[gptalk] gpupdate question

  • From: jfvanmeter@xxxxxxxxxxx
  • To: gptalk@xxxxxxxxxxxxx, gptalk@xxxxxxxxxxxxx
  • Date: Mon, 16 Apr 2007 17:52:12 +0000

Hello Everyone, I have a question that I need help with.

I have a memberserver Win2k3 SP1, that was placed in the wrong OU and got my 
Windows XP Group Policy. 

Then it was moved to the correct OU, and recieves the member server policy.

Every time I run "gpupdate /force" I get the following. Certain Computer 
policies are enabled that can only run during startup.
ok to Reboot? (Y/N)

Every time that I refresh group policy it wants to reboot, I see 1704 events 
that security policy in the group policy object has been applied successfully.

I've ran gpupdate as the local admin and as a domain admin.

If I try to run fport on the server as either a local admin or a domain admin I 
get the following error
"You must have administrator privileges to run fport - exiting...... 

The local admin account is in the administrators group, and the domain admin 
group is in the administrators group.

Could this be a registry tattoo from the xp policy that got applied? any 

Thanks Everyone, take care and have fun --John


--- Begin Message ---
  • From: Linux'o Mania <linuxomania@xxxxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Mon, 16 Apr 2007 14:44:49 +0000
Gee, thanks for the quick reply....
Though I don't think I should restrict NTFS permission from users as I'm not aware if any application that runs in User Context needs access to C:\. Though I'm create a notepad alike application in VB which won't have any save/open option, just wanted to take some expert's advice.
Are there any other viewpoints of the group?
Thanks for all your help...

Darren Mar-Elia <darren@xxxxxxxxxx> wrote:
Frankly, I don?t know of any way to control notepad through policy. And, assuming you?re using the ?Prevent Access to these drives?, I suspect Notepad uses APIs that don?t respect that policy. I think your best bet is to control access to the local hard drive through permissions. Even then it won?t be 100% because you can?t prevent the user from writing to every spot on the local hard drive, but you can make the obvious places (e.g. c:\) locked down and harder to get to.
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Linux'o Mania
Sent: Monday, April 16, 2007 7:32 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Restrict access to Drives (Windows 2000)
Hi All,
I've Windows 2000 domain (no sites) with around 500 computer accounts & 1500 user accounts.
I've applied a GPO which restricts users from doing anything but their work.
They're not supposed to access drives/USB Storage devices. They've got access to notepad as they're supposed to note down their stuff (but are not supposed to save anything).
Now the problem is that when they use File > Save option, it disaplays the message that "You don't have access to it". After they click on "Ok", Common Dialog box (Save) is displayed. If they click on My Computer, they can't see C:\ Drive, but if they type C:\File.txt, it is saved.
How can I solve this issue? Please help :(
Is there any way I can disable Save/Open in option in File menu, or can I disabled entire File Menu???

Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for your free account today.

Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for your free account today.
--- End Message ---

Other related posts: