palmtek
asked on
SBS User Security Property Page, Changes disapear next day
Hi,
When making changes to the User account, security property page, on a Microsoft Small Business Server 2003, the changes that are made are gone the next day. If I add a user account and assign "send as", or even if I change an existing account or group object, the changes are saved for a while, i.e. I can close it, open it immediately, and the changes are still there. But if I open it the next day all changes are gone. The user accounts are in the default OU.
When making changes to the User account, security property page, on a Microsoft Small Business Server 2003, the changes that are made are gone the next day. If I add a user account and assign "send as", or even if I change an existing account or group object, the changes are saved for a while, i.e. I can close it, open it immediately, and the changes are still there. But if I open it the next day all changes are gone. The user accounts are in the default OU.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
For one thing, it's enough if the user has been at some point a member of an administrative group; check the second article, there's an issue with resetting the inheritance flag.
Then out of experience, it seems that the Power Users falls under the "protected groups" as well (but I can't find official documentation, only cases in which it helped to remove the user from the Power Users group); so try this if the inheritance issue doesn't apply.
Then out of experience, it seems that the Power Users falls under the "protected groups" as well (but I can't find official documentation, only cases in which it helped to remove the user from the Power Users group); so try this if the inheritance issue doesn't apply.
ASKER
oBdA, Have you ever tried removing inheritance from a user object before as a workaround to this problem or does not matter?
Well, inheritance is automatically removed from the protected accounts ...
The issue above is that the inheritance isn't in all cases automatically turned on again after a user has been removed from all protected groups, so protecting an account that doesn't need it anymore. The second article has a script to correct that.
The issue above is that the inheritance isn't in all cases automatically turned on again after a user has been removed from all protected groups, so protecting an account that doesn't need it anymore. The second article has a script to correct that.
ASKER
The first tid you cited looks like the answer but there are no administrative groups in this account.
The user belongs to these groups.
Power Users
Domain Users
"domainname group"
"domainname group" (distribution list group)
Internet Users
Mobile Users
Remote Web Workplace Users