Re: Computer componet of GP not being applied
From: Andrew (arheaume_at_bridgetech.com)
Date: 09/16/04
- Next message: Jerold Schulman: "Re: log off of network after 15 minutes of inactivity"
- Previous message: news.microsoft.com: "W2003 GP application problem from different DCs"
- In reply to: Mark Renoden [MSFT]: "Re: Computer componet of GP not being applied"
- Next in thread: Mark Renoden [MSFT]: "Re: Computer componet of GP not being applied"
- Reply: Mark Renoden [MSFT]: "Re: Computer componet of GP not being applied"
- Reply: Mark Renoden [MSFT]: "Re: Computer componet of GP not being applied"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 16 Sep 2004 08:28:19 -0400
The permissions on the security tab are:
Authenticated users: Read + Apply GP
Creator Owner: Blank
Domain Admins: everything but full control
Enterprise Admins: everything but full control
System: everything but full control and apply policy
The loopback is set to replace
"Mark Renoden [MSFT]" <markreno@online.microsoft.com> wrote in message
news:eF7bHXsmEHA.404@TK2MSFTNGP12.phx.gbl...
> Hi Andrew
>
> I can understand if the User Configuration portion of the GPO is not
> applying. That is quite possibly related to groups and permissions. I
> would expect that anything in the Computer Configuration portion of the
GPO
> is applying as expected?
>
> Is the loopback set to merge or replace?
>
> By "non-standard permissions", I mean what are the permissions on the GPO?
> If you look at the properties of the OU in which the Terminal Server
resides
> and then the Group Policy tab, select the GPO you're having trouble with,
> click Properties and then look at the Security tab. What permissions are
> set here?
>
> Kind regards
> --
> Mark Renoden [MSFT]
> Windows Platform Support Team
> Email: markreno@online.microsoft.com
>
> Please note you'll need to strip ".online" from my email address to email
> me; I'll post a response back to the group.
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> "Andrew" <arheaume@bridgetech.com> wrote in message
> news:e3tg$rlmEHA.392@tk2msftngp13.phx.gbl...
> > It all seems to be linked to the local user groups on the terminal
server.
> > When they are in the admin local group, I get all the locked down
> > settings,
> > but if I move the user to the local user group they are not locked
> > down...suchs as I can open a dos prompt and execute commands.
> > Not sure what you mean by "non-standard permissions"
> > Yes, the loopback is applied.
> > The user are in a different OU then the Terminal Server.
> >
> > "Mark Renoden [MSFT]" <markreno@online.microsoft.com> wrote in message
> > news:OUBm1eUmEHA.2180@TK2MSFTNGP12.phx.gbl...
> >> Hi Andrew
> >>
> >> This doesn't sound right. Computer Configuration settings are applied
> >> before login and as such, have nothing to do with the user account.
> >>
> >> Do you have any non-standard permissions set on the GPO?
> >>
> >> Are you using policy loopback?
> >>
> >> Are the user accounts in a different OU or the same OU as the Terminal
> >> Server?
> >>
> >> Kind regards
> >> --
> >> Mark Renoden [MSFT]
> >> Windows Platform Support Team
> >> Email: markreno@online.microsoft.com
> >>
> >> Please note you'll need to strip ".online" from my email address to
email
> >> me; I'll post a response back to the group.
> >>
> >> This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> >>
> >> "Andrew" <arheaume@bridgetech.com> wrote in message
> >> news:%237MITsSmEHA.3712@TK2MSFTNGP15.phx.gbl...
> >> > I'm restricting computer settings for terminal server clients via
group
> >> > policies using a windows 2003. My problem is when the user logs in
via
> >> > terminal services and their account in located in the local
> > Administrators
> >> > group on the Terminal Server the group policies (user/computer) are
> >> > applied.
> >> > This is good. Now I would like to move the Terminal server users
from
> > the
> >> > local administrator group to the local users group on the Terminal
> > server.
> >> > When I do this, the user component of the group policy is applied but
> > not
> >> > the computer component. I have verified this using gpresult.
> >> >
> >> > Any insight on this issue would be appreciated.
> >> >
> >> >
> >>
> >>
> >
> >
>
>
- Next message: Jerold Schulman: "Re: log off of network after 15 minutes of inactivity"
- Previous message: news.microsoft.com: "W2003 GP application problem from different DCs"
- In reply to: Mark Renoden [MSFT]: "Re: Computer componet of GP not being applied"
- Next in thread: Mark Renoden [MSFT]: "Re: Computer componet of GP not being applied"
- Reply: Mark Renoden [MSFT]: "Re: Computer componet of GP not being applied"
- Reply: Mark Renoden [MSFT]: "Re: Computer componet of GP not being applied"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
