In the context of the question, by removing these groups the user can determine better why the policy settings are applying to the ADMIN. In general, you also remove these two groups when you want user security groups to prevail and apply, otherwise they apply to everyone..... Steve Greenberg Thin Client Computing 34522 N. Scottsdale Rd. suite D8453 Scottsdale, AZ 85262 (602) 432-8649 (602) 296-0411 fax steveg@xxxxxxxxxxxxxx _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of dmauri@xxxxxx Sent: Thursday, July 01, 2004 9:19 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Strange Issue Why Authenticated Users have to be removed from Gpo security? "Steve Greenberg" <steveg@xxxxxxxxxxxxxx> Enviado por: thin-bounce@xxxxxxxxxxxxx 01/07/2004 17:54 Por favor, responda a thin@xxxxxxxxxxxxx Para <thin@xxxxxxxxxxxxx> cc Asunto [THIN] Re: Strange Issue Make sure EVERYONE and AUTHENTICATED USERS are removed and be sure that the ADMIN is not a member of users groups, i.e. Doman Users Steve Greenberg Thin Client Computing 34522 N. Scottsdale Rd. suite D8453 Scottsdale, AZ 85262 (602) 432-8649 (602) 296-0411 fax steveg@xxxxxxxxxxxxxx _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of dmauri@xxxxxx Sent: Thursday, July 01, 2004 7:39 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Strange Issue Yes, Domain admins, has deny permissions, and gpresult shown all policies that I want. It's posible that the profile of admin was wrong in this server? "Lilley, Brian" <brian.lilley@xxxxxxxx> Enviado por: thin-bounce@xxxxxxxxxxxxx 01/07/2004 16:32 Por favor, responda a thin@xxxxxxxxxxxxx Para "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx> cc Asunto [THIN] Re: Strange Issue hhm... well perhaps its loopbacked to that machine...as it should do, and I wonder, if you don't specifically deny it for that user group, then perhaps domain admins still get it... can you run GPRESULT to see what it has been given? I'm guessing here, BTW.. -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On Behalf Of dmauri@xxxxxx Sent: 01 July 2004 15:27 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Strange Issue I have a GPO applied to all users except Domain Admins group. But it seems it's applied to administrator user when I logon into console. "Lilley, Brian" <brian.lilley@xxxxxxxx> Enviado por: thin-bounce@xxxxxxxxxxxxx 01/07/2004 16:08 Por favor, responda a thin@xxxxxxxxxxxxx Para "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx> cc Asunto [THIN] Re: Strange Issue are you saying that you have a restriced GPO applied to your admin user at the console?? if so then you will need to rename the screensaver to cmd.exe which will give you a prompt running under the system context, this will then allow you to run up the gpo editor thing which will allow you to undo the application of the restrictive gpo, or am I missing the point..? -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On Behalf Of dmauri@xxxxxx Sent: 01 July 2004 15:01 To: thin@xxxxxxxxxxxxx Subject: [THIN] Strange Issue Hi all, I'm having a strange issue with one of my TS servers in my Farm. I'm using Gpo's with AD, using loopback option and it works fine. But now it seems to be applied in the console with admin. user, I'm looking for something wrong but I cannot find anything, and I'll be crazy, beacuse all the windows that I try to open get freeze and has no response. It's a W2k server SP4. Any suggestions will be useful. Thanks ============================================================================ == This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. ============================================================================ == ============================================================================ == This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. ============================================================================ ==