Regmon can help with identifying any permission issues. Just set the filter to "policies" and highlight "denied" while logged on as local admin. Then login with the account you are testing with from another session. Regmon shoudl catch any permission problems.
It probably isn't permissions, but at least this rules it out quickly and easily so later you aren't smacking yourself in the head about it.
Read & Apply
Seems to be related to my mandatory profile, I'll have to pick it apart a bitOn Tue, Jul 1, 2008 at 12:57 PM, Joe Shonk <joe.shonk@gmail.com> wrote:
Do the users have read permission but not apply?
Joe
From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Steve Snyder
Sent: Monday, June 30, 2008 3:55 PM
To: thin@freelists.org
Subject: [THIN] Weird W2K3 GPO issues
new build of W2K3R2, all current M$ patches. Server resides in an OU blocking GPO inheritance, and I have a GPO applied to this OU with very minimal settings for testing using loopback to force user settings. When I logon with a dummy user account (my daily account :) ) the policy settings don't apply (remove shutdown, disable CMD, etc.) but if I run a rsop.msc it shows the settings as being applied. If I make my dummy account a local admin on the box then the settings apply. I've enabled debugging and see entries like
USERENV(16fc.15b4) 10:43:09:525 SetRegistryValue: DisableRegistryTools => 1 [OK]
and in the user's registry key software\microsoft\windows\currentversion\policies\system the values are set properly, they're just not working.
Any thoughts or ideas on whree to look next?
No comments:
Post a Comment