Server 2003. GPO disabled. Need help to enable.

Hello,

We run Terminal Services and have a Terminal Server Users Policy that was working fine for several months. -I don't know who changed what but now the policy shows as ALL SETTINGS DISABLED in the details tab and I cannot figure out how to enable it. The drop down list is greyed out.

Thanks in advance,

Bob

 
BobBrinkAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LauraEHunterMVPCommented:
It sounds as though you are viewing this GPO through the Group Policy Management Console, yes?

When you right-click on the GPO in the left-hand pane and select GPO Status, do you see a menu with the following options:

* Enabled
* User Settings Disabled
* Computer Settings Disabled
* All Settings Disabled

If so, can you select "Enabled" here? Or is this the "drop-down list" you're referring to that's greyed out?  If this menu is greyed out, check the permissions on the "Delegations" tab to ensure that your user account still has "Edit settings, delete, modify security" permissions.
0
Jay_Jay70Commented:
BobBrink,

hmm sounds like a few chefs in that kitchen.....do you have audting enabled?

Regards,

James
0
BobBrinkAuthor Commented:
James,

I agree with the multi-cook assumption. I am unfamiliar with auditing but think I should probably check into it. The other cook doesn't really like GPM so perhaps he decided to disable instead of learn...

Bob
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

LauraEHunterMVPCommented:
The built-in auditing functionality for GP is unfortunately somewhat limited - this is the best reference I've ever found for it: http://blogs.msdn.com/ericfitz/archive/2005/08/04/447951.aspx

There are rumours that this will get better in the Longhorn timeframe, or there are third-party tools availalbe now (from Quest, Netpro, others) that can enable change management for your GPO infra.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
BobBrinkAuthor Commented:
Laura,

That is the correct menu, though I was originally referring to the drop down control on the Details tab.
Either way I look at it the control or menu choice is greyed out. I am logged on locally and have "Edit settings, delete, modify security" permissions.

I am still stuck...

Bob
0
LauraEHunterMVPCommented:
I have a funny feeling that you might need to take ownership of the GPO to fix whatever the other cook did.

From the Delegation tab, click Advanced. From the window that pops up, click Advanced again. From there, go to the Owner tab and see if you can take ownership of the GPO, after which the items that are greyed out should be available to you again.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jay_Jay70Commented:
nice link on auditing....

Bob,

I worry also that possible some of your permissions may have been tampered with....try the ownership trick but also check your account for membership changes (May be over cautious but i am fast becoming a security nutter)
0
BobBrinkAuthor Commented:
Laura,

You pointed me in the right direction. "Chef Boyardee" also took the adminstrators user account out of the "Domain Admins" group. So when I was logged in under that account the rights did not exist.

I am also reviewing the auding link you sent.

Thank you VERY much!

Bob
0
BobBrinkAuthor Commented:
Hey James,

I must have been responding when your last post came in. I did not see it until I had solved and replied to Laura. Thanks for getting me started thinking about auditing. I really appreciate your help.

Bob
0
Jay_Jay70Commented:
Nice work Bob, Glad that you have got things up and going again - go slap that chef
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.