I took a 2003 member server and put it in an OU that applies the domain terminal server lockdown policy. Some of the GPOs worked, some didnt. When I removed it and made it a member server again, it still acts like it is in the TS OU. I did a gpupdate from a DC. I logged on as a domain admin, and that had no effect. I logged on as domain\administrator and that gave me access to admin tools, all programs, full control panel, etc but it still wont let go of some of the TS GPOs. A reboot had no effect. What am I missing here?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
member server still acts like terminal server
- Thread starter whatsys
- Start date
Check the following registry keys to see if the policies are still being applied:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy
HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Group Policy
Also check to see if the settings within the policies may still be applied:
HKEY_CURRENT_USER\Software\Policies
HKEY_Local_Machine\Software\Policies
I think that once you apply some of the lockdown policies they alter the standard settings and have to be specifically undone.
Which policies are still in effect.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy
HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Group Policy
Also check to see if the settings within the policies may still be applied:
HKEY_CURRENT_USER\Software\Policies
HKEY_Local_Machine\Software\Policies
I think that once you apply some of the lockdown policies they alter the standard settings and have to be specifically undone.
Which policies are still in effect.
- Thread starter
- #3
I cant open regedit for any user except domain\administrator.
In HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Group Policy, there are 18 subkeys, each with a different SID. In the GroupMembership key, there are Group values with full and partial SIDs. Same for HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy, GroupMembership subkey. Otherwise, I dont know what specifics you want me to provide.
When you ask which policies are still in effect, do you mean when you mean specific registry settings, or just by observation of how the server is acting?
In HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Group Policy, there are 18 subkeys, each with a different SID. In the GroupMembership key, there are Group values with full and partial SIDs. Same for HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy, GroupMembership subkey. Otherwise, I dont know what specifics you want me to provide.
When you ask which policies are still in effect, do you mean when you mean specific registry settings, or just by observation of how the server is acting?
- Thread starter
- #4
I backed up the 3 keys before I deleted them.
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft]
I deleted deleted "Microsoft"
[HKEY_CURRENT_USER\Software\Policies\Microsoft]
I deleted deleted "Microsoft"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
I deleted "Policies"
gpupdate /force
No joy.
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft]
I deleted deleted "Microsoft"
[HKEY_CURRENT_USER\Software\Policies\Microsoft]
I deleted deleted "Microsoft"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
I deleted "Policies"
gpupdate /force
No joy.
- Thread starter
- #5
- Status
Similar threads
- Locked
- Question
- Locked
- Question