[THIN] Re: GPO Permissions
- From: "Robert Barrett" <RobertB@xxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Mon, 6 Sep 2004 18:00:38 -0600
We have 4 DC's all in the same site. With regard to the DC on which the
edit was performed, that I don't know. I will test the permission thing
though and get back to you because I thought that should work as well.
Bob
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Rick Mack
Sent: Friday, September 03, 2004 4:27 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: GPO Permissions
Hi Bob,
"Should" work. :-(
Try changing permissions on a policy and watch the policy folder
permissions change accordingly.
How many domain controllers do you have?
Is dsa/gpedit connected to the same DC where you changed permissions?
Regards,
Rick
Ulrich Mack
Volante Systems
18 Heussler Terrace, Milton 4064
Queensland, Australia
tel +61 7 32467704
rmack@xxxxxxxxxxxxxx
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Robert Barrett
Sent: Friday, 3 September 2004 12:42 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: GPO Permissions
I tried just changing the perms on the Sysvol copy of the GPO and it did
not work. I will however, deny the apply setting in the future. Thanks
for the reply.
Bob Barrett
FVSD#52
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Rick Mack
Sent: Wednesday, September 01, 2004 6:20 PM
To: thin@xxxxxxxxxxxxx
Subject: RE: [THIN] GPO Permissions
Hi Robert,
The access permissions you're playing with are in large just file access
permissions, at least when you deny access.
If you look at the properties of your TS policy, will see it's get its
unique "name", (eg {5BF1F1C5-31A7-4AA7-9F87-2A7ACAB64FFE}). Write down
the first 5-6 digits.
Now go to %logonserver%\sysvol\%your_AD_domain_name%\policies. You'll
see a whole bunch of folders with what look like classids. Each one is a
group policy in your domain. If you highlight the folder with the same
name as your TS policy and look at its security properties, you'll be
able to re-enable domain admin access.
In future though, its far less dangerous to just to either untick the
"Apply Group Policy" box or tick the deny "Apply Group Policy" box for
user groups that don't want the policy applied.
regards,
Rick
Ulrich Mack
Volante Systems
_____
From: thin-bounce@xxxxxxxxxxxxx on behalf of Robert Barrett
Sent: Thu 2/09/2004 3:13 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] GPO Permissions
Okay I think we have screwed up big time and I am hoping someone can
help me fix it. We enabled loopback processing on the GPO for our TS
boxes. To prevent the admins from getting the policy we denied
permissions to the domain admins group. I had read somewhere that it
was the way to prevent the policy from being applied to the admins.
Anyway my worst fears were realized when I tried to edit said GPO,
denied! Listed as inaccessible. Is there any way for me to reset the
permissions and be able to edit this policy again without deleting it
and starting over (not even sure I can delete it)? Help
Robert Barrett MCSE, CCA
Enterprise Administrator
robertb@xxxxxxxxxx
Phone: (780) 927-3766
Fax: (780) 926-3037
http://www.fvsd.ab.ca <http://www.fvsd.ab.ca/>
########################################################################
#############
This e-mail, including all attachments, may be confidential or
privileged. Confidentiality or privilege is not waived or lost because
this email has been sent to you in error. If you are not the intended
recipient any use, disclosure or copying of this email is prohibited. If
you have received it in error please notify the sender immediately by
reply email and destroy all copies of this email and any attachments.
All liability for direct and indirect loss arising from this email and
any attachments is hereby disclaimed to the extent permitted by law.
########################################################################
#############
########################################################################
#############
This e-mail, including all attachments, may be confidential or
privileged. Confidentiality or privilege is not waived or lost because
this email has been sent to you in error. If you are not the intended
recipient any use, disclosure or copying of this email is prohibited.
If you have received it in error please notify the sender immediately by
reply email and destroy all copies of this email and any attachments.
All liability for direct and indirect loss arising from this email and
any attachments is hereby disclaimed to the extent permitted by law.
########################################################################
#############
********************************************************
This Weeks Sponsor triCerat:
Have you had your fill of printing support calls, unauthorized apps
running on unsecured Terminal Servers, profile headaches, and
application performance problems? Join us and learn how you can have a
less demanding on-demand enterprise!
http://www.tricerat.com/?page=ents#register
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor triCerat:
Have you had your fill of printing support calls, unauthorized apps running on
unsecured Terminal Servers, profile headaches, and application performance
problems? Join us and learn how you can have a less demanding on-demand
enterprise!
http://www.tricerat.com/?page=events#register
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts:
