[gptalk] Windows Server 2003 R2 SP2 GPO Access denied (security filtering)
- From: "tan hs" <tanhsjunk@xxxxxxxxx>
- To: gptalk@xxxxxxxxxxxxx
- Date: Wed, 12 Mar 2008 16:24:46 +0800
Hi,
I am new to GP on the above mentioned. I setup a new server which is
the only server as domain controller.
Then, I have created a global security group "grp_limited" and assiged
a member 'tan1' to the group.
The "grp_limited" is a member of "Remote Desktop Users". Everything
went fine, and I am able to connect into the
server using its own RDC. My first task is to try to disable all
drive redirection from this server.
I am running the GPMC and created a new policy under "Group Policy
Objects" name "MRS L".
I created a link in under the "Domain Controllers" and enabled the
"MRS L". In the "MRS L" scope, under the
"Security Filtering" panel a "Authenticated Users" group was
automatically assigned to it.
In the "MRS L" policy, I only have a setting. Computer
Configuration->Admin Templates->Windows Components->
Terminal Services->Client/Server data redirection->Do no allow drive
redirection "Enabled".
Then, I run the wizard on tan1 in GP Result, all the policy were
applied correctly.
Later, I removed the "Authenticated Users" from the "MRS L" policy and
replaced with "grp_limited" and do
multiple times of "gpupdate /force" and reboot the server. I rerun
the wizard earlier and recreate new wizard,
this "MRS L" policy just stuck in the Denied GPOs in the result with
reasons "Access Denied (security filtering)".
I tried with some tool like GPExpert but I still can't figure out what
goes wrong. I even tried to set the Delegation to the
'tan1' and 'grp_limtied' with Full Control permission also doesn't help.
Can some experts help me on this? bare in mind, I do all these in the
same machine.
Thank you.
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at //www.freelists.org/archives/gptalk/
************************
Other related posts:
