Question about Microsoft ISA Server 2004 (e84-00526) for PC

1 Answer

ISA problem I need to configure an Isa server for 2 groups on my AD. the problem is when I define a deny policy for 1 group, Isa apply it to all users even administrator !!! Do you have any idea about this problem?!

Posted by on

1 Answer

  • Level 1:

    An expert who has achieved level 1.

    Corporal:

    An expert that has over 10 points.

    Problem Solver:

    An expert who has answered 5 questions.

  • Contributor
  • 11 Answers

Block Inheritance settings to stop this replication

Posted on Nov 26, 2009

1 Suggested Answer

6ya6ya
  • 2 Answers

SOURCE: I have freestanding Series 8 dishwasher. Lately during the filling cycle water hammer is occurring. How can this be resolved

Hi,
a 6ya expert can help you resolve that issue over the phone in a minute or two.
best thing about this new service is that you are never placed on hold and get to talk to real repairmen in the US.
the service is completely free and covers almost anything you can think of (from cars to computers, handyman, and even drones).
click here to download the app (for users in the US for now) and get all the help you need.
goodluck!

Posted on Jan 02, 2017

Add Your Answer

Uploading: 0%

my-video-file.mp4

Complete. Click "Add" to insert your video. Add

×

Loading...
Loading...

Related Questions:

1 Answer

Sound recording device disabled. enable of soud recording device


1. Open the all users, specific users or groups, or all users except administrators Local Group Policy Editor for how you want this policy applied.
2. In the left pane, click on User Configuration, Administrative Templates, Windows Components, and Sound Recorder. (See screenshot below)
roadfox_9.jpg

3. In the right pane, right click on Do not allow Sound Recorder to run and click on Properties. (See screenshot above)
roadfox_10.jpg

4. Close Local Group Policy Editor window. Your done

Jun 04, 2011 | Computers & Internet

Tip

Fix Windows 7 Error ?Windows is Not Genuine? Error code 0×80070005


f63627f.png

Those users running genuine version of Windows 7 provided with their hardware platform reported that immediately after log on they were presented with following error message. “Windows is not genuine. Your computer might not be running a counterfeit copy of Windows. 0×80070005.”
Some other symptoms of associated with this issue are,
The computer desktop background is black, and you receive the following error message on the bottom right corner of the screen:
“This copy of Windows is not genuine”
You receive the following error message when you view the System Properties: (Control Panel / System and Security / System)
“You must activate today. Activate Windows now”
If you try to use slmgr.vbs /dlv to view the licensing status, you receive the following message:
Error: 0×80070005 Access denied: the requested action requires elevated privileges
Microsoft is fully aware of this issue and provided following explanation for the issue,
There is a lack of permissions in the registry key HKU\S-1-5-20. The Network Service account must have full control and read permissions over that registry key.
This situation may be the result of applying a Plug and Play Group Policy object (GPO).
To resolve this issue, you can either disable the policy setting (Method A), or edit the permissions to provide the Licensing Service the required permissions (Method B).
Method A: Disable the Plug and Play Policy

1. Determine the source of the policy . To do this, follow these steps:
a. On the client experiencing the Activation error, run the Resultant Set of Policy wizard by clicking Start, Run and entering rsop.msc as the command.
b. Visit the following location:
Computer Configuration / Policies / Windows Settings /Security Settings / System Services /
If the Plug and Play service is configured through a Group Policy setting, you see it here with settings other than Not Defined. Additionally, you can see which Group Policy is applying this setting.
2. Disable the Group Policy settings and force the Group Policy to be reapplied.
a. Edit the Group Policy that is identified in Step 1 and change the setting to “Not Defined.” Or, follow the section below to add the required permissions for the Network Service account.
b. Force the Group Policy setting to reapply: gpupdate /force (a restart of the client is sometimes required)
Method B: Edit the permissions of the Group Policy:

1. Open the Group Policy that is identified in Method A, Step 1 above, and open the corresponding Group Policy setting.
2. Click the Edit Security button, and then click the Advanced button.
3. In the Advanced Security Settings for Plug and Play window click Add and then add the SERVICE account. Then, click OK
4. Select the following permissions in the Allow section and then click OK:
Query template, Query status, Enumerate dependents, Interrogate, User-defined control, Read permissions
Note: The Previous rights are the minimum required permissions.
5. Run gpupdate /force after you apply the previous permissions to the Group Policy setting.
6. Verify that the appropriate permissions are applied with the following command:
sc sdshow plugplay
The following are the rights applied to the Plug and Play service in SDDL:
D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)
(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)
(A;;CCLCSWLOCRRC;;;IU)
(A;;CCLCSWLOCRRC;;;SU)
S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
(A;;CC LC SW LO CR RC ;;;SU is an Access Control Entry (ACE) that allows the following rights to “SU” (SDDL_SERVICE – Service logon user)
A: Access Allowed
CC: Create Child
LC: List Children
SW: Self Write
LO: List Object
CR: Control Access
RC: Read Control
SU: Service Logon User
Note: If there are no GPO’s in place, then another activity may have changed the default registry permissions. To work around this issue, perform the following steps:
1. On the computer that is out of tolerance, start Registry Editor.
2. Right-click the registry key HKEY_USERS\S-1-5-20, and select Permissions…
3. If the NETWORK SERVICE is not present, click Add…
4. In Enter the object names to select type Network Service and then click Check Names and OK.
5. Select the NETWORK SERVICE and Grant Full Control and Read permissions.
6. Restart the computer.
7. After the restart, the system may require activation. Complete the activation.

on Jul 15, 2010 | Computers & Internet

Tip

Fix Windows 7 Error ?Windows is Not Genuine? Error code 0×80070005


To resolve this issue, you can either disable the policy setting (Method A), or edit the permissions to provide the Licensing Service the required permissions (Method B).
Method A: Disable the Plug and Play Policy 1. Determine the source of the policy . To do this, follow these steps:

a. On the client experiencing the Activation error, run the Resultant Set of Policy wizard by clicking Start, Run and entering rsop.msc as the command.

b. Visit the following location:

Computer Configuration / Policies / Windows Settings /Security Settings / System Services /


If the Plug and Play service is configured through a Group Policy setting, you see it here with settings other than Not Defined. Additionally, you can see which Group Policy is applying this setting.

2. Disable the Group Policy settings and force the Group Policy to be reapplied.

a. Edit the Group Policy that is identified in Step 1 and change the setting to “Not Defined.” Or, follow the section below to add the required permissions for the Network Service account.

b. Force the Group Policy setting to reapply: gpupdate /force (a restart of the client is sometimes required)
Method B: Edit the permissions of the Group Policy: 1. Open the Group Policy that is identified in Method A, Step 1 above, and open the corresponding Group Policy setting.

2. Click the Edit Security button, and then click the Advanced button.

3. In the Advanced Security Settings for Plug and Play window click Add and then add the SERVICE account. Then, click OK

4. Select the following permissions in the Allow section and then click OK:
Query template, Query status, Enumerate dependents, Interrogate, User-defined control, Read permissions

Note: The Previous rights are the minimum required permissions.

5. Run gpupdate /force after you apply the previous permissions to the Group Policy setting.

6. Verify that the appropriate permissions are applied with the following command:

sc sdshow plugplay


The following are the rights applied to the Plug and Play service in SDDL:

D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)

(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)

(A;;CCLCSWLOCRRC;;;IU)

(A;;CCLCSWLOCRRC;;;SU)

S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

(A;;CC LC SW LO CR RC ;;;SU is an Access Control Entry (ACE) that allows the following rights to “SU” (SDDL_SERVICE – Service logon user)

A: Access Allowed

CC: Create Child

LC: List Children

SW: Self Write

LO: List Object

CR: Control Access

RC: Read Control

SU: Service Logon User

Note: If there are no GPO’s in place, then another activity may have changed the default registry permissions. To work around this issue, perform the following steps:

1. On the computer that is out of tolerance, start Registry Editor.

2. Right-click the registry key HKEY_USERS\S-1-5-20, and select Permissions…

3. If the NETWORK SERVICE is not present, click Add…

4. In Enter the object names to select type Network Service and then click Check Names and OK.

5. Select the NETWORK SERVICE and Grant Full Control and Read permissions.

6. Restart the computer.

7. After the restart, the system may require activation. Complete the activation.

on May 19, 2010 | Computers & Internet

1 Answer

I have genuine windows 7 but computer says that it is not genuine


To resolve this issue, you can either disable the policy setting (Method A), or edit the permissions to provide the Licensing Service the required permissions (Method B). Method A: Disable the Plug and Play Policy
1. Determine the source of the policy. To do this, follow these steps:
a. On the client experiencing the Activation error, run the Resultant Set of Policy wizard by clicking Start, Run and entering rsop.msc as the command.
b. Visit the following location:
Computer Configuration / Policies / Windows Settings /Security Settings / System Services /
If the Plug and Play service is configured through a Group Policy setting, you see it here with settings other than Not Defined. Additionally, you can see which Group Policy is applying this setting.

2. Disable the Group Policy settings and force the Group Policy to be reapplied.
a. Edit the Group Policy that is identified in Step 1 and change the setting to "Not Defined." Or, follow the section below to add the required permissions for the Network Service account.
b. Force the Group Policy setting to reapply: gpupdate /force (a restart of the client is sometimes required)
Method B: Edit the permissions of the Group Policy:
1. Open the Group Policy that is identified in Method A, Step 1 above, and open the corresponding Group Policy setting.
2. Click the Edit Security button, and then click the Advanced button.
3. In the Advanced Security Settings for Plug and Play window click Add and then add the SERVICE account. Then, click OK
4. Select the following permissions in the Allow section and then click OK:
Query template
Query status
Enumerate dependents
Interrogate
User-defined control
Read permissions
Note: The Previous rights are the minimum required permissions.
5. Run gpupdate /force after you apply the previous permissions to the Group Policy setting.
6. Verify that the appropriate permissions are applied with the following command:
sc sdshow plugplay
The following are the rights applied to the Plug and Play service in SDDL:

D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)
(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)
(A;;CCLCSWLOCRRC;;;IU)
(A;;CCLCSWLOCRRC;;;SU)
S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
(A;;CC LC SW LO CR RC ;;;SU is an Access Control Entry (ACE) that allows the following rights to "SU" (SDDL_SERVICE - Service logon user)
A: Access Allowed
CC: Create Child
LC: List Children
SW: Self Write
LO: List Object
CR: Control Access
RC: Read Control
SU: Service Logon User
Note: If there are no GPO's in place, then another activity may have changed the default registry permissions. To work around this issue, perform the following steps:
  1. On the computer that is out of tolerance, start Registry Editor.
  2. Right-click the registry key HKEY_USERS\S-1-5-20, and select Permissions...
  3. If the NETWORK SERVICE is not present, click Add...
  4. In Enter the object names to select type Network Service and then click Check Names and OK.
  5. Select the NETWORK SERVICE and Grant Full Control and Read permissions.
  6. Restart the computer.
  7. After the restart, the system may require activation. Complete the activation.
If you think this solution helps you then your token of appreciation in the form of Rating and a testimonial will be esteemed.
Thank you and Keep Visiting FixYa!

Apr 13, 2011 | Microsoft Windows 7 Ultimate 32 & 64 BIT

1 Answer

Block ultrasurf


Hi,

UltraSurf is a hard one to block from ISA itself because it uses the local host computer through port 9666 as it’s proxy to intercept browser requests and encrypt them through 443/SSL traffic through your corporate proxy server. UltraSurf uses a network of anonymous proxies like Botnets that can change dynamically at any given time.

So how can you successfully block it? Well I don’t know if you can totally but you may be able to deter it a bit.
A few ways are:

Policy – Do you have an acceptable use policy in-place? If you do then I would think the threat of job loss and termination should be a darn good deterrent.

At the local host – Using group policy, restrict access to the local host site in IE. That would be 127.0.0.1 and Ultra1 that it resolves to. If you have the capability, restrict TCP port 9666 on the local host outbound. Setting software restriction in group policy is another to prevent the UltraSoft application from running.

On the ISA – Go to http://www.isaserver.bm and download Steve’s blocking anonymous domain sets and configure a deny access rule to help block anonymous proxy access. You won’t totally stop access but the list will defiantly put a damper on accessing the most popular sites.

Collective software ClearTunnel is another ISA add-on to help uncover scrupulous activity.

http://www.collectivesoftware.com/Products/ClearTunnel


Good luck!
Save a tree.

Apr 28, 2010 | Computers & Internet

1 Answer

Cannot enable sytems restore. Message: Group


1. Click Start, Run and type regedit.exe and press Enter

2. Navigate to the following key:

HKEY_LOCAL_MACHINE \ Software \ Policies \ Microsoft \ Windows NT \ SystemRestore

In the right-pane:

* Delete the value DisableConfig
* Delete the value DisableSR

3. Exit the Registry Editor.

In Windows XP Professional, you can accomplish the above using Group Policy Editor as well.

1. Click Start, Run and type GPEDIT.MSC

2. Navigate to this path:

-> Computer Configuration
--> Administrative Templates
---> System
----> System Restore

3. Set Turn off System Restore to Not Configured

4. Set Turn off Configuration to Not Configured
More Information

Turn off System Restore corresponds to DisableSR registry value. With this Policy is turned ON, the System Restore tab may be missing in My Computer Properties. Also, when you run System Restore (rstrui.exe), you receive this message:

System Restore has been turned off by group policy. To turn on System Restore, contact your domain Administrator.

Turn off Configuration corresponds to DisableConfig registry value. With this Policy turned ON, the System Restore tab will remain displayed but the user cannot configure the SR options. It reads disabled by Group Policy.
http://windowsxp.mvps.org/srpolicy.htm


Or perhaps you can review this
Control of System Restore function has been disabled by "Group Policy".
How do regain control?Go to Start>Run, key in gpedit.msc and hit ENTER. Under Computer
Configuration, expand Administrative Templates, expand System, then click on
the System Restore folder. In the right-hand pane, double-click on Turn off
Configuration and, under the Setting tab, click in the radio button beside
Not Configured. Click on Apply then OK.

Please visit the following Microsoft Knowledge Base website
and review the topic titled: "Method 1: Use Group Policy".

How to Disable the System Restore Configuration User Interface
http://support.microsoft.com/default.asp…

Note: You must be an administrator or owner, or have administrative
privileges to perform this task.

Undo the changes using Group Policy Editor (Gpedit.msc)

-or-

Open Registry Editor and navigate to:

HKEY LOCAL MACHINE\SOFTWARE\Policies\Microsoft\Wind… NT\SystemRestore

In the right-pane, delete the value "DisableConfig".
Close Registry Editor
Close and re-open the System Restore properties page.


Note: Group Policy Editor is only Available in XP Professional (according to http://www.pcreview.co.uk/forums/thread-…

Perhaps one of these links will give you the correct solution
http://forums.techguy.org/windows-nt-200…

http://www.winhelponline.com/blog/restor…

http://www.computing.net/answers/windows…

I hope this helps you to resolve your problem.

Jan 03, 2010 | Microsoft Windows XP Home Edition

1 Answer

How to remote client winxp by using windows 2003 server with ISA2004 server


you need to configure a policy in ISA to allow 3389 port for RDP.
you can then connect to winxp client using mstsc utility.

Nov 12, 2009 | Microsoft ISA Server 2004 (e84-00526) for...

5 Answers

My system restore has been turned off by a group policy "whatever that means"


Resolution 1. Click Start, Run and type regedit.exe and press Enter
2. Navigate to the following key:
HKEY_LOCAL_MACHINE \ Software \ Policies \ Microsoft \ Windows NT \ SystemRestore
In the right-pane:
  • Delete the value DisableConfig
  • Delete the value DisableSR
3. Exit the Registry Editor.
In Windows XP Professional, you can accomplish the above using Group Policy Editor as well.
1. Click Start, Run and type GPEDIT.MSC
2. Navigate to this path:
-> Computer Configuration
--> Administrative Templates
---> System
----> System Restore
3. Set Turn off System Restore to Not Configured
4. Set Turn off Configuration to Not Configured




For standalone Windows Vista systems, use these steps:
Using the Group Policy Editor
If your edition of Windows Vista includes the Group Policy Editor snap-in (gpedit.msc), follow these steps:
1. Click Start, type gpedit.msc and press ENTER
2. Go to the following branch:
Computer Configuration | Administrative Templates | System | System Restore 3. Double-click Turn off Configuration and set it to Not configured.
Note: If the above setting is already set to Not configured, set it to Enabled and click Apply. Then revert back the setting to Not configured, and click Apply, OK.
4. Exit the Group Policy Editor.
Using the Registry Editor
1. Click Start, type regedit.exe and press ENTER
2. Navigate to the following key:
HKEY_LOCAL_MACHINE \ Software \ Policies \ Microsoft \ Windows NT \ SystemRestore 3. In the right-pane, delete the value named DisableConfig
4. Exit the Registry Editor.

If you set the Turn of configuration option to Enabled, the option to configure System Restore on the Configuration Interface disappears. If the Turn off Configuration setting is disabled, the configuration interface is still visible, but all System Restore configuration defaults are enforced, and the Create button is grayed out. If you set it to Not configured, the configuration interface for System Restore remains, and the user has the ability to configure System Restore.


regards
iversh

if you felt i ve spent my time for answering your query.... kindly rate the service very helpful



Aug 30, 2009 | HP Compaq Presario SR2013WM (RE468AA#ABA)...

2 Answers

TERMINAL USER SECURITY IN WINDOWS 2003


please define users & give him restrictions as well as rights,
make them as an standard user (dont define them as an administrators) if u have some applications which have to be use by terminal users then give them only that much of applications..


dont allow them to use anyother applications..

May 03, 2008 | Microsoft Windows Server Standard 2003 for...

1 Answer

Logging on to server


You need to go into administrative tools and look for group policy.

In the local computer policy
Computer Configuration
Windows Settings > security settings > Local policies > user rights assignment. In the right hand pane find the policy for "Allow log on locally" Set the user accounts for those users which are allowed to log on interactively on the server. Be careful you dont lock the administrator account out.
Use in conjunction with the "Deny logon locally policy" if you need to.
Hope this helps

Mar 22, 2008 | Microsoft Windows Server Standard 2003 for...

Not finding what you are looking for?
Microsoft ISA Server 2004 (e84-00526) for PC Logo

Related Topics:

131 people viewed this question

Ask a Question

Usually answered in minutes!

Top Microsoft Computers & Internet Experts

micky dee

Level 3 Expert

2642 Answers

Les Dickinson
Les Dickinson

Level 3 Expert

18344 Answers

Brian Sullivan
Brian Sullivan

Level 3 Expert

27725 Answers

Are you a Microsoft Computer and Internet Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides

Loading...