Re: Locked out of group policy on domain controller
- From: Meinolf Weber <meiweb(nospam)@gmx.de>
- Date: Sun, 22 Jun 2008 09:13:18 +0000 (UTC)
Hello Bruce,
If the policy is limited only to user configuration part/settings, i would try to built a GPO, linked to a new OU with all the users that should apply it, so that only the users aregetting the setting's, that should get it. Do not set any machine policies for the users on the DC OU.
But again, you should really avoid this kind of configuration. All GPO's linked to DC OU can easily kick yourself off from the system.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Hi Meinolf,
Thanks for your reply.
My group policy to lock down the terminal server/domain controller
removed normal acces to ADUC through settings on the start menu and
the shortcut I put on the desktop to Administrative Tools says it is
restricted.
Luckily I had an icon for ADUC in my quick start which allowed access
so I could disable the GPO. I noticed this after posting my question.
I only have two servers. One is my PDC the other is a backup DC and I
need to run Terminal Server to utilize our Practice Management
software from remote offices.
Short of adding a third server to handle Terminal Server business, is
there a way to prevent my group policy from locking down the
Administrator who is logging on locally to the Server?
Thanks
"Meinolf Weber" wrote:
Hello Bruce,
So what happens if you open ADUC, properties of Domain controllers
OU, Group policy tab and doubleclick the policy or edit it?
BTW, making a DC terminal server is a really unlucky decision. You
should really prevent this, if possible. Normal users shouldn't work
on DC's for security reasons. Use only member servers, so that you
configure policies in a way, that it can work only on TS.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
I was in the process of locking down my users that access my servers
(which are also domain controllers) with terminal server sessions by
following Q278295. Apparently it worked too well since I am now
locked out of group policy, run command, my computer, etc. At first
i applied this new policy to users which created a few issues that
now appear minor compared to the issues I am having after reapplying
it to my domain controller OU.
I am able to logon locally as domain admin but don't know how to
regain access to group policy to correct this.
Thanks in Advance
.
- Follow-Ups:
- Re: Locked out of group policy on domain controller
- From: Bruce Burgdorf
- Re: Locked out of group policy on domain controller
- References:
- Re: Locked out of group policy on domain controller
- From: Bruce Burgdorf
- Re: Locked out of group policy on domain controller
- Prev by Date: Re: Locked out of group policy on domain controller
- Next by Date: Re: Locked out of group policy on domain controller
- Previous by thread: Re: Locked out of group policy on domain controller
- Next by thread: Re: Locked out of group policy on domain controller
- Index(es):
Relevant Pages
|
