B
Bonno Bloksma
Hi,
For a login log file on the local machine to track some login problem I need
to have a C:\Temp\ directory where all domain users have read and write
permissions.
The C:\Temp directory exists as the login script creates it when it's not
there. The problem starts when a diffirent users logs on to a machine a does
not have the right to append to the existing logfile in C:\Temp
I have a Domain test policy assigned to an OU with a few users and computers
in them
I have created an entry Computer configuration, Windows settings, Security
settings, File system, where %SystemDrive%\Temp is defined.
I selected C:\Temp but the Policy manager keeps changing it to
%SystemDrive%\Temp but as that is the same... what the heck.
Properties are Configure this file or folder item, Replace existing
permissions..... and when I go to Edit security I see MACHINENAME\Users with
alle rights set except Full Control.
So on this machine the rights are as they are supposed to be and the policy
knows about it
When I log on to a machine in the Test OU the rights for the C:\Temp
directory do NOT change. Nor do they after several reboots and gpupate
/force attempts.
Entries in this Test policy in the User Configuration part do seem to work
so maybe I need to do something to get the Computer part working. And no...
it is not disabled. ;-)
Do I need to give the computers read rights to the policy or does the SYSTEM
entry take care of that? If I need to add the Domain Computers group with
Read rights then the defaults don't make sense. That way a Computer policy
could never work without changing the default rights.
How can I troubleshoot this?
Bonno
For a login log file on the local machine to track some login problem I need
to have a C:\Temp\ directory where all domain users have read and write
permissions.
The C:\Temp directory exists as the login script creates it when it's not
there. The problem starts when a diffirent users logs on to a machine a does
not have the right to append to the existing logfile in C:\Temp
I have a Domain test policy assigned to an OU with a few users and computers
in them
I have created an entry Computer configuration, Windows settings, Security
settings, File system, where %SystemDrive%\Temp is defined.
I selected C:\Temp but the Policy manager keeps changing it to
%SystemDrive%\Temp but as that is the same... what the heck.
Properties are Configure this file or folder item, Replace existing
permissions..... and when I go to Edit security I see MACHINENAME\Users with
alle rights set except Full Control.
So on this machine the rights are as they are supposed to be and the policy
knows about it
When I log on to a machine in the Test OU the rights for the C:\Temp
directory do NOT change. Nor do they after several reboots and gpupate
/force attempts.
Entries in this Test policy in the User Configuration part do seem to work
so maybe I need to do something to get the Computer part working. And no...
it is not disabled. ;-)
Do I need to give the computers read rights to the policy or does the SYSTEM
entry take care of that? If I need to add the Domain Computers group with
Read rights then the defaults don't make sense. That way a Computer policy
could never work without changing the default rights.
How can I troubleshoot this?
Bonno