Re: Loopback Processing and Deny Apply in ACL
From: Brian Higgins (brian_at_NOSPAMaccentconsulting.com)
Date: 11/15/04
- Next message: Brian Higgins: "Re: Loopback Processing and Deny Apply in ACL"
- Previous message: Adam Butler: "Re: Adding xp sp2 gpo"
- In reply to: Anthony Yates: "Re: Loopback Processing and Deny Apply in ACL"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 15 Nov 2004 17:29:48 -0500
The actual group policy is being applied to the user logon, even when I am
setting a deny apply setting in the acl, which mode of AD are you running in
where it is working? is is not just a matter of not configuring a otherwise
applied policy...
"Anthony Yates" <anthonyDINGyates@airDONGdesk.com> wrote in message
news:OK21lDNyEHA.3368@TK2MSFTNGP15.phx.gbl...
> Do you mean that the policy is still being actively applied, or that the
> policy setting has not been reversed? Most policies are Not Configured by
> default. If you Apply the policy to a user (with the loopback) then Deny
> it,
> you do not end up back at the default setting, you stay on the last one
> that
> was configured. Try deleting the user's terminal services profile and
> recreating it.
> We Deny the loopback policy to the people administering the terminal
> servers, and it works fine.
> Anthony
>
>
>
>
>
>
>
>
>
>
> "Brian Higgins" <brian@NOSPAMaccentconsulting.com> wrote in message
> news:%23yAb1cMyEHA.2572@tk2msftngp13.phx.gbl...
>> I have a 2003 terminal server on a 2003 domain, I have configured my
> GPO
>> for the terminal server (which is in it's own OU, and enabled loopback
>> processing in replace mode. everything works exactly as I would like, for
>> the users, but there is a software developer that needs full,
> un-restricted
>> access (he does not get domain wide, just local, admin access) to this
>> server to maintain and update some custom software running on the server.
>>
>> I have followed the steps in Q315675 and applied the same principal
>> of
>> setting the deny apply gpo setting in the acl to the user account of this
>> developer (actually a security group that he is a member of), I waited
>> for
>> plenty of time for the group membership and the ACL to propigate, I then
> ran
>> gpupdate /force on both the machine I was running the RSOP (planning
>> mode)
>> and on the terminal server (for when running RSOP in logging mode) and
> both
>> RSOP datasets show that the user gpo is still applying to the user who is
>> listed in the ACL with a deny entry in the apply setting.
>>
>> What am I missing in regards to allowing this (and any other user in
> the
>> future) the ability to logon to the terminal server without getting
>> locked
>> down by my terminal restrictions gpo?
>>
>> Any help here would be apprecieated.
>>
>> Thanks.
>> - Brian
>>
>>
>
>
- Next message: Brian Higgins: "Re: Loopback Processing and Deny Apply in ACL"
- Previous message: Adam Butler: "Re: Adding xp sp2 gpo"
- In reply to: Anthony Yates: "Re: Loopback Processing and Deny Apply in ACL"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
