Re: Admin rights to local system via GPO
anonymous_at_discussions.microsoft.com
Date: 06/28/04
- Next message: Jeff: "Reboot from Startup script--failing!"
- Previous message: Darren Mar-Elia: "Re: limiting size of Temp. Intenet File folder w/ GP"
- In reply to: Darren Mar-Elia: "Re: Admin rights to local system via GPO"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 28 Jun 2004 11:07:44 -0700
Hey Darren,
Here is the result from gpresult. Still no Admin rights,
I have verified once again the recommended GPO settings
per Microsoft without luck. I'm surprised how difficult
this is.
Thanks for all your help, maybe you can see something in
this text:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
G:\khuynh>gpresult
Microsoft (R) Windows (R) XP Operating System Group
Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 6/28/2004 at 11:02:06 AM
RSOP results for MATRIXDIRECT\khuynh on XPWS-TANDERSON1 :
Logging Mode
----------------------------------------------------------
-------------
OS Type: Microsoft Windows XP
Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: MATRIXDIRECT
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
Roaming Profile:
Local Profile: C:\Documents and
Settings\khuynh
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=XPWS-
TANDERSON1,CN=Computers,DC=corp,DC=matrixdirect,DC=com
Last time Group Policy was applied: 6/28/2004 at
11:00:31 AM
Group Policy was applied from:
dc2.corp.matrixdirect.com
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
Default Domain Policy
The following GPOs were not applied because they were
filtered out
------------------------------------------------------
-------------
Local Group Policy
Filtering: Not Applied (Empty)
The computer is a part of the following security
groups:
------------------------------------------------------
--
BUILTIN\Administrators
Everyone
BUILTIN\Users
XPWS-TANDERSON1$
Domain Computers
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
USER SETTINGS
--------------
CN=KHUYNH,OU=SoftDev,DC=corp,DC=matrixdirect,DC=com
Last time Group Policy was applied: 6/28/2004 at
11:00:40 AM
Group Policy was applied from:
dc2.corp.matrixdirect.com
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
Default Domain Policy
The following GPOs were not applied because they were
filtered out
------------------------------------------------------
-------------
SoftDev
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups:
----------------------------------------------------
Domain Users
Everyone
BUILTIN\Users
Software Group
IT Group
Softdev
Software Group
IT Group
LOCAL
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
THANKS!
Travis
>-----Original Message-----
>Travis-
>If the target computer is XP or Server 2003, then you
can run GPResult.exe
>to see if this policy is being received. A logout/login
won't trigger
>processing of this policy because restricted groups is a
computer-specific
>policy and thus is only run at machine startup or during
background refresh.
>You can force a background refresh on XP or Server 2003
by issuing the
>following command:
>
>gpupdate /target:computer /force
>
>If this is Win2K, then gpresult.exe from the Win2K
reskit won't give you
>details about what security policy has run. In that
case, you should run
>gpedit.msc--the local GPO editor--on that machine and
look at the "effective
>policy" column under the restricted groups policy to see
if its picking up
>the domain-based policy. The equivalent command on Win2K
to gpupdate is:
>
>secedit /refreshpolicy /enforce machine_policy
>
>
>--
>Darren Mar-Elia
>MS-MVP-Windows Management
>http://www.gpoguy.com
>
>
>
><anonymous@discussions.microsoft.com> wrote in message
>news:21fd701c45d2f$374b8a00$a601280a@phx.gbl...
>> Darren,
>>
>> I have verified the policy is linked and enabled. How
can
>> I verify the local workstation is processing the
policy?
>> Normally just logging out and back in forces the
>> workstation to read the policy, correct?
>>
>> Travis
>>
>> >-----Original Message-----
>> >Travis-
>> >In order to use restricted groups to set local group
>> membership on member
>> >servers and workstations, the GPO where this is
defined
>> needs to be
>> >processed by the target computers. Is this GPO linked
in
>> such a way that
>> >your target computers are processing it?
>> >
>> >--
>> >Darren Mar-Elia
>> >MS-MVP-Windows Management
>> >http://www.gpoguy.com
>> >
>> >
>> >
>> ><anonymous@discussions.microsoft.com> wrote in message
>> >news:2240401c45d2a$09c065b0$a301280a@phx.gbl...
>> >> I have applied the http://support.microsoft.com?
>> >> kbid=320065 setting to my Win 2003 server without
any
>> >> results. The group still does not have admin rights
to
>> >> the local machines.
>> >>
>> >> Any other suggestions?
>> >>
>> >> Travis
>> >>
>> >> >-----Original Message-----
>> >> >Hey guys,
>> >> >
>> >> >I'm really confussed after reading several articals
>> >> about
>> >> >how to set the GPO to allow a group to have admin
>> rights
>> >> >to any computer in the domain they logon to.
>> >> >
>> >> >Can someone explain to me, in lay men terms, how
to go
>> >> >about doing this?
>> >> >
>> >> >Thanks!
>> >> >
>> >> >Travis
>> >> >.
>> >> >
>> >
>> >
>> >.
>> >
>
>
>.
>
- Next message: Jeff: "Reboot from Startup script--failing!"
- Previous message: Darren Mar-Elia: "Re: limiting size of Temp. Intenet File folder w/ GP"
- In reply to: Darren Mar-Elia: "Re: Admin rights to local system via GPO"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
