Re: Move W2K3 server to it's own OU seperate from SBS (MyBusiness) OU

I think this thread is getting too long and the taks I want to really do is
beginning to get more complicated than it should be. All I want to be able
to do is manage the local policies on the member server and not have it
defined by the SBS server. I created a new OU at the same level as
MyBusiness and called it MyCitrix. I thought that was all that was needed.
When I log onto the member server and open the local policy editor I cannot
manage the "log on locally" and the "log on as a service" policies. These
are being defined by the SBS server. A few simple questions here.

Did I create the new OU - MyCitrix at the wrong level?
How or what do I need to do to be able to manage these policies on the
member server?


"Les Connor [SBS MVP]" <les.connor@xxxxxxxxxxxx> wrote in message
news:6A5699D0-3DB7-4DB0-91E6-200FF822C98A@xxxxxxxxxxxxxxxx
Ahh, I understand now.

You can create a new OU at the same level (or another, but I'd keep it
within the My Biz structure) create and apply GP with the settings you
want to that OU, and drag the computer object into that OU.

Or, there are other ways.



--
Les Connor [SBS MVP]


"California SBS Dreaming" <noreply@xxxxxxxxxxx> wrote in message
news:uxyXkSIWIHA.3420@xxxxxxxxxxxxxxxxxxxxxxx
For most policies yes I can. But the two I'm concerned about and need to
manage are "allow to log on locally" and "log on as a service". These
services the "Add" option is greyed out because they are define and
inherited from the SBS server. I'm afraid you do not quite understanding
my post Les. I have no problems creating the local account on the member
server. I need to able to add this local account to the local policy.
Hence my reasoning to moving it out of the MyBusiness OU. I don't want
the member server to get the ploicies from the SBS server.

"Les Connor [SBS MVP]" <les.connor@xxxxxxxxxxxx> wrote in message
news:9F2399E5-6A87-4E97-8D42-68267F061F31@xxxxxxxxxxxxxxxx
If you log onto the member server, and right click my computer > manage,
do you not see local users and groups? Can you not add a local user
here, and/or add a domain user account to the local user group?

--
Les Connor [SBS MVP]


"California SBS Dreaming" <noreply@xxxxxxxxxxx> wrote in message
news:Opng5cGWIHA.5208@xxxxxxxxxxxxxxxxxxxxxxx
Les,
Thank you for you for taking the time and your input. I stated in my
post that this program "requires" a local non admin account. It will
not work with a domain account. This W2K3 server is a member server
only. So I need to be able to grant this local account the right to
"log on as a service" on the local machine. Hence the reason why I need
to be able to manage the local group policy on the server.

"Les Connor [SBS MVP]" <les.connor@xxxxxxxxxxxx> wrote in message
news:091C6019-18FA-43D1-A329-9FD15635F5EB@xxxxxxxxxxxxxxxx
Is the member server a DC? If so, it has no local users. I'd suggest
it shouldn't be a DC, but even so, you should be able to create and
use a domain user account for the service.

--
Les Connor [SBS MVP]


"California SBS Dreaming" <noreply@xxxxxxxxxxx> wrote in message
news:O6jT7u7VIHA.5348@xxxxxxxxxxxxxxxxxxxxxxx
I am running SBS 2003 Premium SP1. I've also got a W2K3 Standard SP1
server that is part of the SBS domain. I need to install an
application that requires a non administrative "local" account and
given the right to "log on as a service" on the local machine.
Well my issue is that because the W2K3 server is in the SBS
MyBusiness OU it inherits the GPO from the SBS server and of course
we all know that I cannot add a local machine account to allow it to
"log on as a service". I also cannot edit or add a local machine
account to the local policies. OK not a problem I said. I'll just
create a new OU and move the W2K3 server there which I did. My
problem is that I still cannot add or edit the "log on as a service"
on the local machine. It appears to still be inheriting it's policies
from the SBS server. I think my problem is that I may have created
the new OU at the wrong level of the forest. The SBS "MyBusiness" OU
resides on the tree under domain.local which is the same level where
I create this new OU and moved the W2K3 server to. I want to be able
to control local policies on the W2K3 server. Did I create the OU at
the wrong level of my forest tree?










.

Relevant Pages

  • Re: Remote access to member server
    ... access the system he gets an account he is responsible for the actions of. ... The 'member server' is, according to the original post, also TS Apps mode. ... years we VPN'd to the SBS 2000 servers, then RDP to the ip of our ...
    (microsoft.public.windows.server.sbs)
  • Re: sbs 2003 / exchange
    ... What if you create all their accounts on the Exchange server, ... To test my theory, create an account on ... SBS server with the name of the remote office email account you use, ... receiving email fine but unable to send email to the remote branches. ...
    (microsoft.public.windows.server.sbs)
  • RE: Lost OWA when Hdware firewall dropped
    ... connect to OWA even on the server via http://server name/exchange. ... DNS server setting to make sure that IP address of the SBS internal server ... return to the right internal IP address of SBS server? ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN, mapped drives
    ... cannot access the shares on the SBS Server thru VPN ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • RE: Remote Access
    ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... How many network adapter you installed on the SBS server box? ...
    (microsoft.public.windows.server.sbs)