[THIN] Re: Using Poledit on a Windows 2003 Terminal Server

• From: "Joe Shonk" <joe.shonk@xxxxxxxxx>
• To: thin@xxxxxxxxxxxxx
• Date: Wed, 14 Feb 2007 06:28:29 -0700

Is it just the one group that needs to be locked down?  If so,  use the
local gpedit.msc and create local policy.  Be sure to deny local admins read
rights to the policy file when done (NTFS permissions)

Joe

On 2/13/07, Jeremy Saunders <jeremy.saunders@xxxxxxxxxxx> wrote:

Hi All,

Helping out a friend who uses Samba, and they have asked me to lock down
their Windows 2003 Terminal Servers, so I've used the AllInOne stuff from
Login Consultants. No matter what I've tried I cannot get the policy to
apply to a "group" object, even though it matches.

For example, the userenv.log shows this...

ApplySystemPolicy: Entering
ApplySystemPolicy:  PolicyPath is: <\\ts02\lockdown$\TS.pol>.
ApplySystemPolicy:  Local PolicyPath is: <C:\Documents and
Settings\testuser1\prf1.tmp>.
MyRegLoadKey: Returning 00000000
ApplySystemPolicy:  Looking for user specific policy.
OpenUserKey:  No entry for testuser1, using .Default instead.
ApplySystemPolicy:  Processing group(s) policy.
GetUserGroups: User is a member of the following global groups:
GetUserGroups:
GetUserGroups:     tsusers
ApplySystemPolicy:  User belongs to 2 groups.
FindGroupInList:  User is NOT a member of the tsusers group.
FindGroupInList:  User is NOT a member of the Administrators group.
ApplySystemPolicy:  Looking for machine specific policy.
OpenUserKey:  Found specific entry for TS02 ignoring .Default.

Now the Samba domain tsusers group is a member of the local Remote Desktop
Users group on the Terminal Servers. And the testuser1 is definitely a
member of this group, so it's weird that it's telling me that  the " User
is NOT a member of the tsusers group". I wonder if this is a Samba thing?

It's been years since I've needed to use poledit. Is there some trick I
need to follow to get it to work in this environment?

I guess that I can try to create a local tsusers group and place the Samba
tsusers group in that.

Any advice would be greatly appreciated.

Cheers.

Kind regards,

Jeremy Saunders
Senior Technical Specialist

Infrastructure Technology Services
(ITS) & Cerulean
Global Technology Services (GTS)
IBM Australia
Level 1, 1060 Hay Street
West Perth WA 6005

Postal: PO Box 525, West Perth WA
6872

Visit us at
http://www.ibm.com/services/au/its

P: +61 8 9261 8412                F: +61 8 9261 8486
P: (Reception) +61 8 9261 8420    E-mail:
M: TBA                            jeremy.saunders@xxxxxxxxxxx









SBC SITES ONLY GOOGLE SEARCH: http://www.F1U.com
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************

• Follow-Ups:
  • [THIN] Re: Using Poledit on a Windows 2003 Terminal Server
    • From: Jeremy Saunders

• References:
  • [THIN] Using Poledit on a Windows 2003 Terminal Server
    • From: Jeremy Saunders

Other related posts:

• » [THIN] Using Poledit on a Windows 2003 Terminal Server
• » [THIN] Re: Using Poledit on a Windows 2003 Terminal Server
• » [THIN] Re: Using Poledit on a Windows 2003 Terminal Server
• » [THIN] Re: Using Poledit on a Windows 2003 Terminal Server

1. Home
2. thin
3. Archive
4. 02-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---