AD Policies
Hi,
We have a domain with (currently) three DC's
1x Windows 2000
1x Windows 2003 Standard Edition
1x Windows 2003 R2 Enterprise Edition
The domain is in Windows 2000 native mode. My question is we do not have the Windows XP or the extra policies that Enterprise edition adds available.
Is this because of the functions level, or do I need to do something?
If I get rid of the 2000 DC and raise the level to 2003 will that add the missing policies including the Enterprise policies?
Thanks
We have a domain with (currently) three DC's
1x Windows 2000
1x Windows 2003 Standard Edition
1x Windows 2003 R2 Enterprise Edition
The domain is in Windows 2000 native mode. My question is we do not have the Windows XP or the extra policies that Enterprise edition adds available.
Is this because of the functions level, or do I need to do something?
If I get rid of the 2000 DC and raise the level to 2003 will that add the missing policies including the Enterprise policies?
Thanks
Comments
-
blargoe
Member Posts: 4,174 ■■■■■■■■■□
I'm not sure... but I think you have to be at a 2003 functional levelIT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands... -
Sie
Member Posts: 1,195
Not 100% either but i think thats it.
If you cannot test let me know example of policies your looking for and i'll test later.
Foolproof systems don't take into account the ingenuity of fools -
BF2Mad
Member Posts: 171
It is a funny one, we can only give out 2000 policies, no policies that 2003 or 2003 Enterprise adds such as policies for XP clients and Enterprise adds a policies for auto enrollment of user certificates (which we don't have)
I am unable to get to AD at the moment but I will get some examples later.
Thanks guys, I am going to try and do some tested as well. -
Sie
Member Posts: 1,195
Thou i must say i dont know if it needs to be raised at domain or forest level....
Will check later but im sure you'll get there first as im here for 12 hour shift!!
Foolproof systems don't take into account the ingenuity of fools -
RTmarc
Member Posts: 1,082 ■■■□□□□□□□
You have to raise the domain function level. There are several things that 2000 cannot support that will not be availble until you are in Server 2003 Mode. Whether or not there are extensions to AD for 2000 to support the things you want I do not know and would be probably worth looking into before decommisioning servers. The question regarding no XP policies I'm not sure exactly what you mean. Even in a 2000 Mixed domain, policies should still be affecting Windows XP clients afaik.
-
BF2Mad
Member Posts: 171
Hi sorry for the delay,
The problem our domain policies does not include policies that are only supported on Windows XP or 2003 such as. (there are many more)-
User Configuration\Administrative Templates\Start Menu and Taskbar\
User Configuration\Administrative Templates\Start Menu and Taskbar\Lock the Taskbar
User Configuration\Administrative Templates\Start Menu and Taskbar\Remove My Pictures from Start Menu
Computer Configuration\Administrative Templates\Windows Components\Security Center\Turn on Security Center
Computer Configuration\Administrative Templates\Windows Components\Windows Messenger\Do not allow Windows Messenger to be Run
The policies listed above are not listed in our domain policy. We can set these policies locally but that is not the point
Do we need to add an XP Template or somthing?
Thanks -
BF2Mad
Member Posts: 171
I may have answered my own question
http://www.petri.co.il/upgrade_windows_2000_gpo_with_xp_features.htm and http://support.microsoft.com/?kbid=307900
