gpo question?

  • Thread starter Thread starter RR
  • Start date Start date
R

RR

Recently added our first Win 2003 Server (w/AD) domain. Now when I connect
users to the domain, they can no longer Unlock their taskbar. I think this
is due to some sort of Group Policy Object restriction. Is this right? and
where is it? Thanks!
 
Hello

There is no such setting in the default domain policy. How ever you can run
the built-in command line tool gpresult to find out the settings applied by
Group Policy.

--
Regards,

Christoffer Andersson
No email replies please - reply in the newsgroup
If the information was help full, you can let me know at:
http://www.itsystem.se/employers.asp?ID=1
 
In
RR said:
Recently added our first Win 2003 Server (w/AD) domain. Now when I
connect users to the domain, they can no longer Unlock their taskbar.
I think this is due to some sort of Group Policy Object restriction.
Is this right? and where is it? Thanks!
Click to expand...

IN addtion to Chris' response, this maybe due to the user account being just
that, a user account and that account may not have the permissions or the
rights to do so locally since when logged on to a domain, the account picks
up the domain account's permissions and rights.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In your reply, the account picks up the domain account's permissions and rights, where do you set the domain account's permissions and right

----- Ace Fekay [MVP] wrote: ----

In
RR said:
Recently added our first Win 2003 Server (w/AD) domain. Now when
connect users to the domain, they can no longer Unlock their taskbar
I think this is due to some sort of Group Policy Object restriction
Is this right? and where is it? Thanks
Click to expand...

IN addtion to Chris' response, this maybe due to the user account being jus
that, a user account and that account may not have the permissions or th
rights to do so locally since when logged on to a domain, the account pick
up the domain account's permissions and rights

--
Regards
Ac

Please direct all replies to the newsgroup so all can benefit
This posting is provided "AS IS" with no warranties

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MV
Microsoft Windows MVP - Active Director
 
Keep in mind, there is a difference between a Right and a Permission.

A Right is basically the ability to be able to do something with a local
system, it's functions, etc, such as log on locally, change the system time,
etc.

These Rights for a domain user are acquired from the Default Domain GPO.

A permission is just that, the ability to access a resource, such as a
folder or a printer, etc, that are set in an ACL. For example, you may have
print permissions on a printer, or read permissions on a folder.

WHen a machine is joined to a domain, then the machine account will honor
the domain settings, unless you alter that, such as a Right, locally in the
machine's local security policy.

You can also alter the local membership of a user account. A local admin
does not mean they have admin capabilities in a domain. However, you can
take a domain user account and add them to the local admin group locally on
a specific machines and that user account would then have admin capabilities
on that specific machine only.

Make sense?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================



In
rr said:
In your reply, the account picks up the domain account's permissions
and rights, where do you set the domain account's permissions and
right?

----- Ace Fekay [MVP] wrote: -----

In
when I > connect users to the domain, they can no longer Unlock
their taskbar. > I think this is due to some sort of Group
Policy Object restriction. > Is this right? and where is it?
Thanks!

IN addtion to Chris' response, this maybe due to the user
account being just that, a user account and that account may not
have the permissions or the rights to do so locally since when
logged on to a domain, the account picks up the domain account's
permissions and rights.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
Click to expand...



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top