Local Security Policy

TheMSsForum.com: The Microsoft Software Forum

Background: Very Recent switch from Novell to Active Directory. After
joining all workstations to the new domain, we have had a couple that
will logon without certain services running. I have narrowed things
down to a missing entry in the local security policy.

For some reason our Group Policy for the domain will not push down to
these few workstation and the changes I make loaclly disappear after a
reboot. Although everything will work as it is supposed tofor that one
boot. Another reboot will result in the original problem.

The exact change that I am making is in the secpol.msc is
Local Policies > User Rights Assignment > Impersonate a client after
authentication
ASPNET, Administrators, SERVICE

Before adding the permissins this field was blank. After a reboot it
goes back to blank even though our group policy is pushing out the same
settings I added locally. I just can't get it to save. I also tried
to import a template with the same end result.

Any ideas?
Top

Re: Local Security Policy by Roger

Roger
Thu Nov 09 20:36:35 CST 2006

<phxslayer@gmail.com> wrote in message
news:1163086318.057459.97970@i42g2000cwa.googlegroups.com...
> Background: Very Recent switch from Novell to Active Directory. After

Welcome

> joining all workstations to the new domain, we have had a couple that
> will logon without certain services running. I have narrowed things
> down to a missing entry in the local security policy.
>
> For some reason our Group Policy for the domain will not push down to

Just since it may help you in the longer term, GP processing is a pull
technology, not a push design.

> these few workstation and the changes I make loaclly disappear after a
> reboot. Although everything will work as it is supposed tofor that one
> boot. Another reboot will result in the original problem.
>

When settings in local policy get changed upon reboot it is most often
due to AD-base policy being imposed, although it can in cases be from
such as a startup script of process in the system context.

> The exact change that I am making is in the secpol.msc is
> Local Policies > User Rights Assignment > Impersonate a client after
> authentication
> ASPNET, Administrators, SERVICE
>
> Before adding the permissins this field was blank. After a reboot it

Another terminology aspect that may over time help you . . . this is not
a permission, but a user right

> goes back to blank even though our group policy is pushing out the same
> settings I added locally. I just can't get it to save. I also tried
> to import a template with the same end result.
>
Are you sure that the one GPO you mention is the only one that
might be effective in controlling that value?

> Any ideas?
>

Obtain the GPMC and use its resultant policy capability.
This will quickly show you if AD based GPO(s) is(are)
responsible, and if so, which.
www.microsoft.com/gp has links to get GPMC

If it is not due to a GPO, then post back and someone here may
have ideas of remaining possibilities.


Top