Re: Restricting Local Admin Group w/GPO
From: Jeff (anonymous_at_discussions.microsoft.com)
Date: 10/06/04
- Next message: t: "Re: WMI generic failure"
- Previous message: Mike: "Re: basic Group policy questions"
- In reply to: Roger Abell: "Re: Restricting Local Admin Group w/GPO"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 6 Oct 2004 08:40:43 -0700
Thanks everyone for the help. What I found in the
winlogon.log were a couple of errors relating to a
different GPO that was created as a security template to
give file system rights to users (this keeps us from
having to assign everyone to the local admins group for
installs and upgrades). The paths had changed since the
GPO was written, causing the template to bomb-out.
Once I cleaned that up, the Restricted Groups GPO worked
properly.
Thanks so much again!
>-----Original Message-----
>I can confirm that it does work wth the environment you
>describe. Are any policies at all being applied to the
>computers whose objects are in the OU ? The link of
>the GPO to the OU is enabled? The computer policies
>portion of the GPO is enabled?
>When logged into one of the client machines, if you run
>netdiag (from the support tools) it comes out clean?
>
>--
>Roger Abell
>Microsoft MVP (Windows Server System: Security)
>MCSE (W2k3,W2k,Nt4) MCDBA
><anonymous@discussions.microsoft.com> wrote in message
>news:12d201c4aba4$f56f12e0$a601280a@phx.gbl...
>> Yes I did, 1 each of WinXP Pro and Win2k clients...
>>
>>
>>
>> >-----Original Message-----
>> >Did you place test computer accounts into the OU where
>> you apply the policy?
>> >
>> >--
>> >Dmitry Korolyov [d__k@removethispart.mail.ru]
>> >MVP: Windows Server - Active Directory
>> >
>> >
>> > "Jeff" <jcontreras@triangleortho.com> wrote in
message
>> >news:381201c4aaf5$495f0550$a301280a@phx.gbl...
>> > Hi everyone, I'm trying to implement a GPO that
>> restricts
>> > the Local Administrators group to Domain Admins and a
>> > couple of "specialty groups" that are set-up to
>> accomplish
>> > things like unlock locked-PC's. This GPO also strips
>> > regular users from the Local Administrators group.
>> >
>> > I have followed the steps outlined here:
>> >
>> >
>>
http://www.microsoft.com/windows2000/techinfo/reskit/deploy
>> >
>>
mentscenarios/scenarios/ou_manage_domains_computers_gp.asp
>> >
>> > but for some reason the GPO fails to strip regular
users
>> > (that were already there) from the Local
Administrators
>> > group on my clients, and it fails to add the groups I
>> > specified. It just doesn't want to work. :(
>> >
>> > I know I followed those directions to a T. I have 2
>> > Win2k3 DC's and all clients are 2k or XP. I have
>> applied
>> > this to an OU for testing purposes, but for the life
of
>> me
>> > can not figure out why it does not work!!!!
>> >
>> > Is there anyone out there who has accomplished this
>> using
>> > 2003 DC's? I'm wondering if there is an issue
>> there...???
>> >
>> > Any help would/is more than appreciated.
>> >
>> > Thanks in advance...
>> >
>> >
>
>
>.
>
- Next message: t: "Re: WMI generic failure"
- Previous message: Mike: "Re: basic Group policy questions"
- In reply to: Roger Abell: "Re: Restricting Local Admin Group w/GPO"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
