BobBrink
asked on
Server 2003. GPO disabled. Need help to enable.
Hello,
We run Terminal Services and have a Terminal Server Users Policy that was working fine for several months. -I don't know who changed what but now the policy shows as ALL SETTINGS DISABLED in the details tab and I cannot figure out how to enable it. The drop down list is greyed out.
Thanks in advance,
Bob
We run Terminal Services and have a Terminal Server Users Policy that was working fine for several months. -I don't know who changed what but now the policy shows as ALL SETTINGS DISABLED in the details tab and I cannot figure out how to enable it. The drop down list is greyed out.
Thanks in advance,
Bob
BobBrink,
hmm sounds like a few chefs in that kitchen.....do you have audting enabled?
Regards,
James
hmm sounds like a few chefs in that kitchen.....do you have audting enabled?
Regards,
James
ASKER
James,
I agree with the multi-cook assumption. I am unfamiliar with auditing but think I should probably check into it. The other cook doesn't really like GPM so perhaps he decided to disable instead of learn...
Bob
I agree with the multi-cook assumption. I am unfamiliar with auditing but think I should probably check into it. The other cook doesn't really like GPM so perhaps he decided to disable instead of learn...
Bob
The built-in auditing functionality for GP is unfortunately somewhat limited - this is the best reference I've ever found for it: http://blogs.msdn.com/ericfitz/archive/2005/08/04/447951.aspx
There are rumours that this will get better in the Longhorn timeframe, or there are third-party tools availalbe now (from Quest, Netpro, others) that can enable change management for your GPO infra.
Hope this helps.
Laura E. Hunter - Microsoft MVP: Windows Server - Networking
There are rumours that this will get better in the Longhorn timeframe, or there are third-party tools availalbe now (from Quest, Netpro, others) that can enable change management for your GPO infra.
Hope this helps.
Laura E. Hunter - Microsoft MVP: Windows Server - Networking
ASKER
Laura,
That is the correct menu, though I was originally referring to the drop down control on the Details tab.
Either way I look at it the control or menu choice is greyed out. I am logged on locally and have "Edit settings, delete, modify security" permissions.
I am still stuck...
Bob
That is the correct menu, though I was originally referring to the drop down control on the Details tab.
Either way I look at it the control or menu choice is greyed out. I am logged on locally and have "Edit settings, delete, modify security" permissions.
I am still stuck...
Bob
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Laura,
You pointed me in the right direction. "Chef Boyardee" also took the adminstrators user account out of the "Domain Admins" group. So when I was logged in under that account the rights did not exist.
I am also reviewing the auding link you sent.
Thank you VERY much!
Bob
You pointed me in the right direction. "Chef Boyardee" also took the adminstrators user account out of the "Domain Admins" group. So when I was logged in under that account the rights did not exist.
I am also reviewing the auding link you sent.
Thank you VERY much!
Bob
ASKER
Hey James,
I must have been responding when your last post came in. I did not see it until I had solved and replied to Laura. Thanks for getting me started thinking about auditing. I really appreciate your help.
Bob
I must have been responding when your last post came in. I did not see it until I had solved and replied to Laura. Thanks for getting me started thinking about auditing. I really appreciate your help.
Bob
Nice work Bob, Glad that you have got things up and going again - go slap that chef
When you right-click on the GPO in the left-hand pane and select GPO Status, do you see a menu with the following options:
* Enabled
* User Settings Disabled
* Computer Settings Disabled
* All Settings Disabled
If so, can you select "Enabled" here? Or is this the "drop-down list" you're referring to that's greyed out? If this menu is greyed out, check the permissions on the "Delegations" tab to ensure that your user account still has "Edit settings, delete, modify security" permissions.