Re: Local Group Policy is assigning only to user with admin rights !!???
From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 04/01/04
- Next message: bruce: "Re: problem XP update for win2000 GPO"
- Previous message: Cary Shultz [A.D. MVP]: "Re: Implementing Windows 2000 group policies on windows 98"
- In reply to: Volkan Senguel: "Local Group Policy is assigning only to user with admin rights !!???"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 1 Apr 2004 07:35:46 -0500
Volkan,
Gruesse Dich!
I am not familiar with your set up but I might suggest that you take a look
at MSKB 278298 to see how you can use GPOs in a Terminal Server environment.
Typically one would put the computer account object in an OU by itself ( or
with other computer account objects if you have multiple Terminal Servers )
and then create a GPO using Loopback ( probably in replace mode ) linked to
that particular OU in which the computer account object is located, taking
care to remove the 'Authenticated Users' security group from the security
tab on that GPO and replace it with a 'home-grown' security group that
contains only all of the user account objects that will access the TS. Give
this group the READ and APPLY GROUP POLICY rights and away you go. The
Administrator account will not be affected by this GPO ( and, thus, have
full unrestricted access ) as it is not a member of the 'home-grown'
security group.
Now, remember how policies are applied: local, site, domain, OU.
Have you thought about using gpotool or gpresult to see exactly what is
going on?
HTH/mfg,
Cary
"Volkan Senguel" <morpheus@2wire.ch> wrote in message
news:uMNScA3FEHA.3032@TK2MSFTNGP09.phx.gbl...
> Hi i have 2 Terminal Server with Win2000 & SP4 (US).
>
> The problem is that the local gpo is only assigned to user who have local
> admin rights on the server!?
>
> I've checked the directory ACL on C:Winnt\system32\GroupPolicy and
> permissions has only:
>
> TerminalServerUsers - Read & Browse (ADS Group)
> System - Full Access (Local)
>
> The strange thing is that only user with local/domain admin rights get the
> Policys applied (Admin are not on the folder ACL).
>
> ?????????????
>
> What must i have to get he policys work like yesterday, on this day whe
had
> no probs with the gpo.
>
> the only thing that we changes is on the local security settings:
>
> Local Policies
> User Rights Assignment
> Impersonate a client after authentication
> Create global object
>
> I gave the TerminalServerUsers access th this policy because since
> ServicePack4 is this option disabled and some apps dosnt work on TS
without
> this settings....
>
> But i have resetted this, restarded the Servers and .... the same -> User
> gets no policies
>
> Has any one a hint or a tip for me to solve this problem?
>
> thanks in advance for any feedback
> Volkan S.
>
>
- Next message: bruce: "Re: problem XP update for win2000 GPO"
- Previous message: Cary Shultz [A.D. MVP]: "Re: Implementing Windows 2000 group policies on windows 98"
- In reply to: Volkan Senguel: "Local Group Policy is assigning only to user with admin rights !!???"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
