Dave
Tue Feb 03 18:38:28 CST 2004
First, I plan to get rid of some of the default ones, but would like to know
how to get my to function correctly first.
This is what it looks like in my Server Console -> Group Policy Management.
This is what it looks like in my Server Console -> Group Policy Management.
Forest: Mardens.local
Domains
Mardens.local
Default Domain Policy
Small Business Server Client Computer
Small Business Server Domain Password Policy
Small Business Server Folder Redirection
Small Business Server Lockout Policy
Small Business Server Remote Assistance Policy
Domain Controllers
Default Domain Controllers Policy
Small Business Server Auditing Policy
MyBusiness
Users
SBS High Rights
High Rights
SBS Low Rights
Low Rights
Group Policy Objects
Default Domain Controllers Policy
Default Domain Policy
High Rights
Low Rights
Small Business Server Auditing Policy
Small Business Server Client Computer
Small Business Server Domain Password Policy
Small Business Server Folder Redirection
Small Business Server Lockout Policy
Small Business Server Remote Assistance Policy
Under Group Policy Objects -> High Rights
Scope ->
Location - SBS High Rights
Enforced - No
Link Enabled - Yes
Path Mardens.local/MyBusiness/Users/SBS High Rights
Security Filter - Authenticated Users
Details
GPO Status
Enabled
Settings ->
Computer Configuration (Enabled)
No Settings Defined
User Configuration (Enabled)
Admin Temp
Control Panel
Policy
Prohibit access to the Control Panel
Enabled
Delegation ->
Authenticated Users -> Read(From Security Filtering) -> Inherited -> No
Domain Admins -> Edit Settings, delete, modify security -> Inherited -> No
Enterprise Admins -> Edit Settings, delete, modify security ->
Inherited -> No
Enterprise Domain Controllers -> Read -> Inherited -> No
System -> Edit settings, delete, modify security
Temporarily I have it set up in High Rights, but this is actually one of
the things I ultimately plan to put in Low Rights. I would really
appreciate any help with this. Hopefully there is something here obvious to
someone. Please help, any ideas appreciated.
Dave Marden
david@nospam.mardenfamily.com
P.S. The attachment is a Wordpad file just in case this doesn't show
correct formatting on your newsreader.
"MikeF" <wallacestevens54@removethisfirstyahoo.com> wrote in message
news:uFSai8n6DHA.3308@TK2MSFTNGP11.phx.gbl...
> First, let me ask if that GP Relusts works when you are over 50, and
> if it is available as a pill.
>
> Second, I'm not sure what you're doing wrong (aside from 7 GPOs
> perhaps being too many; MS suggests fewer GPOs = better life for the
> admin) but it sounds like it's being overridden. Generally, the
> things to check are - has policy had time to refresh? did you
> refresh it manually? did you double check that you clicked OK and did
> not inadvertently click cancel somewhere as you were backing out of
> the GP editor? is it linked to the right OU? are you sure your
> priorities are right, i.e., is another GPO being applied later, or is
> there one closer to the object? Have you imported a template that
> would cancel its settings? Sometimes settings you can't seem to find
> the source of come from a template you forgot you applied.....
>
> good luck!
>
> Mike
>
>
> "Dave Marden" <anonymous@microsoft.com> wrote in message
> news:OzW%23Lkm6DHA.1948@TK2MSFTNGP12.phx.gbl...
> > I have been asking this question in Windows SBS 2003 newsgroups
> so far
> > to no avail, thought maybe someone here could help me.
> >
> > I have been trying to figure this out. I have Windows Server
> 2003, and
> > I cannot get my personalized GPO's to work.
> >
> > My client PC's are XP Pro, I have added 1 restriction for 1
> user, just
> > to try to make it work. What I did is enforced Prohibit access to
> control
> > panel (I figured it would be easy to check). I created a GPO named
> John
> > Doe, then I put it last in the list under domainname.local, which
> happens to
> > be 7. Upon logging on as John Doe the control panel is still
> present. I
> > checked it on a client computer. The users are in the SBSUsers OU,
> and I
> > put the GPO link in (MyBusiness/Users).
> >
> > What I want to do is be able to set restrictions on the users in
> my
> > domain.
> >
> > I went into Group Policy Relusts, and upon generating results on
> this
> > Policy, and under Applied GPO's it doesn't even show up, and under
> Denied
> > GPO's, it also doesn't show up.
> >
> > What am I doing wrong?
> >
> > I can't seem to figure this out and would really appreciate any
> help you
> > could give me.
> >
> > Any help appreciated,
> > Dave Marden
> (david@nospam.mardenfamily.com)
> >
> >
>
>
begin 666 GPO Problem.rtf
M>UQR=&8Q7&%N<VE<86YS:6-P9S$R-3)<9&5F9C!<9&5F;&%N9S$P,S-[7&9O
M;G1T8FQ[7&8P7&9R;VUA;EQF<')Q,EQF8VAA<G-E=# @5&EM97,@3F5W(%)O
M;6%N.WU[7&8Q7&9S=VES<UQF8VAA<G-E=# @07)I86P[?7T-"GM<8V]L;W)T
M8FP@.UQR960P7&=R965N,%QB;'5E,C4U.WT-"GM<*EQG96YE<F%T;W(@37-F
M=&5D:70@-2XT,2XQ-2XQ-3 S.WU<=FEE=VMI;F0T7'5C,5QP87)D7&8P7&9S
M,C0@5&AI<R!I<R!W:&%T(&ET(&QO;VMS(&QI:V4@:6X@;7D@4V5R=F5R($-O
M;G-O;&4@+3X@1W)O=7 @4&]L:6-Y($UA;F%G96UE;G0N(%QP87(-"EQP87(-
M"D9O<F5S=#H@36%R9&5N<RYL;V-A;%QP87(-"B @1&]M86EN<UQP87(-"B @
M("!-87)D96YS+FQO8V%L7'!A<@T*7'1A8B!$969A=6QT($1O;6%I;B!0;VQI
M8WE<<&%R#0I<=&%B(%-M86QL($)U<VEN97-S(%-E<G9E<B!#;&EE;G0@0V]M
M<'5T97)<<&%R#0I<=&%B(%-M86QL($)U<VEN97-S(%-E<G9E<B!$;VUA:6X@
M4&%S<W=O<F0@4&]L:6-Y7'!A<@T*7'1A8B!3;6%L;"!"=7-I;F5S<R!397)V
M97(@1F]L9&5R(%)E9&ER96-T:6]N7'!A<@T*7'1A8B!3;6%L;"!"=7-I;F5S
M<R!397)V97(@3&]C:V]U="!0;VQI8WE<<&%R#0I<=&%B(%-M86QL($)U<VEN
M97-S(%-E<G9E<B!296UO=&4@07-S:7-T86YC92!0;VQI8WE<<&%R#0I<=&%B
M($1O;6%I;B!#;VYT<F]L;&5R<UQP87(-"EQT86(@("!$969A=6QT($1O;6%I
M;B!#;VYT<F]L;&5R<R!0;VQI8WE<<&%R#0I<=&%B(" @4VUA;&P@0G5S:6YE
M<W,@4V5R=F5R($%U9&ET:6YG(%!O;&EC>5QP87(-"EQT86(@37E"=7-I;F5S
M<UQP87(-"EQT86(@("!5<V5R<UQP87(-"EQT86(@(" @(%-"4R!(:6=H(%)I
M9VAT<UQP87(-"EQT86(@(" @(" @2&EG:"!2:6=H='-<<&%R#0I<=&%B(" @
M("!30E,@3&]W(%)I9VAT<UQP87(-"EQT86(@(" @(" @3&]W(%)I9VAT<UQP
M87(-"EQT86(@1W)O=7 @4&]L:6-Y($]B:F5C='-<<&%R#0I<=&%B(" @1&5F
M875L="!$;VUA:6X@0V]N=')O;&QE<G,@4&]L:6-Y7'!A<@T*7'1A8B @($1E
M9F%U;'0@1&]M86EN(%!O;&EC>5QP87(-"EQT86(@("!(:6=H(%)I9VAT<UQP
M87(-"EQT86(@("!,;W<@4FEG:'1S7'!A<@T*7'1A8B @(%-M86QL($)U<VEN
M97-S(%-E<G9E<B!!=61I=&EN9R!0;VQI8WE<<&%R#0I<=&%B(" @4VUA;&P@
M0G5S:6YE<W,@4V5R=F5R($-L:65N="!#;VUP=71E<EQP87(-"EQT86(@("!3
M;6%L;"!"=7-I;F5S<R!397)V97(@1&]M86EN(%!A<W-W;W)D(%!O;&EC>5QP
M87(-"EQT86(@("!3;6%L;"!"=7-I;F5S<R!397)V97(@1F]L9&5R(%)E9&ER
M96-T:6]N7'!A<@T*7'1A8B @(%-M86QL($)U<VEN97-S(%-E<G9E<B!,;V-K
M;W5T(%!O;&EC>5QP87(-"EQT86(@("!3;6%L;"!"=7-I;F5S<R!397)V97(@
M4F5M;W1E($%S<VES=&%N8V4@4&]L:6-Y7'!A<@T*7'!A<@T*7'!A<@T*56YD
M97(@1W)O=7 @4&]L:6-Y($]B:F5C=',@+3X@2&EG:"!2:6=H='-<<&%R#0I3
M8V]P92 M/EQP87(-"B @3&]C871I;VX@+2!30E,@2&EG:"!2:6=H='-<<&%R
M#0H@($5N9F]R8V5D(%QE;F1A<V@@($YO7'!A<@T*("!,:6YK($5N86)L960@
M7&5N9&%S:" @665S7'!A<@T*("!0871H($UA<F1E;G,N;&]C86PO37E"=7-I
M;F5S<R]5<V5R<R]30E,@2&EG:"!2:6=H='-<<&%R#0H@(%-E8W5R:71Y($9I
M;'1E<B!<96YD87-H("!!=71H96YT:6-A=&5D(%5S97)S7'!A<@T*7'!A<@T*
M1&5T86EL<UQP87(-"B @1U!/(%-T871U<UQP87(-"B @16YA8FQE9%QP87(-
M"EQP87(-"E-E='1I;F=S("T^7'!A<@T*("!#;VUP=71E<B!#;VYF:6=U<F%T
M:6]N("A%;F%B;&5D*5QP87(-"B @("!.;R!3971T:6YG<R!$969I;F5D7'!A
M<@T*("!5<V5R($-O;F9I9W5R871I;VX@*$5N86)L960I7'!A<@T*(" @($%D
M;6EN(%1E;7!<<&%R#0H@(" @("!#;VYT<F]L(%!A;F5L7'!A<@T*(" @(" @
M("!0;VQI8WE<<&%R#0H@(" @(" @(" @4')O:&EB:70@86-C97-S('1O('1H
M92!#;VYT<F]L(%!A;F5L7'!A<@T*(" @(" @(" @(" @16YA8FQE9%QP87(-
M"EQP87(-"D1E;&5G871I;VX@+3Y<<&%R#0H@($%U=&AE;G1I8V%T960@57-E
M<G,@+3X@4F5A9"A&<F]M(%-E8W5R:71Y($9I;'1E<FEN9RD@+3X@26YH97)I
M=&5D("T^($YO7'!A<@T*("!$;VUA:6X@061M:6YS("T^($5D:70@4V5T=&EN
M9W,L(&1E;&5T92P@;6]D:69Y('-E8W5R:71Y("T^($EN:&5R:71E9" M/B!.
M;UQP87(-"B @16YT97)P<FES92!!9&UI;G,@+3X@161I="!3971T:6YG<RP@
M9&5L971E+"!M;V1I9GD@<V5C=7)I='D@+3X@26YH97)I=&5D("T^($YO7'!A
M<@T*("!%;G1E<G!R:7-E($1O;6%I;B!#;VYT<F]L;&5R<R M/B!296%D("T^
M($EN:&5R:71E9" M/B!.;UQP87(-"B @4WES=&5M("T^($5D:70@<V5T=&EN
M9W,L(&1E;&5T92P@;6]D:69Y('-E8W5R:71Y7'!A<@T*7'!A<@T*7'1A8B!4
M96UP;W)A<FEL>2!)(&AA=F4@:70@<V5T('5P(&EN($AI9V@@4FEG:'1S+"!B
M=70@=&AI<R!I<R!A8W1U86QL>2!O;F4@;V8@=&AE('1H:6YG<R!)('5L=&EM
M871E;'D@<&QA;B!T;R!P=70@:6X@3&]W(%)I9VAT<RX@($D@=V]U;&0@<F5A
M;&QY(&%P<')E8VEA=&4@86YY(&AE;' @=VET:"!T:&ES+B @2&]P969U;&QY
M('1H97)E(&ES('-O;65T:&EN9R!H97)E(&]B=FEO=7,@=&\@<V]M96]N92X@
M(%!L96%S92!H96QP+"!A;GD@:61E87,@87!P<F5C:6%T960N7'!A<@T*7'!A
M<@T*1&%V92!-87)D96Y<<&%R#0I[7&9I96QD>UPJ7&9L9&EN<W1[2%E015),
M24Y+(")M86EL=&\Z9&%V:61 ;F]S<&%M+FUA<F1E;F9A;6EL>2YC;VTB('U]
M>UQF;&1R<VQT>UQC9C%<=6P@9&%V:61 ;F]S<&%M+FUA<F1E;F9A;6EL>2YC
M;VU]?7U<8V8P7'5L;F]N95QF,%QF<S(T7'!A<@T*7'!A<@T*4"Y3+B @5&AE
M(&%T=&%C:&UE;G0@:7,@82!W;W)D<&%D(&9I;&4@:G5S="!I;B!C87-E('1H
M:7,@9&]E<VY<<G%U;W1E('0@<VAO=R!C;W)R96-T(&9O<FUA='1I;F<@;VX@
H>6]U<B!N97=S<F5A9&5R+EQP87(-"EQF,5QF<S(P7'!A<@T*?0T*````
`
end