Ardee
asked on
Client XP users are being deleted or removed from User Accounts on a Network
Issue: XP users are being removed from the User Accounts.
Environment:
Windows XP SP2 client workstations on a corporate LAN, Group Policy being pushed out from from the WAN.
Software that gets updated:
MS Office 2003
LANDesk
Adobe Acrobat
Windows
McAfee
A few weeks ago, users (normally Administator accounts) were being removed from the Administrator group on the local workstation. Upon checking Active Directory to ensure that they were in their proper containers, i.e., User Accounts and Workstation Accounts, they were verified. They were re-added into the Administrator group. The next day, the user was again, deleted/removed from the User Accounts. Note: the user profile is still on the machine and the user still has fairly good use of the workstation (minus annoying bits and pieces). Added the user again and this time ran GPUPDATE /FORCE and the user was immediately removed.
This is occurring on both desktop and laptop users. I had thought it might have something to do with the image I was using, but this morning I checked my computer (a totally different image) and I was removed as an administrator - note: I still have admin perms as do the users that have been removed from the user accounts.
Finally, some of the Power Users, who are also members of several other groups, were removed from all of their placed groups. Not all, some.
The virus checking/elimination in the network by corporate has always been amazing, myself being called 2 times in 4 years by corporate immediately when something came up on a single machine.
Does anyone have any idea what might be causing this or ever seen anything like this before?
Thanks.
Environment:
Windows XP SP2 client workstations on a corporate LAN, Group Policy being pushed out from from the WAN.
Software that gets updated:
MS Office 2003
LANDesk
Adobe Acrobat
Windows
McAfee
A few weeks ago, users (normally Administator accounts) were being removed from the Administrator group on the local workstation. Upon checking Active Directory to ensure that they were in their proper containers, i.e., User Accounts and Workstation Accounts, they were verified. They were re-added into the Administrator group. The next day, the user was again, deleted/removed from the User Accounts. Note: the user profile is still on the machine and the user still has fairly good use of the workstation (minus annoying bits and pieces). Added the user again and this time ran GPUPDATE /FORCE and the user was immediately removed.
This is occurring on both desktop and laptop users. I had thought it might have something to do with the image I was using, but this morning I checked my computer (a totally different image) and I was removed as an administrator - note: I still have admin perms as do the users that have been removed from the user accounts.
Finally, some of the Power Users, who are also members of several other groups, were removed from all of their placed groups. Not all, some.
The virus checking/elimination in the network by corporate has always been amazing, myself being called 2 times in 4 years by corporate immediately when something came up on a single machine.
Does anyone have any idea what might be causing this or ever seen anything like this before?
Thanks.
Check your group policies and see if you have restricted groups set up for administrators. This would force it to reset the group on each machine every time group policy was refreshed
ASKER
Yes, we have restricted groups and I've verified that both myself and these users have been made members. I also have permissions to add these users to the proper group and workstation containers for these permissions. However, the issue still recurs.
Run the Group policy results wizard through the Group Policy Management Console and see the results for a particular computer just to make sure there is not another policy conflicting.
ASKER
Had the guys in System Services check this out as you mentioned. They found a difference or missing component and made the adjustment; however, afterward, the user accounts still are removed after gpupdate /force. System Services has told me that this does not matter that the User Accounts show that the user does not show up in the Administrator group as they've been made a member of a group that is in the Administrator group so it's a moot point. Problem is, the users are still losing preferences like default printers, etc. The good news is that my users are learning about setting the preferences on their machines without any help as they have to do it themselves every morning! :) Any more ideas please.
Hmmm is there any other policy or mandatory profile set that is causing them to reset their profile every time they log in. I would do another Group Policy results for a user with this problem and paste it in here if possible, only what is under the settings tab of the results. If it is a policy issue I can help you there.
ASKER
I've got the gpresult text file to paste at the bottom and got clearance from our security to do this (just in case). However, I just spoke with our System Services team and they've found something that deals with the Debugger Users group and Microsoft Office products (?). They're creating some documentation for me to try out at this remote site. We'll see. In the mean time, here is the gpresults file:
** Thanks so much for your help **
Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 10/12/2007 at 8:57:00 AM
RSOP results for EDU\dimasrt on SDGDIMASRT001 : Logging Mode
-------------------------- ---------- ---------- ---------- -----
OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: EDU
Domain Type: Windows 2000
Site Name: HTPSDG
Roaming Profile:
Local Profile: C:\Documents and Settings\dimasrt
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=SDGDIMASRT001,OU=Develo pers,OU=AT X,OU=HRW,O U=Laptops, OU=Worksta tions,DC=e du,DC=regn ,DC=net
Last time Group Policy was applied: 10/12/2007 at 8:08:59 AM
Group Policy was applied from: htpsdgdcxp001.edu.regn.net
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-------------------------- ---
EDUGLOALL-Corporate Mandatory Domain Policy-010
EDUGLOALL-Corporate Mandatory Computer Policy-010
EDUHRWALL-Flexible Laptop Developer Policy-001
EDUGLOALL-Corporate Flexible Computer Policy-010
EDUGLOALL-Corporate Flexible EFS Policy-010
EDUGLOALL-Vista Workstation Policy-001
Default Domain Policy
Local Group Policy
The computer is a part of the following security groups:
-------------------------- ---------- ---------- ----------
BUILTIN\Administrators
Everyone
Debugger Users
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
Resultant Set Of Policies for Computer:
-------------------------- ---------- ----
Software Installations
----------------------
N/A
Startup Scripts
---------------
N/A
Shutdown Scripts
----------------
N/A
Account Policies
----------------
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Policy: MinimumPasswordAge
Computer Setting: N/A
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Policy: PasswordHistorySize
Computer Setting: 5
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Policy: LockoutDuration
Computer Setting: 30
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Policy: ResetLockoutCount
Computer Setting: 30
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Policy: MinimumPasswordLength
Computer Setting: 7
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Policy: LockoutBadCount
Computer Setting: 5
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Policy: MaximumPasswordAge
Computer Setting: 60
Audit Policy
------------
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Policy: AuditPolicyChange
Computer Setting: Success, Failure
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Policy: AuditPrivilegeUse
Computer Setting: Failure
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Policy: AuditAccountLogon
Computer Setting: Success, Failure
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Policy: AuditAccountManage
Computer Setting: Success, Failure
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Policy: AuditLogonEvents
Computer Setting: Failure
User Rights
-----------
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Policy: DenyRemoteInteractiveLogon Right
Computer Setting: EDU\EDU-Service Accounts
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Policy: ChangeNotifyPrivilege
Computer Setting: Administrators
Backup Operators
Power Users
Users
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Policy: ProfileSingleProcessPrivil ege
Computer Setting: Administrators
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Policy: LoadDriverPrivilege
Computer Setting: Administrators
Power Users
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Policy: InteractiveLogonRight
Computer Setting: Administrators
Backup Operators
Power Users
Users
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Policy: NetworkLogonRight
Computer Setting: Administrators
Backup Operators
Power Users
Users
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Policy: DenyInteractiveLogonRight
Computer Setting: EDU\EDU-Service Accounts
Security Options
----------------
GPO: Default Domain Policy
Policy: RequireLogonToChangePasswo rd
Computer Setting: Not Enabled
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Policy: EnableGuestAccount
Computer Setting: Not Enabled
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Policy: PasswordComplexity
Computer Setting: Enabled
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Policy: ForceLogoffWhenHourExpire
Computer Setting: Enabled
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Policy: LSAAnonymousNameLookup
Computer Setting: Enabled
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Policy: ClearTextPassword
Computer Setting: Not Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Policy: NewAdministratorName
Computer Setting: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Policy: NewGuestName
Computer Setting: Enabled
Event Log Settings
------------------
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Policy: MaximumLogSize
Computer Setting: 8192
Log Name: Security
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Policy: MaximumLogSize
Computer Setting: 8192
Log Name: System
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Policy: RetentionDays
Computer Setting: 0
Log Name: Application
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Policy: MaximumLogSize
Computer Setting: 8192
Log Name: Application
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Policy: RetentionDays
Computer Setting: 0
Log Name: System
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Policy: RetentionDays
Computer Setting: 0
Log Name: Security
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Policy: RestrictGuestAccess
Computer Setting: Enabled
Log Name: System
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Policy: RestrictGuestAccess
Computer Setting: Enabled
Log Name: Application
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Policy: RestrictGuestAccess
Computer Setting: Enabled
Log Name: Security
Restricted Groups
-----------------
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Groupname: Administrators
Members: EDU\EDU-Child Domain Administrator
EDU\HRW-ALL Client Administrators
EDU\HRW-ALL Down Level OU Administrators
EDU\HRW-GPO ALL Developers
System Services
---------------
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
ServiceName: wuauserv
Startup: Automatic
Registry Settings
-----------------
N/A
File System Settings
--------------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\PCHealth \ErrorRepo rting\DW
State: disabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\Windows\ NetCache
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\PCHealth \ErrorRepo rting
State: Enabled
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Setting: Software\Policies\Microsof t\Messenge r\Client
State: Enabled
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Setting: Software\Policies\Microsof t\Windows NT\Printers
State: Enabled
GPO: EDUGLOALL-Vista Workstation Policy-001
Setting: Software\Policies\Microsof t\FVE
State: Enabled
GPO: EDUGLOALL-Vista Workstation Policy-001
Setting: Software\Policies\Microsof t\FVE
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\Windows\ Network Connections
State: Enabled
GPO: Local Group Policy
Setting: Software\Policies\Microsof t\PCHealth \ErrorRepo rting
State: Enabled
GPO: EDUGLOALL-Vista Workstation Policy-001
Setting: Software\Policies\Microsof t\FVE
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\Windows\ NetCache
State: disabled
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Setting: Software\Policies\Microsof t\Windows\ NetCache
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\PCHealth \ErrorRepo rting\DW
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\Windows\ WindowsUpd ate
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\Windows\ WindowsUpd ate\AU
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\Windows\ NetCache
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\Windows NT\CurrentVersion\EFS
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\PCHealth \ErrorRepo rting
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\PCHealth \ErrorRepo rting\DW
State: Enabled
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Setting: Software\Policies\Microsof t\Windows\ Network Connections
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\Windows\ WindowsUpd ate\AU
State: Enabled
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Setting: Software\Policies\Microsof t\Windows NT\Terminal Services
State: Enabled
GPO: EDUGLOALL-Vista Workstation Policy-001
Setting: Software\Policies\Microsof t\FVE
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\Windows\ WindowsUpd ate\AU
State: Enabled
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Setting: Software\Policies\Microsof t\Windows NT\Printers\Wizard
State: Enabled
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Setting: Software\Policies\Microsof t\Windows NT\Terminal Services
State: Enabled
GPO: EDUGLOALL-Vista Workstation Policy-001
Setting: Software\Policies\Microsof t\FVE
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\SystemCe rtificates \Root\Prot ectedRoots
State: Enabled
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Setting: Software\Policies\Microsof t\Internet Explorer\Infodelivery\Rest rictions
State: Enabled
GPO: EDUGLOALL-Vista Workstation Policy-001
Setting: Software\Policies\Microsof t\FVE
State: Enabled
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Setting: Software\Policies\Microsof t\Windows NT\Printers
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\Windows\ System
State: Enabled
GPO: Local Group Policy
Setting: Software\Policies\Microsof t\PCHealth \ErrorRepo rting\DW
State: Enabled
GPO: EDUGLOALL-Vista Workstation Policy-001
Setting: Software\Policies\Microsof t\FVE
State: Enabled
GPO: EDUGLOALL-Vista Workstation Policy-001
Setting: Software\Policies\Microsof t\TPM
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\Cryptogr aphy\AutoE nrollment
State: Enabled
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Setting: Software\Policies\Microsof t\Windows NT\Printers
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\PCHealth \ErrorRepo rting\DW
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\Windows\ WindowsUpd ate\AU
State: Enabled
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Setting: SOFTWARE\Microsoft\Windows \CurrentVe rsion\Poli cies\Syste m
State: Enabled
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Setting: Software\Policies\Microsof t\Windows\ Network Connections
State: Enabled
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Setting: Software\Policies\Microsof t\Windows NT\Terminal Services
State: Enabled
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Explo rer
State: Enabled
GPO: EDUGLOALL-Vista Workstation Policy-001
Setting: Software\Policies\Microsof t\FVE
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\Windows\ WindowsUpd ate\AU
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\Windows\ NetCache
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\Windows\ WindowsUpd ate\AU
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\Windows\ NetCache
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\Windows\ NetCache
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\PCHealth \ErrorRepo rting\DW
State: disabled
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Setting: Software\Policies\Microsof t\Windows NT\Printers
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\Windows\ WindowsUpd ate\AU
State: Enabled
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Setting: Software\Policies\Microsof t\Windows NT\CurrentVersion\Winlogon
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof t\Windows\ WindowsUpd ate
State: Enabled
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Explo rer
State: Enabled
GPO: EDUGLOALL-Vista Workstation Policy-001
Setting: Software\Policies\Microsof t\TPM
State: Enabled
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Setting: Software\Policies\Microsof t\Windows NT\Terminal Services
State: Enabled
USER SETTINGS
--------------
CN=Dimas\, Rafael T. (HTP-SDG),OU=EXCH,OU=SDG,O U=HTP,OU=U sers,OU=Us er Accounts,DC=edu,DC=regn,DC =net
Last time Group Policy was applied: 10/12/2007 at 8:21:34 AM
Group Policy was applied from: htpsdgdcxp001.edu.regn.net
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-------------------------- ---
EDUGLOALL-Corporate Mandatory User Policy-010
EDUHRWALL-Flexible Desktop Services User Policy-001
EDUGLOALL-Corporate Flexible User Account Policy-010
EDUGLOALL-Corporate Flexible All User Policy-010
Default Domain Policy
Local Group Policy
The following GPOs were not applied because they were filtered out
-------------------------- ---------- ---------- ---------- ---------- -
EDUGLOALL-Corporate Mandatory Domain Policy-010
Filtering: Disabled (GPO)
The user is a part of the following security groups:
-------------------------- ---------- ---------- ------
Everyone
BUILTIN\Users
BUILTIN\Administrators
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
Resultant Set Of Policies for User:
-------------------------- ----------
Software Installations
----------------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Syste m
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{8EA D3A12-B2C1 -11d0-83AA -00A0C92C9 D5D}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\Internet Explorer\Control Panel
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{942 A8E4F-A261 -11D1-A760 -00C04FB96 03F}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{5AD F5BF6-E452 -11D1-945A -00C04FB98 4F9}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\Internet Explorer\Restrictions
State: Enabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Policies\Microsof t\MMC\{1BC 972D6-555C -4FF7-BE2C -C584021A0 A6A}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\Internet Explorer\Control Panel
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{88E 729D6-BDC1 -11D1-BD2A -00C04FB96 03F}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{8F8 F8DC0-5713 -11D1-9551 -0060B0576 642}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{0F6 B957D-509E -11D1-A7CC -0000F8757 1E3}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{E12 BBB5D-D59D -4E61-947A -301D25AE8 C23}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{A84 1B6C2-7577 -11D0-BB1F -00A0C922E 79C}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Explo rer
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{2DA 6AA7F-8C88 -4194-A558 -0D36E7FD3 E64}
State: Enabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Policies\Microsof t\Windows NT\SharedFolders
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\Windows\ CurrentVer sion\Ident ities
State: Enabled
GPO: EDUGLOALL-Corporate Flexible All User Policy-010
Setting: Software\Policies\Microsof t\Windows\ Control Panel\Desktop
State: Enabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Policies\Microsof t\MMC\{40B 66660-4972 -11d1-A7CA -0000F8757 1E3}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\Internet Explorer\Restrictions
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\Internet Explorer\Restrictions
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{8FC 0B734-A0E1 -11D1-A7D3 -0000F8757 1E3}
State: Enabled
GPO: EDUGLOALL-Corporate Mandatory User Policy-010
Setting: Software\Policies\Microsof t\Windows\ System
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\Internet Explorer\Control Panel
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Explo rer
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{1C5 DACFA-16BA -11D2-81D0 -0000F87A7 AA3}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Explo rer
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\Internet Explorer\Control Panel
State: disabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Policies\Microsof t\MMC\{d52 4927d-6c08 -46bf-86af -391534d77 9d3}
State: Enabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Policies\Microsof t\MMC\{40B 66661-4972 -11d1-A7CA -0000F8757 1E3}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Explo rer
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\Internet Explorer\Restrictions
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\Internet Explorer\Control Panel
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{de7 51566-4cc6 -11d1-8ca0 -00c04fc29 7eb}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Explo rer\Disall owCpl
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Explo rer
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{40B 6664F-4972 -11D1-A7CA -0000F8757 1E3}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Unins tall
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{011 BE22D-E453 -11D1-945A -00C04FB98 4F9}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\Internet Explorer\Control Panel
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{803 E14A0-B4FB -11D0-A0D0 -00A0C90F5 74B}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\Windows\ NetCache
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{FC7 15823-C5FB -11D1-9EEF -00A0C9034 7FF}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{FF5 903A8-78D6 -11D1-92F6 -006097B01 056}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Explo rer
State: disabled
GPO: EDUGLOALL-Corporate Mandatory User Policy-010
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Syste m
State: Enabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Policies\Microsof t\MMC\{B6F 9C8AF-EF3A -41C8-A911 -37370C331 DD4}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\Cryptogr aphy\AutoE nrollment
State: Enabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Explo rer
State: Enabled
GPO: EDUGLOALL-Corporate Flexible All User Policy-010
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Explo rer
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{6DC 3804B-7212 -458D-ADB0 -9A07E2AE1 FA2}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{1AA 7F839-C7F5 -11D0-A376 -00C04FC9D A04}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\Internet Explorer\Restrictions
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{DEA 8AFA0-CC85 -11d0-9CE2 -0080C7221 EBD}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{677 A2D94-28D9 -11D1-A95B -008048918 FB1}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{BAC F5C8A-A3C7 -11D1-A760 -00C04FB96 03F}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Explo rer
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{D96 7F824-9968 -11D0-B936 -00C04FD8D 5B0}
State: Enabled
GPO: Local Group Policy
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Explo rer
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\Internet Explorer\Control Panel
State: disabled
GPO: Local Group Policy
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Explo rer
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{EBC 53A38-A23F -11D0-B09B -00C04FD8D CA6}
State: Enabled
GPO: EDUGLOALL-Corporate Flexible All User Policy-010
Setting: Software\Policies\Microsof t\WindowsM ediaPlayer
State: Enabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Policies\Microsof t\MMC\{B6F 9C8AE-EF3A -41C8-A911 -37370C331 DD4}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Explo rer
State: disabled
GPO: EDUGLOALL-Corporate Mandatory User Policy-010
Setting: Software\Policies\Microsof t\Windows\ System\Pow er
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Explo rer
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Explo rer
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{40B 66650-4972 -11D1-A7CA -0000F8757 1E3}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{0F6 B957E-509E -11D1-A7CC -0000F8757 1E3}
State: Enabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Policies\Microsof t\MMC\{c40 d66a0-e90c -46c6-aa3b -473e38c72 bf2}
State: Enabled
GPO: EDUGLOALL-Corporate Flexible All User Policy-010
Setting: Software\Policies\Microsof t\Windows\ Control Panel\Desktop
State: Enabled
GPO: EDUGLOALL-Corporate Mandatory User Policy-010
Setting: Software\Policies\Microsof t\Windows\ Group Policy Editor
State: Enabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Policies\Microsof t\MMC\{7E4 5546F-6D52 -4D10-B702 -9C2E67232 E62}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{E35 5E538-1C2E -11D0-8C37 -00C04FD8F E93}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Unins tall
State: disabled
GPO: EDUGLOALL-Corporate Flexible All User Policy-010
Setting: Software\Policies\Microsof t\Windows\ Control Panel\Desktop
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\Windows\ Control Panel\Desktop
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{306 0E8CE-7020 -11D2-842D -00C04FA37 2D4}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\Internet Explorer\Control Panel
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Explo rer
State: Enabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Explo rer
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Windo wsUpdate
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Explo rer
State: disabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Policies\Microsof t\MMC\{fe8 83157-cebd -4570-b7a2 -e4fe06abe 626}
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\MMC\{D70 A2BEA-A63E -11D1-A7D4 -0000F8757 1E3}
State: Enabled
GPO: Local Group Policy
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Explo rer
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Unins tall
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Explo rer\Disall owCpl
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\Internet Explorer\Control Panel
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof t\Internet Explorer\Control Panel
State: disabled
GPO: Local Group Policy
Setting: Software\Policies\Microsof t\Windows NT\Driver Signing
State: Enabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Explo rer
State: Enabled
GPO: EDUGLOALL-Corporate Mandatory User Policy-010
Setting: Software\Microsoft\Windows \CurrentVe rsion\Poli cies\Explo rer
State: Enabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Policies\Microsof t\Windows NT\SharedFolders
State: Enabled
GPO: EDUGLOALL-Corporate Mandatory User Policy-010
Setting: Software\Policies\Microsof t\Windows\ Group Policy Editor
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Outlook Express
State: Enabled
Folder Redirection
------------------
N/A
Internet Explorer Browser User Interface
-------------------------- ---------- ----
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Large Animated Bitmap Name: N/A
Large Custom Logo Bitmap Name: N/A
Title BarText: N/A
UserAgent Text: N/A
Delete existing toolbar buttons: No
Internet Explorer Connection
-------------------------- --
HTTP Proxy Server: N/A
Secure Proxy Server: N/A
FTP Proxy Server: N/A
Gopher Proxy Server: N/A
Socks Proxy Server: N/A
Auto Config Enable: No
Enable Proxy: Yes
Use same Proxy: No
HTTP Proxy Server: N/A
Secure Proxy Server: N/A
FTP Proxy Server: N/A
Gopher Proxy Server: N/A
Socks Proxy Server: N/A
Auto Config Enable: No
Enable Proxy: Yes
Use same Proxy: No
Internet Explorer URLs
----------------------
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Home page URL: N/A
Search page URL: N/A
Online support page URL: N/A
URL: http://centrecourt.harcourt.com
Make Available Offline: No
URL: http://arena
Make Available Offline: No
URL: http://centrecourt.harcourt.com
Make Available Offline: No
URL: http://www.harcourt.com
Make Available Offline: No
Internet Explorer Security
--------------------------
Always Viewable Sites: N/A
Password Override Enabled: False
Always Viewable Sites: N/A
Password Override Enabled: False
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Import the current Content Ratings Settings: No
Import the current Security Zones Settings: No
Import current Authenticode Security Information: No
Enable trusted publisher lockdown: No
Internet Explorer Programs
--------------------------
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Import the current Program Settings: No
** Thanks so much for your help **
Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 10/12/2007 at 8:57:00 AM
RSOP results for EDU\dimasrt on SDGDIMASRT001 : Logging Mode
--------------------------
OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: EDU
Domain Type: Windows 2000
Site Name: HTPSDG
Roaming Profile:
Local Profile: C:\Documents and Settings\dimasrt
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=SDGDIMASRT001,OU=Develo
Last time Group Policy was applied: 10/12/2007 at 8:08:59 AM
Group Policy was applied from: htpsdgdcxp001.edu.regn.net
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
--------------------------
EDUGLOALL-Corporate Mandatory Domain Policy-010
EDUGLOALL-Corporate Mandatory Computer Policy-010
EDUHRWALL-Flexible Laptop Developer Policy-001
EDUGLOALL-Corporate Flexible Computer Policy-010
EDUGLOALL-Corporate Flexible EFS Policy-010
EDUGLOALL-Vista Workstation Policy-001
Default Domain Policy
Local Group Policy
The computer is a part of the following security groups:
--------------------------
BUILTIN\Administrators
Everyone
Debugger Users
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
Resultant Set Of Policies for Computer:
--------------------------
Software Installations
----------------------
N/A
Startup Scripts
---------------
N/A
Shutdown Scripts
----------------
N/A
Account Policies
----------------
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Policy: MinimumPasswordAge
Computer Setting: N/A
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Policy: PasswordHistorySize
Computer Setting: 5
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Policy: LockoutDuration
Computer Setting: 30
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Policy: ResetLockoutCount
Computer Setting: 30
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Policy: MinimumPasswordLength
Computer Setting: 7
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Policy: LockoutBadCount
Computer Setting: 5
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Policy: MaximumPasswordAge
Computer Setting: 60
Audit Policy
------------
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Policy: AuditPolicyChange
Computer Setting: Success, Failure
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Policy: AuditPrivilegeUse
Computer Setting: Failure
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Policy: AuditAccountLogon
Computer Setting: Success, Failure
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Policy: AuditAccountManage
Computer Setting: Success, Failure
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Policy: AuditLogonEvents
Computer Setting: Failure
User Rights
-----------
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Policy: DenyRemoteInteractiveLogon
Computer Setting: EDU\EDU-Service Accounts
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Policy: ChangeNotifyPrivilege
Computer Setting: Administrators
Backup Operators
Power Users
Users
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Policy: ProfileSingleProcessPrivil
Computer Setting: Administrators
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Policy: LoadDriverPrivilege
Computer Setting: Administrators
Power Users
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Policy: InteractiveLogonRight
Computer Setting: Administrators
Backup Operators
Power Users
Users
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Policy: NetworkLogonRight
Computer Setting: Administrators
Backup Operators
Power Users
Users
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Policy: DenyInteractiveLogonRight
Computer Setting: EDU\EDU-Service Accounts
Security Options
----------------
GPO: Default Domain Policy
Policy: RequireLogonToChangePasswo
Computer Setting: Not Enabled
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Policy: EnableGuestAccount
Computer Setting: Not Enabled
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Policy: PasswordComplexity
Computer Setting: Enabled
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Policy: ForceLogoffWhenHourExpire
Computer Setting: Enabled
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Policy: LSAAnonymousNameLookup
Computer Setting: Enabled
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Policy: ClearTextPassword
Computer Setting: Not Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Policy: NewAdministratorName
Computer Setting: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Policy: NewGuestName
Computer Setting: Enabled
Event Log Settings
------------------
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Policy: MaximumLogSize
Computer Setting: 8192
Log Name: Security
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Policy: MaximumLogSize
Computer Setting: 8192
Log Name: System
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Policy: RetentionDays
Computer Setting: 0
Log Name: Application
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Policy: MaximumLogSize
Computer Setting: 8192
Log Name: Application
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Policy: RetentionDays
Computer Setting: 0
Log Name: System
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Policy: RetentionDays
Computer Setting: 0
Log Name: Security
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Policy: RestrictGuestAccess
Computer Setting: Enabled
Log Name: System
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Policy: RestrictGuestAccess
Computer Setting: Enabled
Log Name: Application
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Policy: RestrictGuestAccess
Computer Setting: Enabled
Log Name: Security
Restricted Groups
-----------------
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Groupname: Administrators
Members: EDU\EDU-Child Domain Administrator
EDU\HRW-ALL Client Administrators
EDU\HRW-ALL Down Level OU Administrators
EDU\HRW-GPO ALL Developers
System Services
---------------
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
ServiceName: wuauserv
Startup: Automatic
Registry Settings
-----------------
N/A
File System Settings
--------------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: disabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Vista Workstation Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Vista Workstation Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: Local Group Policy
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Vista Workstation Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: disabled
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Vista Workstation Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Vista Workstation Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Vista Workstation Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: Local Group Policy
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Vista Workstation Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Vista Workstation Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Setting: SOFTWARE\Microsoft\Windows
State: Enabled
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Setting: Software\Microsoft\Windows
State: Enabled
GPO: EDUGLOALL-Vista Workstation Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: disabled
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Flexible Computer Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Mandatory Domain Policy-010
Setting: Software\Microsoft\Windows
State: Enabled
GPO: EDUGLOALL-Vista Workstation Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Mandatory Computer Policy-010
Setting: Software\Policies\Microsof
State: Enabled
USER SETTINGS
--------------
CN=Dimas\, Rafael T. (HTP-SDG),OU=EXCH,OU=SDG,O
Last time Group Policy was applied: 10/12/2007 at 8:21:34 AM
Group Policy was applied from: htpsdgdcxp001.edu.regn.net
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
--------------------------
EDUGLOALL-Corporate Mandatory User Policy-010
EDUHRWALL-Flexible Desktop Services User Policy-001
EDUGLOALL-Corporate Flexible User Account Policy-010
EDUGLOALL-Corporate Flexible All User Policy-010
Default Domain Policy
Local Group Policy
The following GPOs were not applied because they were filtered out
--------------------------
EDUGLOALL-Corporate Mandatory Domain Policy-010
Filtering: Disabled (GPO)
The user is a part of the following security groups:
--------------------------
Everyone
BUILTIN\Users
BUILTIN\Administrators
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
Resultant Set Of Policies for User:
--------------------------
Software Installations
----------------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Flexible All User Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Mandatory User Policy-010
Setting: Software\Policies\Microsof
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: disabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows
State: disabled
GPO: EDUGLOALL-Corporate Mandatory User Policy-010
Setting: Software\Microsoft\Windows
State: Enabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Microsoft\Windows
State: Enabled
GPO: EDUGLOALL-Corporate Flexible All User Policy-010
Setting: Software\Microsoft\Windows
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: Local Group Policy
Setting: Software\Microsoft\Windows
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: disabled
GPO: Local Group Policy
Setting: Software\Microsoft\Windows
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Flexible All User Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows
State: disabled
GPO: EDUGLOALL-Corporate Mandatory User Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Flexible All User Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Mandatory User Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows
State: disabled
GPO: EDUGLOALL-Corporate Flexible All User Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows
State: Enabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Microsoft\Windows
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows
State: disabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: Local Group Policy
Setting: Software\Microsoft\Windows
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Windows
State: disabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Policies\Microsof
State: disabled
GPO: Local Group Policy
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Microsoft\Windows
State: Enabled
GPO: EDUGLOALL-Corporate Mandatory User Policy-010
Setting: Software\Microsoft\Windows
State: Enabled
GPO: EDUGLOALL-Corporate Flexible User Account Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUGLOALL-Corporate Mandatory User Policy-010
Setting: Software\Policies\Microsof
State: Enabled
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Setting: Software\Microsoft\Outlook
State: Enabled
Folder Redirection
------------------
N/A
Internet Explorer Browser User Interface
--------------------------
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Large Animated Bitmap Name: N/A
Large Custom Logo Bitmap Name: N/A
Title BarText: N/A
UserAgent Text: N/A
Delete existing toolbar buttons: No
Internet Explorer Connection
--------------------------
HTTP Proxy Server: N/A
Secure Proxy Server: N/A
FTP Proxy Server: N/A
Gopher Proxy Server: N/A
Socks Proxy Server: N/A
Auto Config Enable: No
Enable Proxy: Yes
Use same Proxy: No
HTTP Proxy Server: N/A
Secure Proxy Server: N/A
FTP Proxy Server: N/A
Gopher Proxy Server: N/A
Socks Proxy Server: N/A
Auto Config Enable: No
Enable Proxy: Yes
Use same Proxy: No
Internet Explorer URLs
----------------------
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Home page URL: N/A
Search page URL: N/A
Online support page URL: N/A
URL: http://centrecourt.harcourt.com
Make Available Offline: No
URL: http://arena
Make Available Offline: No
URL: http://centrecourt.harcourt.com
Make Available Offline: No
URL: http://www.harcourt.com
Make Available Offline: No
Internet Explorer Security
--------------------------
Always Viewable Sites: N/A
Password Override Enabled: False
Always Viewable Sites: N/A
Password Override Enabled: False
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Import the current Content Ratings Settings: No
Import the current Security Zones Settings: No
Import current Authenticode Security Information: No
Enable trusted publisher lockdown: No
Internet Explorer Programs
--------------------------
GPO: EDUHRWALL-Flexible Desktop Services User Policy-001
Import the current Program Settings: No
According to that policy you have Administrators set on the PC to the following groups:
Restricted Groups
-----------------
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Groupname: Administrators
Members: EDU\EDU-Child Domain Administrator
EDU\HRW-ALL Client Administrators
EDU\HRW-ALL Down Level OU Administrators
EDU\HRW-GPO ALL Developers
Now on any computer on which this is applied those users in those groups will be the ONLY local administrators on that machine.
As you can see with the results of that user:
The user is a part of the following security groups:
-------------------------- ---------- ---------- ------
Everyone
BUILTIN\Users
BUILTIN\Administrators
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
That user is NOT a part of any of the groups that are a part of restricted groups. After any reboot this user will not be a local administrator on any PC in which that particular policy is applied.
If you are trying to give individual access to specific users to specific machines as local admin you cannot specify restricted groups. If you do use restricted groups then you have to add the users that you want to have local admin access to one of those groups. If you do that they will have local admin to every PC that the policy is applied to.
Let me know if this helps.
Restricted Groups
-----------------
GPO: EDUHRWALL-Flexible Laptop Developer Policy-001
Groupname: Administrators
Members: EDU\EDU-Child Domain Administrator
EDU\HRW-ALL Client Administrators
EDU\HRW-ALL Down Level OU Administrators
EDU\HRW-GPO ALL Developers
Now on any computer on which this is applied those users in those groups will be the ONLY local administrators on that machine.
As you can see with the results of that user:
The user is a part of the following security groups:
--------------------------
Everyone
BUILTIN\Users
BUILTIN\Administrators
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
That user is NOT a part of any of the groups that are a part of restricted groups. After any reboot this user will not be a local administrator on any PC in which that particular policy is applied.
If you are trying to give individual access to specific users to specific machines as local admin you cannot specify restricted groups. If you do use restricted groups then you have to add the users that you want to have local admin access to one of those groups. If you do that they will have local admin to every PC that the policy is applied to.
Let me know if this helps.
ASKER
I see what you are referring to but in Active Directory, both myself and the clients that I'm providing support for are members of the HRW-GPO All Developers group. Our computers are in in the HRW-GPO All Developer Computers group as well.
What I'm being told is that since I'm a member of HRW-GPO All Developers, and that group is a member of the Administrators group on the computer, that I should be fine. And technically, I am. I have administrative privileges on the computer. But I'm still not truly a "user" on the computer. Yes, I have permissions to do whatever I want for the most part, but it still doesn't correct the issue of users and myself being removed from the User Accounts.
Of course, it's Friday so it's time for everyone to go home and have a super weekend. Thanks for your help this week - I really appreciate it and I hope to hear back from you or perhaps let you know that we came up with a solution over the weekend. We'll enter more comments in on Monday.
What I'm being told is that since I'm a member of HRW-GPO All Developers, and that group is a member of the Administrators group on the computer, that I should be fine. And technically, I am. I have administrative privileges on the computer. But I'm still not truly a "user" on the computer. Yes, I have permissions to do whatever I want for the most part, but it still doesn't correct the issue of users and myself being removed from the User Accounts.
Of course, it's Friday so it's time for everyone to go home and have a super weekend. Thanks for your help this week - I really appreciate it and I hope to hear back from you or perhaps let you know that we came up with a solution over the weekend. We'll enter more comments in on Monday.
Is the user that you used to create the group policy results a part of that group because according to the results that user is not. I was looking for the results of someone (part of the HRW-GPO All Developers group) who is "supposed" to be a local admin, and on a computer that is supposed to apply the restrictive groups to it.
Hmmm.... all I can think of is to temporarily disable your restrictive groups policy and see if you still have the same issue. If you cannot there is a way to test it out using security filtering.
Make the test user and test computer a part of a test group and set that group as DENY on apply group policy for the policies you want to exclude. This may help you determine if there is a policy causing your issue. I would test any policy with restrictive groups to see if you can eliminate the problem.
A few suggestions to help you. Let me know if you have any breakthroughs :)
Hmmm.... all I can think of is to temporarily disable your restrictive groups policy and see if you still have the same issue. If you cannot there is a way to test it out using security filtering.
Make the test user and test computer a part of a test group and set that group as DENY on apply group policy for the policies you want to exclude. This may help you determine if there is a policy causing your issue. I would test any policy with restrictive groups to see if you can eliminate the problem.
A few suggestions to help you. Let me know if you have any breakthroughs :)
ASKER
I'm not getting much feedback from the folks here. Nor am I seeing great positive changes on my end. My computer and account was moved to a different container and it works fine now, i.e., I am an admin and have not been removed from the group in over a week. However, I still have admins that are being removed and placed in debugger groups or being removed completely from all groups. I've pretty much given up all hope. Is there someway I can just give you the points for this ticket without a solution? I really don't know what to do to resolve this nasty situation.
Well I am not sure I ave never awarded points since I just started this account 2 months ago. But I would try as a last resort removing any policies with restrictive groups and just trying a test scenario of creating such a policy before you send it out to everyone. If you moved yourself to another OU and there is no problem then there must be another policy causing the problem.
Sorry if I could sit and see your policies in the console I could probably figure it out. But my best advice to you is to try this:
Try setting up an OU and Block inheritance. Then assign the user and computer to the OU you want to test. Then apply policies one at a time and testing your problem each time to see if you can recreate it. If you can recreate it then you will find which policy is casing the issue. Once you know that you should be able to figure out your issue (Or delete that policy and start from scratch)
I hope that helps. If you have many group policies set up in different OU's sometimes it is just one policy that causes so much headache.
Sorry if I could sit and see your policies in the console I could probably figure it out. But my best advice to you is to try this:
Try setting up an OU and Block inheritance. Then assign the user and computer to the OU you want to test. Then apply policies one at a time and testing your problem each time to see if you can recreate it. If you can recreate it then you will find which policy is casing the issue. Once you know that you should be able to figure out your issue (Or delete that policy and start from scratch)
I hope that helps. If you have many group policies set up in different OU's sometimes it is just one policy that causes so much headache.
ASKER
Okay, so here's what we did. We added "a" new computer name to a different client container and added the computer to the same groups as the previous computer. Then re-named the "bad" computer to the new computer name and added it to the domain. Restarted of course. Added the user back as an admin. Restarted. Did a gpupdate /force and now the user is fine. ??? Problem is, I've got several computers in that state - but - if that fixes it. . .
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.