Re: Is this a GPO setting or not?
From: Bruce Sanderson (bsanders_at_junk.junk)
Date: 08/21/04
- Next message: Bruce Sanderson: "Re: Applying GP to Users in a Terminal Server"
- Previous message: Brian Desmond [MVP]: "Re: Win2003 group policies"
- In reply to: Charles: "Is this a GPO setting or not?"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 21 Aug 2004 13:19:32 -0700
Sounds to me that the permissions on the Documents and Setting folder have
been manipulated.
If Users are removed from the permissions on the Documents and Settings
folder, a user that does not already have a profile, can't create one and
you get the message box saying the user profile can not be loaded with a
count down timer.
But, Administrators still have access, so when the user's account is in the
Administrators group, that user can logon and create their profile in
Documents and Settings. The user's account specifically gets Full Control
over its profile folder, so, after the user's account is removed from the
Administrators group, they can still logon and use their profile folder.
-- Bruce Sanderson MVP It is perfectly useless to know the right answer to the wrong question. "Charles" <mentaldrowremovethis@gimail.af.mil> wrote in message news:277101c4866f$a0efd2e0$a301280a@phx.gbl... > I'm trying to duplicate a setting on a few of the > machines I manage that will prevent users from logging > into the machines unless I go through the Users and > Passwords Control Panel item or Local Groups and User MMC > snap-in and give them permission to logon to the > machine. They initially have to be input into the > machine this way with Admin access to the machine and > then bumped down to a lower permissions level. If their > profiles aren't manually added in this manner they get a > message like this. "Cannot copy C:\Documents and > Settings\Default User\Favorites\<insert url here> to > C:\DOcuments and Settings\<insert User Name > here>\Favorite\... etc" with a countdown time at the > bottom. At the time out they get another message that > basically tells them to contact the Network Admin because > their profile could not be created on the machine. I > don't have much authority over the User Domain accounts > so I can't add them to specific OU except at the Local > machine level but I have complete control over the > machines themselves. Is this something that can be done > via the GPO or Local Security Settings? Is there another > MMC snap-in that I can use to duplicate this setting? > This is the only way I've found so far to prevent users > from logging into certain machines. The previous Network > Admin can't remember what he did to activate this so I'm > pretty much on my own. Thanks in advance for any and all > help. > > Charles
- Next message: Bruce Sanderson: "Re: Applying GP to Users in a Terminal Server"
- Previous message: Brian Desmond [MVP]: "Re: Win2003 group policies"
- In reply to: Charles: "Is this a GPO setting or not?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
Loading
