answer the question
In order to leave comments, you need to log in
Windows 7 Pro workstations stop accepting DHCP options after activating Group Policy
I understand that such a question should be asked on special forums ... but you won’t believe it :)
I
asked
: OSzone1 , OSzone2 , SysAdmins.ru group policies, one of the manipulations was to try to make some changes to the Default Domain Policy (which was disabled at that time, it is not known why “the architect of this network has sunk into oblivion” :)) The domain controller is Windows Server 2003 R2 , aka DHCP server .
The day after the Default Domain Policy
was activated - all rebooted workstations running Windows 7 Pro stopped accepting parameters from the DHCP server, do not recognize the connection network (“Unidentified network” with all the consequences), this post helped to figure it out (yes, I also asked there :) ), it turned out that it was not necessary to leave the domain, it was enough to log in under any local administrator and reset the policies
secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose
... Of course, the Default Domain Policy was disabled again ... I had to run around quite well - there were more than twenty “sevens”.
The performance of the sevens has been restored, but I want to know what kind of policy it is, which leads to such sad consequences for the sevens, because the Windows XP workstations worked perfectly at the same time.
What will the collective mind have considerations?
PS: I'm not an admin, in short, the scooter is not mine, etc.
But you have to figure it out :)
Answer the question
In order to leave comments, you need to log in
I didn’t encounter this problem specifically, but when they installed the seven on machines in their domain under 2003 r2, they also got a large number of inexplicable problems. The main source is different versions of AD. Some of them were patched over time with patches, some of them were patched with hands, but the domain did not work smoothly. If you still plan to work with the domain, it is best to change the server to 2008 R2. Better a terrible end than endless horror. =)
Yes, the 2008 server will be better, however, what is given is given :) alas, there is no way to defeat this problem by “cutting off a sore limb”.
As far as I managed to figure it out, the problem is in some particular checkbox (oh, how I don’t like Windows for this) policy settings. Since in the domain they (policies) are still used for individual user groups ... Their comparison revealed too many differences, I somehow didn’t get used to working by typing, but apparently I have to.
Tell me at least where to dig, or what exactly not to pay attention to - i.e. what can be ruled out?
Did you touch the firewall with politicians there?
"arp -a" seems to fix at least? At least some packet comes to the network card?
For the sake of the purity of the experiment, try on a typewriter with features to see the presence of a firewall service and the rules in them that allow DHCP patency. By the way, just try to add the rules (even if the firewall is disabled, you need to turn it on, add it and turn it off) allowing DHTsP.
A small offtopic:
1. It is not recommended to edit the Default Domain Policy - create a separate policy to edit the parameters you need.
2. It makes no sense to disable the Default Domain Policy - transfer all computers with the seven to a separate OU and enable Inheritance Blocking on it until you figure out the problem.
3. there are several possible solutions: social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/2a18bb78-211a-42e4-809a-8be4133149e6/
On the topic:
1. what about the firewall on the seven and what changes were made?
2. It would be great to see the resulting policy.
3. what's in the system logs?
Make rsop with default domain policy enabled, show it here. Can there what scripts left work out.
Did you touch the firewall with politicians there?They didn’t touch it ... The Windows firewall is disabled, the server has a third-party SSEP firewall (a FSTEC-certified PD protection tool ... that’s still “dull” ... actually Russified Outpost with a rewritten gui, with a twist to the Kaspersky interface; but in this case, it’s definitely not him, he’s already they crawled up and down, and besides, everything is fine if you do not activate the same policy.)
what's in the system logs?And the ladies are pristine ... notifications, not even warnings, not that there are errors.
it would be great to see the resulting policy.but actually the policy, it's not rsop, but I think it will fit, this is a summary from Group Policy Manager,.
Make rsop with default domain policy enabledIt will be fraught with ... I'll try after hours. If I turn off inheritance, then you will not see anything in rcop, if not, then tomorrow morning again the tambourine in hand and run :)
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question