[THIN] Re: GPO Permissions
- From: "Rick Mack" <Rick.Mack@xxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Thu, 2 Sep 2004 10:20:24 +1000
Hi Robert,
The access permissions you're playing with are in large just file access
permissions, at least when you deny access.
If you look at the properties of your TS policy, will see it's get its unique
"name", (eg {5BF1F1C5-31A7-4AA7-9F87-2A7ACAB64FFE}). Write down the first 5-6
digits.
Now go to %logonserver%\sysvol\%your_AD_domain_name%\policies. You'll see a
whole bunch of folders with what look like classids. Each one is a group policy
in your domain. If you highlight the folder with the same name as your TS
policy and look at its security properties, you'll be able to re-enable domain
admin access.
In future though, its far less dangerous to just to either untick the "Apply
Group Policy" box or tick the deny "Apply Group Policy" box for user groups
that don't want the policy applied.
regards,
Rick
Ulrich Mack
Volante Systems
________________________________
From: thin-bounce@xxxxxxxxxxxxx on behalf of Robert Barrett
Sent: Thu 2/09/2004 3:13 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] GPO Permissions
Okay I think we have screwed up big time and I am hoping someone can help me
fix it. We enabled loopback processing on the GPO for our TS boxes. To
prevent the admins from getting the policy we denied permissions to the domain
admins group. I had read somewhere that it was the way to prevent the policy
from being applied to the admins. Anyway my worst fears were realized when I
tried to edit said GPO, denied! Listed as inaccessible. Is there any way for
me to reset the permissions and be able to edit this policy again without
deleting it and starting over (not even sure I can delete it)? Help
Robert Barrett MCSE, CCA
Enterprise Administrator
robertb@xxxxxxxxxx
Phone: (780) 927-3766
Fax: (780) 926-3037
http://www.fvsd.ab.ca <http://www.fvsd.ab.ca/>
#####################################################################################
This e-mail, including all attachments, may be confidential or privileged.
Confidentiality or privilege is not waived or lost because this email has been
sent to you in error. If you are not the intended recipient any use,
disclosure or copying of this email is prohibited. If you have received it in
error please notify the sender immediately by reply email and destroy all
copies of this email and any attachments. All liability for direct and
indirect loss arising from this email and any attachments is hereby disclaimed
to the extent permitted by law.
#####################################################################################
Other related posts:
