|
Posted by Roger Abell [MVP] on November 9, 2006, 9:36 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Background: Very Recent switch from Novell to Active Directory. After
Welcome
> joining all workstations to the new domain, we have had a couple that
> will logon without certain services running. I have narrowed things
> down to a missing entry in the local security policy.
>
> For some reason our Group Policy for the domain will not push down to
Just since it may help you in the longer term, GP processing is a pull
technology, not a push design.
> these few workstation and the changes I make loaclly disappear after a
> reboot. Although everything will work as it is supposed tofor that one
> boot. Another reboot will result in the original problem.
>
When settings in local policy get changed upon reboot it is most often
due to AD-base policy being imposed, although it can in cases be from
such as a startup script of process in the system context.
> The exact change that I am making is in the secpol.msc is
> Local Policies > User Rights Assignment > Impersonate a client after
> authentication
> ASPNET, Administrators, SERVICE
>
> Before adding the permissins this field was blank. After a reboot it
Another terminology aspect that may over time help you . . . this is not
a permission, but a user right
> goes back to blank even though our group policy is pushing out the same
> settings I added locally. I just can't get it to save. I also tried
> to import a template with the same end result.
>
Are you sure that the one GPO you mention is the only one that
might be effective in controlling that value?
> Any ideas?
>
Obtain the GPMC and use its resultant policy capability.
This will quickly show you if AD based GPO(s) is(are)
responsible, and if so, which.
www.microsoft.com/gp has links to get GPMC
If it is not due to a GPO, then post back and someone here may
have ideas of remaining possibilities.
| 
XML site map