Re: Computer componet of GP not being applied
From: Mark Renoden [MSFT] (markreno_at_online.microsoft.com)
Date: 09/15/04
- Next message: Owen Williams: "Re: Event 1030 GPO problem with specific on specific PC"
- Previous message: Darren Mar-Elia: "Re: Modifying Software Installation path"
- In reply to: Andrew: "Re: Computer componet of GP not being applied"
- Next in thread: Andrew: "Re: Computer componet of GP not being applied"
- Reply: Andrew: "Re: Computer componet of GP not being applied"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 15 Sep 2004 11:46:15 +1000
Hi Andrew
I can understand if the User Configuration portion of the GPO is not
applying. That is quite possibly related to groups and permissions. I
would expect that anything in the Computer Configuration portion of the GPO
is applying as expected?
Is the loopback set to merge or replace?
By "non-standard permissions", I mean what are the permissions on the GPO?
If you look at the properties of the OU in which the Terminal Server resides
and then the Group Policy tab, select the GPO you're having trouble with,
click Properties and then look at the Security tab. What permissions are
set here?
Kind regards
-- Mark Renoden [MSFT] Windows Platform Support Team Email: markreno@online.microsoft.com Please note you'll need to strip ".online" from my email address to email me; I'll post a response back to the group. This posting is provided "AS IS" with no warranties, and confers no rights. "Andrew" <arheaume@bridgetech.com> wrote in message news:e3tg$rlmEHA.392@tk2msftngp13.phx.gbl... > It all seems to be linked to the local user groups on the terminal server. > When they are in the admin local group, I get all the locked down > settings, > but if I move the user to the local user group they are not locked > down...suchs as I can open a dos prompt and execute commands. > Not sure what you mean by "non-standard permissions" > Yes, the loopback is applied. > The user are in a different OU then the Terminal Server. > > "Mark Renoden [MSFT]" <markreno@online.microsoft.com> wrote in message > news:OUBm1eUmEHA.2180@TK2MSFTNGP12.phx.gbl... >> Hi Andrew >> >> This doesn't sound right. Computer Configuration settings are applied >> before login and as such, have nothing to do with the user account. >> >> Do you have any non-standard permissions set on the GPO? >> >> Are you using policy loopback? >> >> Are the user accounts in a different OU or the same OU as the Terminal >> Server? >> >> Kind regards >> -- >> Mark Renoden [MSFT] >> Windows Platform Support Team >> Email: markreno@online.microsoft.com >> >> Please note you'll need to strip ".online" from my email address to email >> me; I'll post a response back to the group. >> >> This posting is provided "AS IS" with no warranties, and confers no > rights. >> >> "Andrew" <arheaume@bridgetech.com> wrote in message >> news:%237MITsSmEHA.3712@TK2MSFTNGP15.phx.gbl... >> > I'm restricting computer settings for terminal server clients via group >> > policies using a windows 2003. My problem is when the user logs in via >> > terminal services and their account in located in the local > Administrators >> > group on the Terminal Server the group policies (user/computer) are >> > applied. >> > This is good. Now I would like to move the Terminal server users from > the >> > local administrator group to the local users group on the Terminal > server. >> > When I do this, the user component of the group policy is applied but > not >> > the computer component. I have verified this using gpresult. >> > >> > Any insight on this issue would be appreciated. >> > >> > >> >> > >
- Next message: Owen Williams: "Re: Event 1030 GPO problem with specific on specific PC"
- Previous message: Darren Mar-Elia: "Re: Modifying Software Installation path"
- In reply to: Andrew: "Re: Computer componet of GP not being applied"
- Next in thread: Andrew: "Re: Computer componet of GP not being applied"
- Reply: Andrew: "Re: Computer componet of GP not being applied"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
