[gptalk] Group Policy sticks after domain migration

  • From: "Kaiser, Charlie" <ckaiser@xxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Tue, 18 Nov 2008 13:41:13 -0800

Hi all...

Scenario:
W2K3 native mode AD domain (domain1)
W2K Terminal server locked down with GPO (computer configuration,
administrative templates, Start Menu and taskbar (among many others))
that applies to auth users.
Second GPO that disables all those lockdowns that applies only to domain
admins and enterprise admins.
Works fine. Users get nothing except the app, domain admins get
everything.

Problem:
Domain migration project. Move all member servers to W2K3 native mode AD
domain (domain2).
Now GPOs from domain 1 are still applied. Server admins cannot get into
the box. Login and get locked down desktop. Domain admins in domain2 can
get in fine, but now local admins group needs access.
Gpresult doesn't show the settings being applied. No apparent way to
remove.

Any ideas?
I'm thinking move the box back to domain1, remove GPO and force, verify
access, and then move back to domain2... Any other ideas?

Thanks!

**********************
Charlie Kaiser
W2K3 MCSA/MCSE/Security
Systems Engineer
925 274 3183 desk
925 890 3517 cell
********************** 
**********************
Charlie Kaiser
W2K3 MCSA/MCSE/Security
Systems Engineer
925 274 3183 desk
925 890 3517 cell
********************** 
***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************

Other related posts: