Restricted group mistake - now BSOD for USERS groups

  • Thread starter Thread starter Bruce Musgrove
  • Start date Start date
B

Bruce Musgrove

Messing around with a GPO the oither day and was experimenting with
restricted groups. I went to add the group USERS toa restricted group
policy and stupidly did it on a live GPO instead of my test GPO. Discovered
this about an hour later and removed the setting from GPO.

On the XP machines there was no problem. ON the W2k machines however, after
logon we will now see GPO security settings and personal settings be
applied, and then all we get is a blue screen with a mouse pointer on it for
domain users.

Give the user admin rights to the local machine and it works fine. Take
them aweay and the blue screen returns on log in.

Anyone have a clue? Beside the fact I was stooooopid ;)
 
Look and see what the membership of the local users group is. I bet that domain users
has been removed? Try adding domain users group for the domain and authenticated
users on one computer to see if that solves the problem. If it does you need to add
those groups back to the domain computers. You could do that with restricted groups
again or a startup script for the computer such as [ net localgroup users
"domainname\domain users" /add ]. If you do use restricted groups and if it works,
you can remove the restricted group configuration after a while when you are
confident problem no longer exists. Good luck. --- Steve
 
That was it. Thank you very much !
I was trying to find what the default permissions were for a domin
computer. I guess I didn't pick the right search phrase.


Steven L Umbach said:
Look and see what the membership of the local users group is. I bet that domain users
has been removed? Try adding domain users group for the domain and authenticated
users on one computer to see if that solves the problem. If it does you need to add
those groups back to the domain computers. You could do that with restricted groups
again or a startup script for the computer such as [ net localgroup users
"domainname\domain users" /add ]. If you do use restricted groups and if it works,
you can remove the restricted group configuration after a while when you are
confident problem no longer exists. Good luck. --- Steve


Bruce Musgrove said:
Messing around with a GPO the oither day and was experimenting with
restricted groups. I went to add the group USERS toa restricted group
policy and stupidly did it on a live GPO instead of my test GPO. Discovered
this about an hour later and removed the setting from GPO.

On the XP machines there was no problem. ON the W2k machines however, after
logon we will now see GPO security settings and personal settings be
applied, and then all we get is a blue screen with a mouse pointer on it for
domain users.

Give the user admin rights to the local machine and it works fine. Take
them aweay and the blue screen returns on log in.

Anyone have a clue? Beside the fact I was stooooopid ;)
Click to expand...
Click to expand...
 
Back
Top