RE: Can't manage Local Users and Groups on Win2K terminal server
From: Vera Noest [MVP] (vera.noest_at_remove-this.hem.utfors.se)
Date: 01/25/05
- Next message: Vera Noest [MVP]: "Re: Printer Redirection does not work with certain ports"
- Previous message: Vera Noest [MVP]: "Re: Remote Desktop Connection and Terminal Services..."
- In reply to: GregB: "RE: Can't manage Local Users and Groups on Win2K terminal server"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 25 Jan 2005 14:10:40 -0800
Then it seems that your GPO isn't applied as you want it, because
you still see the effects of the restrictive Default Domain GPO.
I'm not exactly sure either if what you are trying to do should be
done this way. You say that your TS policy "blocks" the Default
Domain Policy, but I assume you mean that you undo the settings? Or
have you explicitly set "Block inheritance"? Have you verified if
the Default Domain policy allows to be blocked or undone? Maybe it
uses the "No Override" setting?
--
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
--- please respond in newsgroup, NOT by private email ---
"=?Utf-8?B?R3JlZ0I=?=" <GregB@discussions.microsoft.com> wrote on
25 jan 2005 in microsoft.public.windows.terminal_services:
> Ooppss - In the last line, I meant to say I have a user loopback
> GPO in place to block the local user/group restriction coming
> down from the default domain policy.
>
> Thanks,
> Greg
>
> "GregB" wrote:
>
>> We have a Win2K TS box in a full 2003 AD environment (including
>> 2003 Forest functional mode). The issue is we cannot manage
>> any local users and groups when we logon through Terminal
>> Services using an AD based user ID. When I open the Computer
>> Management MMC by right-clicking on My Computer, the Local
>> Users and Groups doesn't appear. If I logon on locally,
>> everything works as expected. The only way I can manage local
>> users/groups is by logging on with a local administrator ID.
>> In my default domain policy, I do have a restriction on
>> managing Local Users and Groups enabled. However, I have a
>> user loopback policy GPO set to replace that should block that
>> restriction.
>>
>> Any thoughts?
>>
>> Thanks,
>> Greg
- Next message: Vera Noest [MVP]: "Re: Printer Redirection does not work with certain ports"
- Previous message: Vera Noest [MVP]: "Re: Remote Desktop Connection and Terminal Services..."
- In reply to: GregB: "RE: Can't manage Local Users and Groups on Win2K terminal server"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
