Solved

Server 2003. GPO disabled. Need help to enable.

Posted on 2007-03-26
10
398 Views
Last Modified: 2008-06-01
Hello,

We run Terminal Services and have a Terminal Server Users Policy that was working fine for several months. -I don't know who changed what but now the policy shows as ALL SETTINGS DISABLED in the details tab and I cannot figure out how to enable it. The drop down list is greyed out.

Thanks in advance,

Bob

 
0
Comment
Question by:BobBrink
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
10 Comments
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 18793580
It sounds as though you are viewing this GPO through the Group Policy Management Console, yes?

When you right-click on the GPO in the left-hand pane and select GPO Status, do you see a menu with the following options:

* Enabled
* User Settings Disabled
* Computer Settings Disabled
* All Settings Disabled

If so, can you select "Enabled" here? Or is this the "drop-down list" you're referring to that's greyed out?  If this menu is greyed out, check the permissions on the "Delegations" tab to ensure that your user account still has "Edit settings, delete, modify security" permissions.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18796444
BobBrink,

hmm sounds like a few chefs in that kitchen.....do you have audting enabled?

Regards,

James
0
 

Author Comment

by:BobBrink
ID: 18796823
James,

I agree with the multi-cook assumption. I am unfamiliar with auditing but think I should probably check into it. The other cook doesn't really like GPM so perhaps he decided to disable instead of learn...

Bob
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 18796845
The built-in auditing functionality for GP is unfortunately somewhat limited - this is the best reference I've ever found for it: http://blogs.msdn.com/ericfitz/archive/2005/08/04/447951.aspx

There are rumours that this will get better in the Longhorn timeframe, or there are third-party tools availalbe now (from Quest, Netpro, others) that can enable change management for your GPO infra.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 

Author Comment

by:BobBrink
ID: 18796849
Laura,

That is the correct menu, though I was originally referring to the drop down control on the Details tab.
Either way I look at it the control or menu choice is greyed out. I am logged on locally and have "Edit settings, delete, modify security" permissions.

I am still stuck...

Bob
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 400 total points
ID: 18796865
I have a funny feeling that you might need to take ownership of the GPO to fix whatever the other cook did.

From the Delegation tab, click Advanced. From the window that pops up, click Advanced again. From there, go to the Owner tab and see if you can take ownership of the GPO, after which the items that are greyed out should be available to you again.
0
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 100 total points
ID: 18796889
nice link on auditing....

Bob,

I worry also that possible some of your permissions may have been tampered with....try the ownership trick but also check your account for membership changes (May be over cautious but i am fast becoming a security nutter)
0
 

Author Comment

by:BobBrink
ID: 18796906
Laura,

You pointed me in the right direction. "Chef Boyardee" also took the adminstrators user account out of the "Domain Admins" group. So when I was logged in under that account the rights did not exist.

I am also reviewing the auding link you sent.

Thank you VERY much!

Bob
0
 

Author Comment

by:BobBrink
ID: 18796917
Hey James,

I must have been responding when your last post came in. I did not see it until I had solved and replied to Laura. Thanks for getting me started thinking about auditing. I really appreciate your help.

Bob
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18797133
Nice work Bob, Glad that you have got things up and going again - go slap that chef
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question