Re: Run application on remote login

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

So I'm a bit stuffed then , any ideas how I can get back in to reinstate the
read permission rights please? There was just the two columns allow and deny.

"Jeff Pitsch" wrote:

You want to deny "apply group policy" (or something very similar, I'm
going off the top of my head) not read permissions.

Jeff Pitsch
Microsoft MVP - Terminal Services

nigel wrote:
Found advanced and is it correct then now as administrator the default policy
under the domain on the left of the screen says Inaccessable and the screen
on the right 'This group policy is inaccessible because you do not have read
level permissions on it'. how would i reinstate if i need to?

"Jeff Pitsch" wrote:

Click advanced so you can get to the full security interface.

Jeff Pitsch
Microsoft MVP - Terminal Services

nigel wrote:
I have administrators added but in the Delegation tab on default Domain
Policy in group policy management where administrators is listed, allowed
permissions are Read (from security filtering) right click gives options
'Read, Edit settings, Edit settings, delete , modify' but nothing to say
'deny apply this policy'.

Nigel

"Jeff Pitsch" wrote:

If you're using the default GPO editor, I believe you need to go to
view, advanced features to see the security tab. But the GPMC is much
better so I would recommend getting that instead.

Jeff Pitsch
Microsoft MVP - Terminal Services

Vera Noest [MVP] wrote:
Have you downloaded the Group Policy Management Console? I can only
give instructions for the GPMC, since installing it disables the
built-in GP editor in AD Users and Computers.

There should be a window pane at the right side (lower half),
called "Security filtering". Beneath that pane, there's a button
"Add". Add the Administrator account. Then click on the button
"Delegation" at the top of the right window pane to modify the
security settings.

Download GPMC:
http://www.microsoft.com/windowsserver2003/gpmc/default.mspx
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?bmlnZWw=?= <nigel@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote on 03
jan 2009 in microsoft.public.windows.terminal_services:

Thanks I had got as far as the loopback. Following kb81600 I
can't see when, in group policy management I've selected default
domain policy, where to get the properties / security tab
options per step 4 & 5


"Vera Noest [MVP]" wrote:

Configure the setting "Start a program on connection"
as a User Configuration (it exists both under User and Computer
Configuration), configure loopback processing of the GPO:

Computer Configuration - Administrative Templates - System -
Group Policy
"User Group Policy loopback processing mode" - "Replace"

and link it to the OU which contains the Terminal Server (not
the user accounts!).
Then modify the rights for Administrators on the GPO: select
"Deny" for the right to "Apply this policy"

816100 - How To Prevent Domain Group Policies from Applying to
Administrator Accounts and Selected Users in Windows Server
2003 http://support.microsoft.com/?kbid=816100

231287 - Loopback Processing of Group Policy
http://support.microsoft.com/?kbid=231287

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?bmlnZWw=?= <nigel@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote on
02 jan 2009 in microsoft.public.windows.terminal_services:

have successfully got program to run when remote user
connects through RDP using Group Policy. However, the same
happens for Administrator login, which then stops any remote
administration of the server! How can I confgure for users
to run the program but not the administrator account.

Windows server 2003 standard SP2 , terminal services 5 cal
licence.

.

Quantcast